I've identified several UR1 and UR2 resource classes defined within Broadcom
Top Secret (TSS), and they
appear to be configured for use. I'd like to confirm whether these resources
are actually being accessed.
I reached out to Broadcom, and they provided guidance on enabling audit
tracking and generating reports
using TSSUTIL. According to those reports, there is no indication that the
UR1/UR2 classes are currently
being used-but I'd like independent verification.
To test this, I've obtained a sample program that is intended to access a UR1
or UR2 resource. The
expectation is that executing this program would trigger a security access
attempt (either permitted or
denied), which should then appear in the TSSUTIL report.
However, the program is abending with an S0C4, and my assembler experience is
limited-I can't determine
the root cause. I suspect the issue may lie in the RACROUTE setup or how the
parameters are being passed.
Would someone be able to review the program and verify whether the RACROUTE is
defined correctly or if
any required setup is missing?
Any assistance would be greatly appreciated.
Sample Program:
//ASM EXEC PGM=ASMA90,PARM=OBJ
//SYSLIB DD DSN=SYS1.MACLIB,DISP=SHR
// DD DSN=SYS1.MODGEN,DISP=SHR
// DD DSN=SYSI.TSS16.CAKOMAC0,DISP=SHR
// DD DSN=SYS2.XXXXXX.MACLIB,DISP=SHR
//SYSUT1 DD DSN=&&SYSUT1,UNIT=SYSDA,SPACE=(1700,(600,100))
//SYSUT2 DD DSN=&&SYSUT2,UNIT=SYSDA,SPACE=(1700,(300,50))
//SYSUT3 DD DSN=&&SYSUT3,UNIT=SYSDA,SPACE=(1700,(300,50))
//SYSPRINT DD SYSOUT=*
//SYSPUNCH DD DUMMY
//SYSLIN DD DSN=&&OBJSET,UNIT=SYSDA,SPACE=(80,(200,50)),
// DISP=(MOD,PASS)
//SYSIN DD *
URTEST CSECT
URTEST AMODE 31
URTEST RMODE ANY
R0 EQU 0
R1 EQU 1
R2 EQU 2
R3 EQU 3
R4 EQU 4
R5 EQU 5
R6 EQU 6
R7 EQU 7
R8 EQU 8
R9 EQU 9
R10 EQU 10
R11 EQU 11
R12 EQU 12
R13 EQU 13
R14 EQU 14
R15 EQU 15
STM 14,12,12(13) SAVE CALLER'S REGISTERS
LR R12,R15
USING URTEST,R12
LA R3,SAVEAREA POINT TO OUR SAVEAREA
ST R13,4(R3) BACK-CHAIN
ST R3,8(R13) FORWARD-CHAIN
LR R13,R3 SET R13 = OUR SAVEAREA
*-- SET POINTER TO ENTITY (FIXED)
LA R1,ENTITY
RACROUTE REQUEST=AUTH,ENTITY=(R1),CLASS='UR2',ATTR=READ, X
WORKA=WORKAREA
* STATUS=ACCESS,WORKA=WORKAREA
*-- SAVE RETURN AND REASON CODES
ST R15,RC
ST R0,RSN
*-- RESTORE AND RETURN
L R13,4(R13)
LM 14,12,12(13)
L R15,RC
BR R14
*-------------------------------------------------------------------
SAVEAREA DS 18F STANDARD 72-BYTE SAVEAREA
RC DC F'0'
RSN DC F'0'
WORKAREA DS CL100 RACROUTE WORKAREA
ENTITY DC C'APP.DATA' RESOURCE NAME
DC X'00' NULL TERMINATOR (OPTIONAL)
ENTPTR DC A(ENTITY) POINTER TO ENTITY NAME
LTORG
END
//*
//LINK EXEC PGM=IEWL,PARM=('AMODE=31','RMODE=ANY')
//SYSLIN DD DSN=&&OBJSET,DISP=(OLD,DELETE)
// DD DDNAME=SYSIN
//SYSLMOD DD DISP=SHR,DSN=XXXXXX.LINKLIB
//*
//SYSUT1 DD DSN=&&SYSUT1,UNIT=SYSDA,SPACE=(1024,(50,20))
//SYSPRINT DD SYSOUT=*
//*
//SYSIN DD *
NAME TSSUSR12(R)
//*
//JS020 EXEC PGM=TSSUSR12
//*ABNLIGNR DD DUMMY
//STEPLIB DD DISP=SHR,DSN=XXXXXX.LINKLIB
//SYSUDUMP DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//
Thank You
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
