diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-30 21:30:39 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-30 21:30:39 +0300 |
| commit | f91ad2b5b4a17b6237c50a9501658310ab52362f (patch) | |
| tree | 6a9b1c8d4ae4a166c7b5180ac245030531f17654 /internal/generate/classify_test.go | |
| parent | cf0fc43651cb6bbf71d8f18a530c177dc7f717dd (diff) | |
test(request_key): lock in keyctl kind, security family, and unclassified return
Audit of request_key(2) found the tracing implementation already
correct and consistent with the man page and the prior keyctl audit
(task 7v): request_key classifies as KindKeyctl/FamilySecurity, the
BPF handler captures option=-2 sentinel and key_serial=dest_keyring
(args[3]) with no path/string capture of the const char *
type/description/callout_info key-metadata args, and the exit returns
a key serial / -1 that stays UNCLASSIFIED.
Strengthen the dedicated TestClassifyRequestKey beyond a bare kind
check to also assert PathnameField stays empty (string args are key
metadata, not paths), family is Security on enter and exit, and the
return is UNCLASSIFIED — bringing it to parity with the add_key
contrast assertion. No code/generated changes; mage generate produces
no diff.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diffstat (limited to 'internal/generate/classify_test.go')
| -rw-r--r-- | internal/generate/classify_test.go | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go index f9b8ee5..f438423 100644 --- a/internal/generate/classify_test.go +++ b/internal/generate/classify_test.go @@ -963,6 +963,18 @@ func TestClassifyAddKey(t *testing.T) { } } +// TestClassifyRequestKey locks in the request_key(2) classification: +// +// key_serial_t request_key(const char *type, const char *description, +// const char *callout_info, key_serial_t dest_keyring) +// +// type/description/callout_info are key metadata STRINGS (a key type name, a +// free-form description and optional callout payload), NOT filesystem paths, +// so the const char * args must not trip the pathname/open heuristics. The +// name-only table maps request_key to KindKeyctl before any field is +// inspected; the generated handler captures only the numeric dest_keyring +// (args[3]) plus the option=-2 sentinel, and the exit returns a key serial / +// -1 that is not a byte count (UNCLASSIFIED). func TestClassifyRequestKey(t *testing.T) { r := ClassifyFormat(&Format{ Name: "sys_enter_request_key", @@ -977,6 +989,21 @@ func TestClassifyRequestKey(t *testing.T) { if r.Kind != KindKeyctl { t.Errorf("request_key: got kind %d, want KindKeyctl", r.Kind) } + // The const char * type/description/callout_info args are key metadata, + // not paths — no path capture must be emitted for them. + if r.PathnameField != "" { + t.Errorf("request_key: got PathnameField %q, want empty (string args are key metadata, not paths)", r.PathnameField) + } + // Family: Security, alongside add_key/keyctl/lsm_*/seccomp siblings. + for _, prefix := range []string{"sys_enter_", "sys_exit_"} { + if fam := ClassifySyscallFamily(prefix + "request_key"); fam != FamilySecurity { + t.Errorf("%srequest_key: got family %s, want FamilySecurity", prefix, fam) + } + } + // Return value is a key serial / -1, never a byte transfer. + if got := ClassifyRet("sys_exit_request_key"); got != Unclassified { + t.Errorf("ClassifyRet(sys_exit_request_key) = %q, want UNCLASSIFIED", got) + } } // TestClassifyKeyctlAudit is a lock-in regression test for the keyctl(2) |