Page MenuHomeFreeBSD

audit(4): Add tests for all audit events of open(2) and openat(2)

Authored by aniketp on Jun 4 2018, 12:04 AM.



The following changes introduce a new test-program open, which contains the tests for
open(2) and openat(2) system calls in various opening mode:

  • 72:AUE_OPEN_R:open(2) - read:fr
  • 73:AUE_OPEN_RC:open(2) - read,creat:fc,fr,fa,fm
  • 74:AUE_OPEN_RT:open(2) - read,trunc:fd,fr,fa,fm
  • 75:AUE_OPEN_RTC:open(2) - read,creat,trunc:fc,fd,fr,fa,fm
  • 76:AUE_OPEN_W:open(2) - write:fw
  • 77:AUE_OPEN_WC:open(2) - write,creat:fc,fw,fa,fm
  • 78:AUE_OPEN_WT:open(2) - write,trunc:fd,fw,fa,fm
  • 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw,fa,fm
  • 80:AUE_OPEN_RW:open(2) - read,write:fr,fw
  • 81:AUE_OPEN_RWC:open(2) - read,write,creat:fc,fw,fr,fa,fm
  • 82:AUE_OPEN_RWT:open(2) - read,write,trunc:fd,fr,fw,fa,fm
  • 83:AUE_OPEN_RWTC:open(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm

Similarly for openat(2) as well:

  • 270:AUE_OPENAT_R:openat(2) - read:fr
  • 271:AUE_OPENAT_RC:openat(2) - read,creat:fc,fr,fa,fm
  • 272:AUE_OPENAT_RT:openat(2) - read,trunc:fd,fr,fa,fm
  • 273:AUE_OPENAT_RTC:openat(2) - read,creat,trunc:fc,fd,fr,fa,fm
  • 274:AUE_OPENAT_W:openat(2) - write:fw
  • 275:AUE_OPENAT_WC:openat(2) - write,creat:fc,fw,fa,fm
  • 276:AUE_OPENAT_WT:openat(2) - write,trunc:fd,fw,fa,fm
  • 277:AUE_OPENAT_WTC:openat(2) - write,creat,trunc:fc,fd,fw,fa,fm
  • 278:AUE_OPENAT_RW:openat(2) - read,write:fr,fw
  • 279:AUE_OPENAT_RWC:openat(2) - read,write,create:fc,fw,fr,fa,fm
  • 280:AUE_OPENAT_RWT:openat(2) - read,write,trunc:fd,fw,fr,fa,fm
  • 281:AUE_OPENAT_RWTC:openat(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm

Note: Testing all possible combinations of audit events in success and failure mode of
open(2) and openat(2) would have required 192 test cases. In order to limit the number
test-cases and test only the most important aspects, the audit classes have been restricted
to fr and fw only.

Test Plan

Execute make && make install from test/sys/audit.
Execute kyua test from /usr/tests/sys/audit. All testcases should succeed.

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

aniketp created this revision.Jun 4 2018, 12:04 AM
aniketp updated this revision to Diff 43296.Jun 4 2018, 12:06 AM
  • Add the missing open.c source file

It looks ok, but it's incredibly repetitive. Do you think you could find a way to simplify it? One way would be to write macros to generate the individual test cases. libexec/tftpd/tests/functional.c takes that approach.

aniketp updated this revision to Diff 43324.Jun 5 2018, 12:09 AM
  • Update the test program to use macros for generating test cases

What happened to matching strings like read,create in the regex?

aniketp updated this revision to Diff 43325.Jun 5 2018, 1:46 AM
  • Include the specific regexes for individual audit events
aniketp updated this revision to Diff 43326.Jun 5 2018, 1:48 AM
  • Formatting corrections
aniketp updated this revision to Diff 43327.Jun 5 2018, 1:57 AM
  • Correct the format specifier of flag in test case description

No functional change

asomers added inline comments.Jun 5 2018, 2:10 PM
67 ↗(On Diff #43327)

Printing the flags in hex isn't very helpful. Can you print them symbolically instead? Displaying them in ORed form should be fine.

aniketp updated this revision to Diff 43340.Jun 5 2018, 6:49 PM

Stringify the 'flag' macro argument using # preprocessing operator

asomers added inline comments.Jun 5 2018, 7:12 PM
67 ↗(On Diff #43327)

They're displayed correctly now, but the grammer is off. How about "... call with flags = %s" ?

aniketp updated this revision to Diff 43341.Jun 5 2018, 7:39 PM

Update the test case description format

This revision was not accepted when it landed; it landed in state Needs Review.Jun 5 2018, 8:13 PM
This revision was automatically updated to reflect the committed changes.