1 #include <darwintest.h> 2 #include <mach/mach.h> 3 #include <mach/message.h> 4 #include <stdlib.h> 5 #include <sys/sysctl.h> 6 #include <unistd.h> 7 #include <signal.h> 8 #include <mach/mach_vm.h> 9 10 #include <IOKit/IOKitLib.h> 11 #include "service_helpers.h" 12 13 T_GLOBAL_META( 14 T_META_NAMESPACE("xnu.iokit"), 15 T_META_RUN_CONCURRENTLY(true), 16 T_META_RADAR_COMPONENT_NAME("xnu"), 17 T_META_RADAR_COMPONENT_VERSION("IOKit"), 18 T_META_OWNER("ayao")); 19 20 //A client like IOUserClient2022_entitlements_unentitled without the com.apple.iokit.test-check-entitlement-open entitlement should fail on IOServiceOpen 21 //A client like IOUserClient2022_entitlements without com.apple.iokit.test-check-entitlement-per-selector should fail to call selector 1 22 T_DECL(TESTNAME, "Test IOUserClient2022 entitlement enforcement") 23 { 24 io_service_t service; 25 io_connect_t conn; 26 const char *serviceName = "TestIOUserClient2022Entitlements"; 27 28 T_QUIET; T_ASSERT_POSIX_SUCCESS(IOTestServiceFindService(serviceName, &service), "Find service"); 29 T_QUIET; T_ASSERT_NE(service, MACH_PORT_NULL, "got service"); 30 #if OPEN_ENTITLED 31 T_QUIET; T_ASSERT_MACH_SUCCESS(IOServiceOpen(service, mach_task_self(), 0, &conn), "open service"); 32 //We expect failure since we don't have the entitlement to use selector 1 33 T_QUIET; T_ASSERT_NE(IOConnectCallMethod(conn, 1, 34 NULL, 0, NULL, 0, NULL, 0, NULL, NULL), kIOReturnSuccess, "call external method 2"); 35 #else 36 //not entitled to open the service, so we expect failure. 37 T_QUIET; T_ASSERT_NE(IOServiceOpen(service, mach_task_self(), 0, &conn), kIOReturnSuccess, "open service"); 38 #endif 39 IOConnectRelease(conn); 40 IOObjectRelease(service); 41 } 42