#include <fcntl.h>
#include <unistd.h>
+#include <string.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <sys/stat.h>
#include <sys/sem.h>
#include <sys/shm.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <thread>
#include "group.h"
{
Display::printResult(Display::NONE, "Ipc group test start");
useIpc();
+ useSocket();
}
virtual ~IpcGroup()
std::string msgKeyPath("/tmp/msg_key");
int ret;
int msgKey, qid;
+ struct msqid_ds tmpbuf;
if (mkdir(msgKeyPath.c_str(), 0644) != 0) {
ret = Display::FAIL;
Display::printResult(Display::SUCCESS, "msgget(304) positive");
}
+ if (msgctl(qid, IPC_STAT, &tmpbuf) == -1) {
+ ret = Display::FAIL;
+ Display::printError();
+ } else {
+ if (msgctl(qid, IPC_SET, &tmpbuf) == -1) {
+ Display::printError();
+ Display::printResult(Display::FAIL, "IPC_SET operation positive");
+ } else {
+ Display::printResult(Display::SUCCESS, "IPC_SET operation positive");
+ }
+ }
+
if (msgctl(qid, IPC_RMID, NULL) == -1) {
ret = Display::FAIL;
Display::printError();
Display::printResult(ret, "shmctl(308) positive");
}
}
+
+ void useSocket() {
+ std::string sockaddr("/tmp/.audit-test.sock");
+ char buffer[100];
+ int fd = -1, cliFd = -1;
+ int recvlen = 0;
+ int backlog = 10;
+ struct sockaddr_un addr;
+ struct stat st;
+ std::thread client;
+
+ if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+ Display::printError();
+ Display::printResult(Display::FAIL, "useSocket positive");
+ return;
+ }
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ strncpy(addr.sun_path, sockaddr.c_str(), sizeof(sockaddr_un::sun_path));
+
+ if (bind(fd, reinterpret_cast<struct sockaddr *>(&addr), sizeof(struct sockaddr_un)) == -1) {
+ close(fd);
+ Display::printError();
+ Display::printResult(Display::FAIL, "useSocket positive");
+ return;
+ }
+
+ if (listen(fd, backlog) == -1) {
+ close(fd);
+ Display::printError();
+ Display::printResult(Display::FAIL, "useSocket positive");
+ return;
+ }
+
+ client = std::thread([&]() {
+ int clientFd = -1;
+ std::string message("audit socket event testing");
+
+ struct sockaddr_un serveraddr;
+ if ((clientFd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+ Display::printError();
+ return;
+ }
+
+ memset(&serveraddr, 0, sizeof(serveraddr));
+ serveraddr.sun_family = AF_UNIX;
+ strncpy(serveraddr.sun_path, sockaddr.c_str(), sizeof(sockaddr_un::sun_path));
+
+ if (connect(clientFd, reinterpret_cast<struct sockaddr *>(&serveraddr), sizeof(serveraddr)) == -1) {
+ close(clientFd);
+ Display::printError();
+ return;
+ }
+ send(clientFd, message.c_str(), message.size(), 0);
+
+ if (clientFd >= 0)
+ close(clientFd);
+ });
+
+ if ((cliFd = accept(fd, NULL, NULL)) == -1) {
+ close(fd);
+ Display::printError();
+ Display::printResult(Display::FAIL, "useSocket positive");
+ return;
+ }
+ memset(buffer, 0, sizeof(buffer));
+
+ if((recvlen = recv(cliFd, buffer, sizeof(buffer), 0)) == -1)
+ Display::printError();
+
+ if (recvlen > 0) {
+ Display::printResult(Display::NONE, std::string(buffer));
+ Display::printResult(Display::SUCCESS, "useSocket positive");
+ } else {
+ Display::printResult(Display::FAIL, "useSocket positive");
+ }
+
+ client.join();
+
+ if (cliFd >= 0)
+ close(cliFd);
+ if (fd >= 0)
+ close(fd);
+ if ((lstat(sockaddr.c_str(), &st) == 0) && (unlink(sockaddr.c_str()) != 0))
+ Display::printError();
+ }
};
GroupBuilder<IpcGroup> ipcGroup("Ipc");
#include <fcntl.h>
#include <unistd.h>
+#include <wait.h>
#include "group.h"
{
Display::printResult(Display::NONE, "MAC group test start");
changeMacPolicy();
+ makeSmackDeny();
}
virtual ~MacGroup()
Display::printResult(Display::SUCCESS, "/etc/nether access");
}
}
+
+ void makeSmackDeny() {
+ pid_t pid;
+ std::string testFile("/tmp/audit-test");
+ std::string writeString("test");
+ std::string commandString("chsmack -a test /tmp/audit-test");
+
+ int fd = -1;
+ fd = creat(testFile.c_str(), 0644);
+ if (fd < 0) {
+ Display::printError();
+ Display::printResult(Display::FAIL, "makeSmackDeny");
+ return;
+ }
+
+ if (system(commandString.c_str()) == -1) {
+ Display::printResult(Display::FAIL, "makeSmackDeny");
+ goto removeTestFile;
+ }
+
+
+ pid = fork();
+ if (pid == -1) {
+ Display::printResult(Display::FAIL, "makeSmackDeny");
+ Display::printError();
+ goto removeTestFile;
+ }
+
+ if (pid == 0) {
+ std::string command("cat /tmp/audit-test");
+ if (setuid(5001) == -1) {
+ Display::printError();
+ Display::printResult(Display::FAIL, "makeSmackDeny");
+ exit(0);
+ }
+
+ if (system(command.c_str()) == -1) {
+ Display::printError();
+ Display::printResult(Display::FAIL, "makeSmackDeny");
+ } else {
+ Display::printResult(Display::SUCCESS, "makeSmackDeny");
+ }
+
+ exit(0);
+ } else {
+ wait(NULL);
+ }
+
+ removeTestFile:
+ close(fd);
+ unlink(testFile.c_str());
+ }
};
GroupBuilder<MacGroup> macGroup("Mac");
debugging();
container();
executeCommands();
+ callExecve();
+ makeKillSignal();
}
virtual ~SystemGroup()
Display::printResult(ret, "execute /sbin/findfs");
}
+
+ static int childExecve(void *arg) {
+ int *ret = reinterpret_cast<int *>(arg);
+ std::string fileName("/usr/bin/pwd");
+ char *argv[] = {NULL};
+ char *envp[] = {NULL};
+ if (execve(fileName.c_str(), argv, envp) == -1) {
+ Display::printError();
+ *ret = -1;
+ }
+ return 0;
+ }
+
+ void callExecve() {
+ pid_t pid;
+ const int stacksize = 1024 * 1024;
+ void *childStack = malloc(stacksize);
+ int ret = 1;
+ if (childStack == NULL) {
+ Display::printError();
+ Display::printResult(Display::FAIL, "callExecve positive");
+ return;
+ }
+
+ if ((pid = clone(childExecve, (void *)((char *)childStack+ stacksize), SIGCHLD | CLONE_VM, &ret))< 0) {
+ Display::printError();
+ Display::printResult(Display::FAIL, "callExecve positive");
+ free(childStack);
+ return;
+ }
+
+ wait(NULL);
+ free(childStack);
+
+ if (ret == 1)
+ Display::printResult(Display::SUCCESS, "callExecve positive");
+ else
+ Display::printResult(Display::FAIL, "callExecve positive");
+ }
+
+ void makeKillSignal() {
+ pid_t pid;
+
+ pid = fork();
+ if (pid == -1) {
+ Display::printResult(Display::FAIL, "kill signal positive");
+ return;
+ }
+
+ if (pid == 0) {
+ sleep(10);
+ exit(0);
+ } else {
+ if (kill(pid, SIGKILL) == -1) {
+ Display::printError();
+ Display::printResult(Display::FAIL, "kill signal positive");
+ } else {
+ Display::printResult(Display::SUCCESS, "kill signal positive");
+ }
+ wait(NULL);
+ }
+ }
};
GroupBuilder<SystemGroup> systemGroup("System");
projects / platform / core / security / audit-trail.git / commitdiff