1*8d741a5dSApple OSS Distributions #pragma clang diagnostic ignored "-Wdeprecated-declarations" 2*8d741a5dSApple OSS Distributions 3*8d741a5dSApple OSS Distributions #include <bsm/audit.h> 4*8d741a5dSApple OSS Distributions #include <bsm/audit_session.h> 5*8d741a5dSApple OSS Distributions #include <err.h> 6*8d741a5dSApple OSS Distributions #include <sysexits.h> 7*8d741a5dSApple OSS Distributions #include <unistd.h> 8*8d741a5dSApple OSS Distributions #include <errno.h> 9*8d741a5dSApple OSS Distributions #include <string.h> 10*8d741a5dSApple OSS Distributions 11*8d741a5dSApple OSS Distributions #include <darwintest.h> 12*8d741a5dSApple OSS Distributions #include <darwintest_utils.h> 13*8d741a5dSApple OSS Distributions 14*8d741a5dSApple OSS Distributions T_GLOBAL_META(T_META_RUN_CONCURRENTLY(true)); 15*8d741a5dSApple OSS Distributions 16*8d741a5dSApple OSS Distributions T_DECL(invalid_setaudit_57414044, 17*8d741a5dSApple OSS Distributions "Verify that auditing a setaudit_addr syscall which has an invalid " 18*8d741a5dSApple OSS Distributions "at_type field does not panic", 19*8d741a5dSApple OSS Distributions T_META_CHECK_LEAKS(false), T_META_TAG_VM_PREFERRED) 20*8d741a5dSApple OSS Distributions { 21*8d741a5dSApple OSS Distributions T_SETUPBEGIN; 22*8d741a5dSApple OSS Distributions 23*8d741a5dSApple OSS Distributions int cond, ret = auditon(A_GETCOND, &cond, sizeof(cond)); 24*8d741a5dSApple OSS Distributions if (ret == -1 && errno == ENOSYS) { 25*8d741a5dSApple OSS Distributions T_SKIP("no kernel support for auditing; can't test"); 26*8d741a5dSApple OSS Distributions } 27*8d741a5dSApple OSS Distributions T_ASSERT_POSIX_SUCCESS(ret, "auditon A_GETCOND"); 28*8d741a5dSApple OSS Distributions if (cond != AUC_AUDITING) { 29*8d741a5dSApple OSS Distributions T_SKIP("auditing is not enabled; can't test"); 30*8d741a5dSApple OSS Distributions } 31*8d741a5dSApple OSS Distributions 32*8d741a5dSApple OSS Distributions /* set up auditing to audit `setaudit_addr` */ 33*8d741a5dSApple OSS Distributions auditpinfo_addr_t pinfo_addr = {.ap_pid = getpid()}; 34*8d741a5dSApple OSS Distributions T_ASSERT_POSIX_SUCCESS(auditon(A_GETPINFO_ADDR, &pinfo_addr, sizeof(pinfo_addr)), NULL); 35*8d741a5dSApple OSS Distributions auditpinfo_t pinfo = {.ap_pid = getpid(), .ap_mask = pinfo_addr.ap_mask}; 36*8d741a5dSApple OSS Distributions pinfo.ap_mask.am_failure |= 0x800; /* man 5 audit_class */ 37*8d741a5dSApple OSS Distributions T_ASSERT_POSIX_SUCCESS(auditon(A_SETPMASK, &pinfo, sizeof(pinfo)), NULL); 38*8d741a5dSApple OSS Distributions 39*8d741a5dSApple OSS Distributions T_SETUPEND; 40*8d741a5dSApple OSS Distributions 41*8d741a5dSApple OSS Distributions struct auditinfo_addr a; 42*8d741a5dSApple OSS Distributions memset(&a, 0, sizeof(a)); 43*8d741a5dSApple OSS Distributions a.ai_termid.at_type = 999; 44*8d741a5dSApple OSS Distributions T_ASSERT_POSIX_FAILURE(setaudit_addr(&a, sizeof(a)), EINVAL, 45*8d741a5dSApple OSS Distributions "setaudit_addr should fail due to invalid at_type"); 46*8d741a5dSApple OSS Distributions } 47