1 /* 2 * Copyright (c) 2025 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 #include <darwintest.h> 30 #include <darwintest_utils.h> 31 32 #include <libproc.h> 33 #include <mach/mach.h> 34 #include <mach/mach_types.h> 35 #include <mach/mach_vm.h> 36 #include <mach/message.h> 37 #include <mach/mach_error.h> 38 #include <mach/task.h> 39 #include <sys/proc_info.h> 40 #include <sys/proc_info_private.h> 41 42 #include "../task_security_config.h" 43 44 T_GLOBAL_META( 45 T_META_NAMESPACE("xnu.spawn"), 46 T_META_RUN_CONCURRENTLY(TRUE), 47 T_META_RADAR_COMPONENT_NAME("xnu"), 48 T_META_RADAR_COMPONENT_VERSION("IPC"), 49 T_META_TAG_VM_PREFERRED); 50 51 T_DECL(test_guard_objects_entitlement_enabled, 52 "entitlement should enable the guard-objects mitigation in task info", 53 T_META_CHECK_LEAKS(false), 54 T_META_BOOTARGS_SET("amfi_allow_any_signature=1")) 55 { 56 struct task_security_config_info config; 57 mach_msg_type_number_t count; 58 kern_return_t kr; 59 60 count = TASK_SECURITY_CONFIG_INFO_COUNT; 61 kr = task_info(mach_task_self(), TASK_SECURITY_CONFIG_INFO, (task_info_t)&config, &count); 62 T_ASSERT_MACH_SUCCESS(kr, "task_info(TASK_SECURITY_CONFIG_INFO)"); 63 T_ASSERT_EQ(count, 1, "security config should return 1 value"); 64 65 struct task_security_config *conf = (struct task_security_config*)&config; 66 67 T_EXPECT_TRUE(conf->guard_objects, "guard-objects bit should be set"); 68 T_EXPECT_GE_UINT(conf->hardened_process_version, 2, "hardened-process version should be set"); 69 } 70 71 T_DECL(test_guard_objects_entitlements_proc_info_enabled, 72 "entitlement should enable the guard-objects mitigation in proc info", 73 T_META_CHECK_LEAKS(false), 74 T_META_BOOTARGS_SET("amfi_allow_any_signature=1")) 75 { 76 struct proc_bsdinfo bsd_info = {0}; 77 struct proc_bsdshortinfo bsd_shortinfo = {0}; 78 int ret = 0; 79 80 ret = proc_pidinfo(getpid(), PROC_PIDTBSDINFO, 0, &bsd_info, sizeof(bsd_info)); 81 T_ASSERT_EQ(ret, (int)sizeof(bsd_info), "proc_pidinfo PROC_PIDTBSDINFO should return the size of proc_bsdinfo structure"); 82 83 T_EXPECT_BITS_SET(bsd_info.pbi_flags, PROC_FLAG_GUARD_OBJECTS_ENABLED, "bsd_info.pbi_flags should have guard-objects flag set"); 84 85 ret = proc_pidinfo(getpid(), PROC_PIDT_SHORTBSDINFO, 0, &bsd_shortinfo, sizeof(bsd_shortinfo)); 86 T_ASSERT_EQ(ret, (int)sizeof(bsd_shortinfo), "proc_pidinfo PROC_PIDT_SHORTBSDINFO should return the size of proc_bsdshortinfo structure"); 87 88 T_EXPECT_BITS_SET(bsd_shortinfo.pbsi_flags, PROC_FLAG_GUARD_OBJECTS_ENABLED, "bsd_shortinfo.pbsi_flags should have guard-objects flag set"); 89 } 90