1 /*
2 * Copyright (c) 2024 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /* compile: xcrun -sdk macosx.internal clang -ldarwintest -o devfs_fdesc devfs_fdesc.c -g -Weverything */
30 /* sign: codesign --force --sign - --timestamp=none --entitlements devfs_fdesc.entitlements devfs_fdesc */
31
32 #include <darwintest.h>
33 #include <darwintest/utils.h>
34 #include <stdlib.h>
35 #include <fcntl.h>
36 #include <sys/param.h>
37 #include <sys/stat.h>
38 #include <sys/mount.h>
39 #include <unistd.h>
40
41 T_GLOBAL_META(
42 T_META_NAMESPACE("xnu.vfs"),
43 T_META_RADAR_COMPONENT_NAME("xnu"),
44 T_META_RADAR_COMPONENT_VERSION("vfs"),
45 T_META_ASROOT(false),
46 T_META_CHECK_LEAKS(false));
47
48 static int
docheck(int fd,int perm)49 docheck(int fd, int perm)
50 {
51 char path[MAXPATHLEN];
52
53 path[0] = '\0';
54 snprintf(path, sizeof(path), "/dev/fd/%d", fd);
55 errno = 0;
56
57 return access(path, perm);
58 }
59
60 /* The devfs_access test should not run as root */
61 T_DECL(devfs_fdesc_access, "Calculate the allowed access based on the open-flags for fdesc vnodes")
62 {
63 const char *path = "/dev/null";
64 int fd_rdonly, fd_wronly, fd_evtonly, fd_evtonly_drw;
65
66 if (geteuid() == 0) {
67 T_SKIP("Test should NOT run as root");
68 }
69
70 T_SETUPBEGIN;
71
72 T_ASSERT_POSIX_SUCCESS(fd_rdonly = open(path, O_RDONLY),
73 "Setup: Opening file with O_RDONLY permissions, fd_rdonly = %d",
74 fd_rdonly);
75
76 T_ASSERT_POSIX_SUCCESS(fd_wronly = open(path, O_WRONLY),
77 "Setup: Opening file with O_WRONLY permissions, fd_wronly = %d",
78 fd_wronly);
79
80 T_ASSERT_POSIX_SUCCESS(fd_evtonly = open(path, O_EVTONLY),
81 "Setup: Opening file with O_EVTONLY permissions, fd_evtonly = %d",
82 fd_evtonly);
83
84 T_ASSERT_POSIX_SUCCESS(setiopolicy_np(IOPOL_TYPE_VFS_DISALLOW_RW_FOR_O_EVTONLY,
85 IOPOL_SCOPE_PROCESS,
86 IOPOL_VFS_DISALLOW_RW_FOR_O_EVTONLY_ON),
87 "Setup: Disallowing RW for O_EVTONLY");
88
89 T_ASSERT_POSIX_SUCCESS(fd_evtonly_drw = open(path, O_EVTONLY),
90 "Setup: Opening file with O_EVTONLY permissions while RW is disabled, fd_evtonly_drw = %d",
91 fd_evtonly_drw);
92
93 T_SETUPEND;
94
95 T_LOG("Test rdonly-fd's access");
96 T_EXPECT_POSIX_SUCCESS(docheck(fd_rdonly, R_OK), "Testing R_OK permissions");
97 T_EXPECT_POSIX_FAILURE(docheck(fd_rdonly, W_OK), EACCES, "Testing W_OK permissions");
98 T_EXPECT_POSIX_FAILURE(docheck(fd_rdonly, R_OK | W_OK), EACCES, "Testing R_OK | W_OK permissions");
99 T_EXPECT_POSIX_FAILURE(docheck(fd_rdonly, X_OK), EACCES, "Testing X_OK permissions");
100
101 T_LOG("Test wronly-fd's access");
102 T_EXPECT_POSIX_FAILURE(docheck(fd_wronly, R_OK), EACCES, "Testing R_OK permissions");
103 T_EXPECT_POSIX_SUCCESS(docheck(fd_wronly, W_OK), "Testing W_OK permissions");
104 T_EXPECT_POSIX_FAILURE(docheck(fd_wronly, R_OK | W_OK), EACCES, "Testing R_OK | W_OK permissions");
105 T_EXPECT_POSIX_FAILURE(docheck(fd_wronly, X_OK), EACCES, "Testing X_OK permissions");
106
107 T_LOG("Test evtonly-fd's access");
108 T_EXPECT_POSIX_SUCCESS(docheck(fd_evtonly, R_OK), "Testing R_OK permissions");
109 T_EXPECT_POSIX_FAILURE(docheck(fd_evtonly, W_OK), EACCES, "Testing W_OK permissions");
110 T_EXPECT_POSIX_FAILURE(docheck(fd_evtonly, R_OK | W_OK), EACCES, "Testing R_OK | W_OK permissions");
111 T_EXPECT_POSIX_FAILURE(docheck(fd_evtonly, X_OK), EACCES, "Testing X_OK permissions");
112
113 T_LOG("Test evtonly-drw-fd's access");
114 T_EXPECT_POSIX_FAILURE(docheck(fd_evtonly_drw, R_OK), EACCES, "Testing R_OK permissions");
115 T_EXPECT_POSIX_FAILURE(docheck(fd_evtonly_drw, W_OK), EACCES, "Testing W_OK permissions");
116 T_EXPECT_POSIX_FAILURE(docheck(fd_evtonly_drw, R_OK | W_OK), EACCES, "Testing R_OK | W_OK permissions");
117 T_EXPECT_POSIX_FAILURE(docheck(fd_evtonly_drw, X_OK), EACCES, "Testing X_OK permissions");
118
119 /* Close open file descriptors */
120 close(fd_rdonly);
121 close(fd_wronly);
122 close(fd_evtonly);
123 close(fd_evtonly_drw);
124 }
125
126 T_DECL(devfs_fdesc_mount_block, "Test that mounting over /dev/fd/<fd> is blocked")
127 {
128 int dir_fd;
129 char fdesc_path[MAXPATHLEN];
130 char temp_dir[MAXPATHLEN];
131 int ret;
132
133 T_SETUPBEGIN;
134
135 /* Create a temporary directory */
136 snprintf(temp_dir, sizeof(temp_dir), "%s/devfs_fdesc_mount_test.XXXXXX", dt_tmpdir());
137 T_ASSERT_NOTNULL(mkdtemp(temp_dir), "Create temporary directory");
138
139 /* Open the temporary directory */
140 T_ASSERT_POSIX_SUCCESS(dir_fd = open(temp_dir, O_DIRECTORY),
141 "Setup: Opening temporary directory with O_DIRECTORY, dir_fd = %d",
142 dir_fd);
143
144 /* Construct /dev/fd/<fd> path */
145 snprintf(fdesc_path, sizeof(fdesc_path), "/dev/fd/%d", dir_fd);
146
147 T_SETUPEND;
148
149 T_LOG("Testing mount blocking on /dev/fd/%d path: %s", dir_fd, fdesc_path);
150
151 /* Test: Attempt to mount tmpfs over /dev/fd/<fd> - should fail with ENOTSUP */
152 ret = mount("tmpfs", fdesc_path, MNT_RDONLY, NULL);
153 T_EXPECT_POSIX_FAILURE(ret, ENOTSUP,
154 "Mounting tmpfs over %s should fail with ENOTSUP", fdesc_path);
155
156 /* Test: Attempt to mount devfs over /dev/fd/<fd> - should also fail with ENOTSUP */
157 ret = mount("devfs", fdesc_path, MNT_RDONLY, NULL);
158 T_EXPECT_POSIX_FAILURE(ret, ENOTSUP,
159 "Mounting devfs over %s should fail with ENOTSUP", fdesc_path);
160
161 /* Cleanup */
162 close(dir_fd);
163 rmdir(temp_dir);
164 }
165
166 T_DECL(devfs_fdesc_unmount_block, "Test that unmounting /dev/fd/<fd> is blocked")
167 {
168 int dir_fd;
169 char fdesc_path[MAXPATHLEN];
170 char temp_dir[MAXPATHLEN];
171 int ret;
172
173 T_SETUPBEGIN;
174
175 /* Create a temporary directory */
176 snprintf(temp_dir, sizeof(temp_dir), "%s/devfs_fdesc_unmount_test.XXXXXX", dt_tmpdir());
177 T_ASSERT_NOTNULL(mkdtemp(temp_dir), "Create temporary directory");
178
179 /* Open the temporary directory */
180 T_ASSERT_POSIX_SUCCESS(dir_fd = open(temp_dir, O_DIRECTORY),
181 "Setup: Opening temporary directory with O_DIRECTORY, dir_fd = %d",
182 dir_fd);
183
184 /* Construct /dev/fd/<fd> path */
185 snprintf(fdesc_path, sizeof(fdesc_path), "/dev/fd/%d", dir_fd);
186
187 T_SETUPEND;
188
189 T_LOG("Testing unmount blocking on /dev/fd/%d path: %s", dir_fd, fdesc_path);
190
191 /* Test: Attempt to unmount /dev/fd/<fd> - should fail with ENOTSUP */
192 ret = unmount(fdesc_path, 0);
193 T_EXPECT_POSIX_FAILURE(ret, ENOTSUP,
194 "Unmounting %s should fail with ENOTSUP", fdesc_path);
195
196 /* Test: Attempt to force unmount /dev/fd/<fd> - should also fail with ENOTSUP */
197 ret = unmount(fdesc_path, MNT_FORCE);
198 T_EXPECT_POSIX_FAILURE(ret, ENOTSUP,
199 "Force unmounting %s should fail with ENOTSUP", fdesc_path);
200
201 /* Cleanup */
202 close(dir_fd);
203 rmdir(temp_dir);
204 }
205