int main (int argc, const char *argv[])
{
int suid = (getuid() != geteuid());
if (argc != 2) {
printf ("usage: audit_test <audit file>\n");
return 1;
}
int fd = open (argv[1], O_RDWR | O_CREAT, 0600);
if (fd < 0) {
perror (argv[1]);
return 1;
}
close(fd);
if (auditctl (argv[1])) {
perror ("auditctl");
return 1;
}
auditinfo_t ai;
memset (&ai, 0, sizeof (auditinfo_t));
ai.ai_auid = getuid();
ai.ai_asid = getpid();
ai.ai_mask.am_failure = AU_PROCESS | AU_FCREATE | AU_FACCESS |
AU_FMODIFY | AU_FREAD | AU_FWRITE | AU_FCREATE | AU_FDELETE;
if (setaudit (&ai)) {
perror ("setaudit");
return 1;
}
if (suid)
setuid (getuid());
execl ("/bin/bash", "-bash", NULL);
perror ("bash");
return 1;
}
/*ARGSUSED1*/
int
auditsys(struct auditcalls *uap, rval_t *rvp)
{
int err;
int result = 0;
if (audit_active == C2AUDIT_DISABLED)
return (ENOTSUP);
switch (uap->code) {
case BSM_GETAUID:
result = getauid((caddr_t)uap->a1);
break;
case BSM_SETAUID:
result = setauid((caddr_t)uap->a1);
break;
case BSM_GETAUDIT:
result = getaudit((caddr_t)uap->a1);
break;
case BSM_GETAUDIT_ADDR:
result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_SETAUDIT:
result = setaudit((caddr_t)uap->a1);
break;
case BSM_SETAUDIT_ADDR:
result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITCTL:
result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3);
break;
case BSM_AUDIT:
if (audit_active == C2AUDIT_UNLOADED)
return (0);
result = audit((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITDOOR:
if (audit_active == C2AUDIT_LOADED) {
result = auditdoor((int)uap->a1);
break;
}
default:
if (audit_active == C2AUDIT_LOADED) {
result = EINVAL;
break;
}
/* Return a different error when not privileged */
err = secpolicy_audit_config(CRED());
if (err == 0)
return (EINVAL);
else
return (err);
}
rvp->r_vals = result;
return (result);
}
int
_auditsys(struct auditcalls *uap, rval_t *rvp)
{
int result = 0;
switch (uap->code) {
case BSM_GETAUID:
result = getauid((caddr_t)uap->a1);
break;
case BSM_SETAUID:
result = setauid((caddr_t)uap->a1);
break;
case BSM_GETAUDIT:
result = getaudit((caddr_t)uap->a1);
break;
case BSM_GETAUDIT_ADDR:
result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_SETAUDIT:
result = setaudit((caddr_t)uap->a1);
break;
case BSM_SETAUDIT_ADDR:
result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDIT:
result = audit((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITDOOR:
result = auditdoor((int)uap->a1);
break;
case BSM_AUDITCTL:
result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3);
break;
default:
result = EINVAL;
}
rvp->r_vals = result;
return (result);
}
