Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / refs/heads/factory-14778.B / . / debugd / src / helpers / audit_log_utils_test.cc
blob: 0828348e7c19ace19203638ac181b18c17a88a95 [file] [log] [blame]
// Copyright 2022 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <gtest/gtest.h>
#include <string>
#include "debugd/src/helpers/audit_log_utils.h"
namespace debugd {
namespace {
TEST(AuditLogUtilsTest, FilterAuditLine_TypeAvc) {
// Taken from /var/log/audit/audit.log
std::string line =
"type=AVC msg=audit(1642142055.386:35): avc: denied { getattr } for "
"pid=1012 comm=\"pvdisplay\" path=\"/dev/tpm0\" dev=\"devtmpfs\" "
"ino=1079 scontext=u:r:cros_spaced:s0 tcontext=u:object_r:tpm_device:s0 "
"tclass=chr_file permissive=0";
std::string input = line + " unknown_tag=value";
EXPECT_EQ(line, FilterAuditLine(input));
// Taken from `ausearch -i`
line =
"type=AVC msg=audit(01/14/22 15:34:15.379:6) : avc: denied { search } "
"for pid=989 comm=spaced dev=\"sysfs\" ino=15194 "
"scontext=u:r:cros_spaced:s0 tcontext=u:object_r:sysfs_loop:s0 "
"tclass=dir permissive=0";
input = line + " unknown_tag=value";
EXPECT_EQ(line, FilterAuditLine(input));
// Taken from `ausearch -i`
line =
"type=AVC msg=audit(01/14/22 15:34:20.570:56) : avc: granted { execute "
"} for pid=2363 comm=crash_reporter path=/sbin/crash_reporter "
"dev=\"dm-0\" ino=151005 scontext=u:r:cros_browser:s0 "
"tcontext=u:object_r:cros_crash_reporter_exec:s0 tclass=file";
input = line + " unknown_tag=value";
EXPECT_EQ(line, FilterAuditLine(input));
}
TEST(AuditLogUtilsTest, FilterAuditLine_TypeSyscall) {
// Taken from /var/log/audit/audit.log
std::string line =
"type=SYSCALL msg=audit(1642142055.379:10): arch=c000003e syscall=257 "
"success=no exit=-13 a0=ffffff9c a1=56080c7abbb0 a2=800 a3=0 ppid=1 "
"pid=989 auid=4294967295 uid=20181 gid=20181 euid=20181 suid=20181 "
"fsuid=20181 egid=20181 sgid=20181 fsgid=20181 ses=4294967295 "
"comm=\"spaced\" exe=\"/usr/sbin/spaced\" subj=u:r:cros_spaced:s0";
std::string input = line + " unknown_tag=value";
EXPECT_EQ(line, FilterAuditLine(input));
// Taken from `ausearch -i`
line =
"type=SYSCALL msg=audit(01/14/22 15:39:20.823:64) : arch=x86_64 "
"syscall=execve success=yes exit=0 a0=0x58b90baa8750 a1=0x58b90baa86c0 "
"a2=0x58b90baa8700 a3=0x30 ppid=1 pid=2392 auid=unset uid=root gid=root "
"euid=root suid=root fsuid=root egid=root sgid=root fsgid=root ses=unset "
"comm=periodic_schedu exe=/usr/bin/periodic_scheduler "
"subj=u:r:cros_periodic_scheduler:s0";
input = line + " unknown_tag=value";
EXPECT_EQ(line, FilterAuditLine(input));
}
TEST(AuditLogUtilsTest, FilterAuditLine_UnsupportedType) {
// Taken from /var/log/audit/audit.log
std::string line =
"type=DAEMON_START msg=audit(1642142055.120:5354): op=start ver=2.8.4 "
"auid=4294967295 pid=681 uid=0 ses=4294967295 subj=u:r:cros_auditd:s0 "
"res=success";
EXPECT_EQ("", FilterAuditLine(line));
// Taken from `ausearch -i`
line =
"type=DAEMON_END msg=audit(01/14/22 16:21:57.503:5355) : op=terminate "
"auid=root pid=1 subj=u:r:cros_init:s0 res=success";
EXPECT_EQ("", FilterAuditLine(line));
}
} // namespace
} // namespace debugd