def test_02_set_no(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os.kill(os.getpid(), 0) os._exit(0) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD) # Loop until we get to the kill() system call as there's no # guarantee that other system calls won't be called beforehand. ev = -1 while ev != event.EVENT_EXIT_GENUINE: trace.syscall(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) if ev == event.EVENT_SYSCALL: scno = syscall.get_no(pid) name = syscall.name(scno) if name == 'kill': syscall.set_no(pid, syscall.INVALID) scno = syscall.get_no(pid) self.assertEqual(scno, syscall.INVALID) break try: trace.kill(pid) except OSError: pass
def test_03_get_ret_success(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os.kill(os.getpid(), 0) os._exit(0) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD) # Loop until we get to the kill() system call as there's no # guarantee that other system calls won't be called beforehand. ev = -1 insyscall = False while ev != event.EVENT_EXIT_GENUINE: trace.syscall(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) if ev == event.EVENT_SYSCALL: scno = syscall.get_no(pid) name = syscall.name(scno) if insyscall and name == 'kill': ret = syscall.get_ret(pid) self.assertEqual(ret, 0) if not insyscall: insyscall = True else: insyscall = False
def test_02_decode_max(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os.execvp('true', ('/dev/null', )) os._exit(0) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD) # Loop until we get to the open() system call as there's no # guarantee that other system calls won't be called beforehand. ev = -1 while ev != event.EVENT_EXIT_GENUINE: trace.syscall(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) if ev == event.EVENT_SYSCALL: scno = syscall.get_no(pid) name = syscall.name(scno) if name == 'execve': arg = syscall.get_arg(pid, 1) path = strarray.decode(pid, arg, 0, 9) self.assertEqual(path, '/dev/null') break try: trace.kill(pid) except OSError: pass
def test_03_encode(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) try: open('/dev/null', 'r') except IOError: os._exit(0) else: os._exit(1) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD) # Loop until we get to the open() system call as there's no # guarantee that other system calls won't be called beforehand. ev = -1 while ev != event.EVENT_EXIT_GENUINE: trace.syscall(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) if ev == event.EVENT_SYSCALL: scno = syscall.get_no(pid) name = syscall.name(scno) if name == 'open': string.encode(pid, 0, '/dev/NULL') self.assert_(os.WIFEXITED(status)) self.assertEqual(os.WEXITSTATUS(status), 0)
def test_02_decode_max(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os.execvp('true', ('/dev/null',)) os._exit(0) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD) # Loop until we get to the open() system call as there's no # guarantee that other system calls won't be called beforehand. ev = -1 while ev != event.EVENT_EXIT_GENUINE: trace.syscall(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) if ev == event.EVENT_SYSCALL: scno = syscall.get_no(pid) name = syscall.name(scno) if name == 'execve': arg = syscall.get_arg(pid, 1) path = strarray.decode(pid, arg, 0, 9) self.assertEqual(path, '/dev/null') break try: trace.kill(pid) except OSError: pass
def test_02_event_stop(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os._exit(0) else: # parent pid, status = os.waitpid(pid, 0) ev = event.decide(status) self.assertEqual(ev, event.EVENT_STOP) try: trace.kill(pid) except OSError: pass
def test_12_event_exit_signal(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os.kill(os.getpid(), signal.SIGKILL) else: # parent os.waitpid(pid, 0) trace.setup(pid) trace.cont(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) self.assertEqual(ev, event.EVENT_EXIT_SIGNAL) try: trace.kill(pid) except OSError: pass
def test_03_event_syscall(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) time.sleep(1) os._exit(0) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD) trace.syscall(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) self.assertEqual(ev, event.EVENT_SYSCALL) try: trace.kill(pid) except OSError: pass
def test_08_event_exec(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os.execvp("/bin/true", ("true",)) os._exit(0) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_EXEC) trace.cont(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) self.assertEqual(ev, event.EVENT_EXEC) try: trace.kill(pid) except OSError: pass
def test_10_event_genuine(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os.kill(os.getpid(), signal.SIGTSTP) os._exit(0) else: # parent os.waitpid(pid, 0) trace.setup(pid) trace.cont(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) self.assertEqual(ev, event.EVENT_GENUINE) try: trace.kill(pid) except OSError: pass
def test_09_event_exit(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os._exit(13) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_EXIT) trace.cont(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) self.assertEqual(ev, event.EVENT_EXIT) msg = trace.geteventmsg(pid) self.assertEqual(os.WEXITSTATUS(msg), 13) try: trace.kill(pid) except OSError: pass
def test_08_event_exec(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os.execvp("/bin/true", ("true", )) os._exit(0) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_EXEC) trace.cont(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) self.assertEqual(ev, event.EVENT_EXEC) try: trace.kill(pid) except OSError: pass
def test_04_event_fork(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) os.fork() os._exit(0) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_FORK) trace.cont(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) self.assertEqual(ev, event.EVENT_FORK) try: child = trace.geteventmsg(pid) trace.kill(child) trace.kill(pid) except OSError: pass
def test_06_set_ret_fail(self): pid = os.fork() if not pid: # child trace.me() os.kill(os.getpid(), signal.SIGSTOP) try: os.kill(os.getpid(), 0) except OSError: os._exit(0) else: os._exit(1) else: # parent os.waitpid(pid, 0) trace.setup(pid, trace.OPTION_SYSGOOD) # Loop until we get to the kill() system call as there's no # guarantee that other system calls won't be called beforehand. ev = -1 insyscall = False while ev != event.EVENT_EXIT_GENUINE: trace.syscall(pid) pid, status = os.waitpid(pid, 0) ev = event.decide(status) if ev == event.EVENT_SYSCALL: scno = syscall.get_no(pid) name = syscall.name(scno) if insyscall and name == 'kill': syscall.set_ret(pid, -errno.EPERM) if not insyscall: insyscall = True else: insyscall = False self.assert_(os.WIFEXITED(status)) self.assertEqual(os.WEXITSTATUS(status), 0)
def test_01_event_unknown(self): ev = event.decide(-1) self.assertEqual(ev, event.EVENT_UNKNOWN)