From bebc9c3a0440306bb553280557a4a823fc147cb7 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Sat, 30 May 2026 16:39:34 +0300 Subject: test(finit_module): lock in family and ret classification The finit_module audit (task 8t) confirmed the tracing implementation matches man 2 finit_module: KindFd with fd at args[0], param_values string never captured as a path, exit UNCLASSIFIED, and FamilySecurity alongside init_module/delete_module. No implementation discrepancies were found. Extend TestClassifyInitModuleVsFinitModule to also assert the previously-untested dimensions so the classification stays pinned: - finit_module captures no path (empty PathnameField), like init_module - both module-loading syscalls are FamilySecurity - both exits are UNCLASSIFIED (0/-1 return, no byte count) Co-Authored-By: Claude Opus 4.8 --- internal/generate/classify_test.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'internal/generate') diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go index f161ef8..9a17dd2 100644 --- a/internal/generate/classify_test.go +++ b/internal/generate/classify_test.go @@ -1342,6 +1342,21 @@ func TestClassifyInitModuleVsFinitModule(t *testing.T) { if r := classifyFromData(t, FormatInitModule); r.PathnameField != "" { t.Errorf("init_module: unexpected PathnameField %q, want empty", r.PathnameField) } + if r := classifyFromData(t, FormatFinitModule); r.PathnameField != "" { + t.Errorf("finit_module: unexpected PathnameField %q, want empty", r.PathnameField) + } + + // Both module-loading syscalls live in FamilySecurity (man 2 init_module: + // loading kernel code is a privileged, security-sensitive operation), and + // both return 0/-1 with no byte count, so their exits are UNCLASSIFIED. + for _, name := range []string{"init_module", "finit_module"} { + if fam := ClassifySyscallFamily("sys_enter_" + name); fam != FamilySecurity { + t.Errorf("%s: got family %s, want FamilySecurity", name, fam) + } + if got := ClassifyRet("sys_exit_" + name); got != Unclassified { + t.Errorf("ClassifyRet(sys_exit_%s) = %q, want UNCLASSIFIED", name, got) + } + } } func TestClassify87NameOnlyKinds(t *testing.T) { -- cgit v1.2.3