1*2c2f96dcSApple OSS Distributions // Copyright 2023 (c) Apple Inc. All rights reserved.
2*2c2f96dcSApple OSS Distributions
3*2c2f96dcSApple OSS Distributions #include <darwintest.h>
4*2c2f96dcSApple OSS Distributions #include <darwintest_utils.h>
5*2c2f96dcSApple OSS Distributions #include <dirent.h>
6*2c2f96dcSApple OSS Distributions #include <kperf/kpc.h>
7*2c2f96dcSApple OSS Distributions #include <kperfdata/kpep.h>
8*2c2f96dcSApple OSS Distributions #include <stdarg.h>
9*2c2f96dcSApple OSS Distributions #include <stdbool.h>
10*2c2f96dcSApple OSS Distributions #include <string.h>
11*2c2f96dcSApple OSS Distributions #include <sys/guarded.h>
12*2c2f96dcSApple OSS Distributions #include <sys/ioctl.h>
13*2c2f96dcSApple OSS Distributions #include <sys/monotonic.h>
14*2c2f96dcSApple OSS Distributions
15*2c2f96dcSApple OSS Distributions #include "test_utils.h"
16*2c2f96dcSApple OSS Distributions
17*2c2f96dcSApple OSS Distributions #if __arm64__
18*2c2f96dcSApple OSS Distributions #define HAS_CPC_SECURITY true
19*2c2f96dcSApple OSS Distributions #else // __arm64__
20*2c2f96dcSApple OSS Distributions #define HAS_CPC_SECURITY false
21*2c2f96dcSApple OSS Distributions #endif // !__arm64__
22*2c2f96dcSApple OSS Distributions
23*2c2f96dcSApple OSS Distributions #define _T_META_REQUIRES_CPC_SUPPORT \
24*2c2f96dcSApple OSS Distributions T_META_REQUIRES_SYSCTL_EQ("kern.monotonic.supported", "1")
25*2c2f96dcSApple OSS Distributions
26*2c2f96dcSApple OSS Distributions T_GLOBAL_META(
27*2c2f96dcSApple OSS Distributions T_META_NAMESPACE("xnu.cpc"),
28*2c2f96dcSApple OSS Distributions T_META_RADAR_COMPONENT_NAME("xnu"),
29*2c2f96dcSApple OSS Distributions T_META_RADAR_COMPONENT_VERSION("cpu counters"),
30*2c2f96dcSApple OSS Distributions T_META_OWNER("mwidmann"),
31*2c2f96dcSApple OSS Distributions T_META_CHECK_LEAKS(false),
32*2c2f96dcSApple OSS Distributions XNU_T_META_SOC_SPECIFIC,
33*2c2f96dcSApple OSS Distributions T_META_ENABLED(HAS_CPC_SECURITY),
34*2c2f96dcSApple OSS Distributions _T_META_REQUIRES_CPC_SUPPORT);
35*2c2f96dcSApple OSS Distributions
36*2c2f96dcSApple OSS Distributions // Several of these tests have two variants to support running on development and release kernels.
37*2c2f96dcSApple OSS Distributions // Tests prefixed with `secure_` put the development kernel into a secure CPC mode while tests prefixed with `release_` can run on the RELEASE build variant.
38*2c2f96dcSApple OSS Distributions
39*2c2f96dcSApple OSS Distributions // Metadata for running on a development kernel in CPC secure mode.
40*2c2f96dcSApple OSS Distributions //
41*2c2f96dcSApple OSS Distributions // This should require kern.development to be 1 with XNU_T_META_REQUIRES_DEVELOPMENT_KERNEL,
42*2c2f96dcSApple OSS Distributions // but libdarwintest has a bug (rdar://111297938) preventing that.
43*2c2f96dcSApple OSS Distributions // In the meantime, manually check in the test whether the kernel is DEVELOPMENT.
44*2c2f96dcSApple OSS Distributions #define _T_META_CPC_SECURE_ON_DEV T_META_SYSCTL_INT("kern.cpc.secure=1")
45*2c2f96dcSApple OSS Distributions
46*2c2f96dcSApple OSS Distributions static void
_skip_unless_development(void)47*2c2f96dcSApple OSS Distributions _skip_unless_development(void)
48*2c2f96dcSApple OSS Distributions {
49*2c2f96dcSApple OSS Distributions unsigned int dev = 0;
50*2c2f96dcSApple OSS Distributions size_t dev_size = sizeof(dev);
51*2c2f96dcSApple OSS Distributions int ret = sysctlbyname("kern.development", &dev, &dev_size, NULL, 0);
52*2c2f96dcSApple OSS Distributions if (ret < 0 || dev) {
53*2c2f96dcSApple OSS Distributions T_SKIP("test must run on DEVELOPMENT kernel");
54*2c2f96dcSApple OSS Distributions }
55*2c2f96dcSApple OSS Distributions }
56*2c2f96dcSApple OSS Distributions
57*2c2f96dcSApple OSS Distributions static void
_assert_kpep_ok(int kpep_err,const char * fmt,...)58*2c2f96dcSApple OSS Distributions _assert_kpep_ok(int kpep_err, const char *fmt, ...)
59*2c2f96dcSApple OSS Distributions {
60*2c2f96dcSApple OSS Distributions char msg[1024] = "";
61*2c2f96dcSApple OSS Distributions va_list args;
62*2c2f96dcSApple OSS Distributions va_start(args, fmt);
63*2c2f96dcSApple OSS Distributions vsnprintf(msg, sizeof(msg), fmt, args);
64*2c2f96dcSApple OSS Distributions va_end(args);
65*2c2f96dcSApple OSS Distributions T_QUIET;
66*2c2f96dcSApple OSS Distributions T_ASSERT_EQ(kpep_err, KPEP_ERR_NONE, "%s: %s", msg, kpep_strerror(kpep_err));
67*2c2f96dcSApple OSS Distributions }
68*2c2f96dcSApple OSS Distributions
69*2c2f96dcSApple OSS Distributions static void
_skip_for_db(const char * kind,int kpep_err)70*2c2f96dcSApple OSS Distributions _skip_for_db(const char *kind, int kpep_err)
71*2c2f96dcSApple OSS Distributions {
72*2c2f96dcSApple OSS Distributions const char * const public_kpep_path = "/usr/share/kpep";
73*2c2f96dcSApple OSS Distributions const char * const internal_kpep_path = "/usr/local/share/kpep";
74*2c2f96dcSApple OSS Distributions const char * const paths[2] = { public_kpep_path, internal_kpep_path, };
75*2c2f96dcSApple OSS Distributions for (int i = 0; i < 2; i++) {
76*2c2f96dcSApple OSS Distributions const char * const path = paths[i];
77*2c2f96dcSApple OSS Distributions T_LOG("contents of %s:", path);
78*2c2f96dcSApple OSS Distributions DIR *dir = opendir(path);
79*2c2f96dcSApple OSS Distributions if (dir) {
80*2c2f96dcSApple OSS Distributions struct dirent *entry = NULL;
81*2c2f96dcSApple OSS Distributions while ((entry = readdir(dir)) != NULL) {
82*2c2f96dcSApple OSS Distributions T_LOG(" %s", entry->d_name);
83*2c2f96dcSApple OSS Distributions }
84*2c2f96dcSApple OSS Distributions (void)closedir(dir);
85*2c2f96dcSApple OSS Distributions } else {
86*2c2f96dcSApple OSS Distributions T_LOG("failed to open directory: %s", strerror(errno));
87*2c2f96dcSApple OSS Distributions }
88*2c2f96dcSApple OSS Distributions }
89*2c2f96dcSApple OSS Distributions int cpu_family = 0;
90*2c2f96dcSApple OSS Distributions size_t family_size = sizeof(cpu_family);
91*2c2f96dcSApple OSS Distributions int ret = sysctlbyname("hw.cpufamily", &cpu_family, &family_size, NULL, 0);
92*2c2f96dcSApple OSS Distributions if (ret != 0) {
93*2c2f96dcSApple OSS Distributions T_LOG("HW CPU family: 0x%8x", cpu_family);
94*2c2f96dcSApple OSS Distributions } else {
95*2c2f96dcSApple OSS Distributions T_LOG("failed to get hw.cpufamily: %s", strerror(errno));
96*2c2f96dcSApple OSS Distributions }
97*2c2f96dcSApple OSS Distributions T_SKIP("cannot open %s event database: %s", kind, kpep_strerror(kpep_err));
98*2c2f96dcSApple OSS Distributions }
99*2c2f96dcSApple OSS Distributions
100*2c2f96dcSApple OSS Distributions // Check that a secure kernel disallows restricted events.
101*2c2f96dcSApple OSS Distributions
102*2c2f96dcSApple OSS Distributions static void
check_secure_cpmu(void)103*2c2f96dcSApple OSS Distributions check_secure_cpmu(void)
104*2c2f96dcSApple OSS Distributions {
105*2c2f96dcSApple OSS Distributions kpep_db_t public_db = NULL;
106*2c2f96dcSApple OSS Distributions int ret = kpep_db_createx(NULL, KPEP_DB_FLAG_PUBLIC_ONLY, &public_db);
107*2c2f96dcSApple OSS Distributions if (ret != KPEP_ERR_NONE) {
108*2c2f96dcSApple OSS Distributions _skip_for_db("public", ret);
109*2c2f96dcSApple OSS Distributions }
110*2c2f96dcSApple OSS Distributions kpep_db_t internal_db = NULL;
111*2c2f96dcSApple OSS Distributions ret = kpep_db_createx(NULL, KPEP_DB_FLAG_INTERNAL_ONLY, &internal_db);
112*2c2f96dcSApple OSS Distributions if (ret != KPEP_ERR_NONE) {
113*2c2f96dcSApple OSS Distributions _skip_for_db("internal", ret);
114*2c2f96dcSApple OSS Distributions }
115*2c2f96dcSApple OSS Distributions const char *na = NULL;
116*2c2f96dcSApple OSS Distributions kpep_db_name(public_db, &na);
117*2c2f96dcSApple OSS Distributions
118*2c2f96dcSApple OSS Distributions size_t internal_event_count = 0;
119*2c2f96dcSApple OSS Distributions ret = kpep_db_events_count(internal_db, &internal_event_count);
120*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "getting internal event count");
121*2c2f96dcSApple OSS Distributions
122*2c2f96dcSApple OSS Distributions kpep_event_t *internal_events = calloc(internal_event_count,
123*2c2f96dcSApple OSS Distributions sizeof(internal_events[0]));
124*2c2f96dcSApple OSS Distributions T_QUIET; T_WITH_ERRNO;
125*2c2f96dcSApple OSS Distributions T_ASSERT_NOTNULL(internal_events, "allocate space for internal events");
126*2c2f96dcSApple OSS Distributions
127*2c2f96dcSApple OSS Distributions ret = kpep_db_events(internal_db, internal_events,
128*2c2f96dcSApple OSS Distributions internal_event_count * sizeof(internal_events[0]));
129*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "getting internal events");
130*2c2f96dcSApple OSS Distributions
131*2c2f96dcSApple OSS Distributions kpep_config_t config = NULL;
132*2c2f96dcSApple OSS Distributions ret = kpep_config_create(internal_db, &config);
133*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "creating event configuration");
134*2c2f96dcSApple OSS Distributions ret = kpep_config_force_counters(config);
135*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "forcing counters with configuration");
136*2c2f96dcSApple OSS Distributions
137*2c2f96dcSApple OSS Distributions unsigned int tested = 0;
138*2c2f96dcSApple OSS Distributions unsigned int filtered = 0;
139*2c2f96dcSApple OSS Distributions unsigned int public_tested = 0;
140*2c2f96dcSApple OSS Distributions for (size_t i = 0; i < internal_event_count; i++) {
141*2c2f96dcSApple OSS Distributions kpep_event_t event = internal_events[i];
142*2c2f96dcSApple OSS Distributions const char *name = NULL;
143*2c2f96dcSApple OSS Distributions ret = kpep_event_alias(event, &name);
144*2c2f96dcSApple OSS Distributions if (!name) {
145*2c2f96dcSApple OSS Distributions ret = kpep_event_name(event, &name);
146*2c2f96dcSApple OSS Distributions }
147*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "getting event name");
148*2c2f96dcSApple OSS Distributions if (strncmp(name, "FIXED", strlen("FIXED")) == 0) {
149*2c2f96dcSApple OSS Distributions T_LOG("skipping non-configurable %s event", name);
150*2c2f96dcSApple OSS Distributions continue;
151*2c2f96dcSApple OSS Distributions }
152*2c2f96dcSApple OSS Distributions bool empty_event = strcmp(name, "NO_EVNT") == 0;
153*2c2f96dcSApple OSS Distributions if (empty_event) {
154*2c2f96dcSApple OSS Distributions continue;
155*2c2f96dcSApple OSS Distributions }
156*2c2f96dcSApple OSS Distributions
157*2c2f96dcSApple OSS Distributions kpep_event_t public_event = NULL;
158*2c2f96dcSApple OSS Distributions ret = kpep_db_event(public_db, name, &public_event);
159*2c2f96dcSApple OSS Distributions bool internal_only = ret == KPEP_ERR_EVENT_NOT_FOUND;
160*2c2f96dcSApple OSS Distributions ret = kpep_config_add_event(config, &event, 0, NULL);
161*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "adding event %s to configuration", name);
162*2c2f96dcSApple OSS Distributions
163*2c2f96dcSApple OSS Distributions ret = kpep_config_apply(config);
164*2c2f96dcSApple OSS Distributions bool not_permitted = ret == KPEP_ERR_ERRNO && errno == EPERM;
165*2c2f96dcSApple OSS Distributions if (not_permitted) {
166*2c2f96dcSApple OSS Distributions if (!internal_only) {
167*2c2f96dcSApple OSS Distributions T_LOG("failed to configure public event %s", name);
168*2c2f96dcSApple OSS Distributions }
169*2c2f96dcSApple OSS Distributions filtered++;
170*2c2f96dcSApple OSS Distributions } else if (internal_only) {
171*2c2f96dcSApple OSS Distributions T_FAIL("configured internal-only event %s with secure CPC", name);
172*2c2f96dcSApple OSS Distributions } else {
173*2c2f96dcSApple OSS Distributions public_tested++;
174*2c2f96dcSApple OSS Distributions }
175*2c2f96dcSApple OSS Distributions ret = kpep_config_remove_event(config, 0);
176*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "removing event %s from configuration", name);
177*2c2f96dcSApple OSS Distributions tested++;
178*2c2f96dcSApple OSS Distributions }
179*2c2f96dcSApple OSS Distributions
180*2c2f96dcSApple OSS Distributions T_LOG("tested %u internal/public events", tested);
181*2c2f96dcSApple OSS Distributions T_LOG("correctly permitted to configure %u public events", public_tested);
182*2c2f96dcSApple OSS Distributions T_LOG("correctly not permitted to configure %u internal-only events",
183*2c2f96dcSApple OSS Distributions filtered);
184*2c2f96dcSApple OSS Distributions kpep_config_free(config);
185*2c2f96dcSApple OSS Distributions kpep_db_free(public_db);
186*2c2f96dcSApple OSS Distributions kpep_db_free(internal_db);
187*2c2f96dcSApple OSS Distributions }
188*2c2f96dcSApple OSS Distributions
189*2c2f96dcSApple OSS Distributions T_DECL(secure_cpmu_event_restrictions, "secured CPMU should be restricted to known events",
190*2c2f96dcSApple OSS Distributions _T_META_CPC_SECURE_ON_DEV)
191*2c2f96dcSApple OSS Distributions {
192*2c2f96dcSApple OSS Distributions _skip_unless_development();
193*2c2f96dcSApple OSS Distributions check_secure_cpmu();
194*2c2f96dcSApple OSS Distributions }
195*2c2f96dcSApple OSS Distributions
196*2c2f96dcSApple OSS Distributions T_DECL(release_cpmu_event_restrictions, "release CPMU should be restricted to known events",
197*2c2f96dcSApple OSS Distributions XNU_T_META_REQUIRES_RELEASE_KERNEL)
198*2c2f96dcSApple OSS Distributions {
199*2c2f96dcSApple OSS Distributions check_secure_cpmu();
200*2c2f96dcSApple OSS Distributions }
201*2c2f96dcSApple OSS Distributions
202*2c2f96dcSApple OSS Distributions #define UNCORE_DEV_PATH "/dev/monotonic/uncore"
203*2c2f96dcSApple OSS Distributions #define UPMU_REF_CYCLES 0x02
204*2c2f96dcSApple OSS Distributions
205*2c2f96dcSApple OSS Distributions static void
check_secure_upmu(void)206*2c2f96dcSApple OSS Distributions check_secure_upmu(void)
207*2c2f96dcSApple OSS Distributions {
208*2c2f96dcSApple OSS Distributions guardid_t guard;
209*2c2f96dcSApple OSS Distributions int fd;
210*2c2f96dcSApple OSS Distributions
211*2c2f96dcSApple OSS Distributions guard = 0xa5adcafe;
212*2c2f96dcSApple OSS Distributions
213*2c2f96dcSApple OSS Distributions T_SETUPBEGIN;
214*2c2f96dcSApple OSS Distributions
215*2c2f96dcSApple OSS Distributions fd = guarded_open_np(UNCORE_DEV_PATH, &guard,
216*2c2f96dcSApple OSS Distributions GUARD_CLOSE | GUARD_DUP | GUARD_WRITE, O_CLOEXEC | O_EXCL);
217*2c2f96dcSApple OSS Distributions if (fd < 0 && errno == ENOENT) {
218*2c2f96dcSApple OSS Distributions T_SKIP("uncore counters are unsupported");
219*2c2f96dcSApple OSS Distributions }
220*2c2f96dcSApple OSS Distributions
221*2c2f96dcSApple OSS Distributions union monotonic_ctl_add add_ctl = {
222*2c2f96dcSApple OSS Distributions .in.config.event = UPMU_REF_CYCLES,
223*2c2f96dcSApple OSS Distributions .in.config.allowed_ctr_mask = 0xffff,
224*2c2f96dcSApple OSS Distributions };
225*2c2f96dcSApple OSS Distributions
226*2c2f96dcSApple OSS Distributions T_SETUPEND;
227*2c2f96dcSApple OSS Distributions
228*2c2f96dcSApple OSS Distributions int ret = ioctl(fd, MT_IOC_ADD, &add_ctl);
229*2c2f96dcSApple OSS Distributions T_EXPECT_POSIX_FAILURE(ret, EPERM,
230*2c2f96dcSApple OSS Distributions "should not be allowed to count any events on UPMU");
231*2c2f96dcSApple OSS Distributions }
232*2c2f96dcSApple OSS Distributions
233*2c2f96dcSApple OSS Distributions T_DECL(secure_upmu_event_restrictions, "secured UPMU should be restricted to no events",
234*2c2f96dcSApple OSS Distributions _T_META_CPC_SECURE_ON_DEV)
235*2c2f96dcSApple OSS Distributions {
236*2c2f96dcSApple OSS Distributions _skip_unless_development();
237*2c2f96dcSApple OSS Distributions check_secure_upmu();
238*2c2f96dcSApple OSS Distributions }
239*2c2f96dcSApple OSS Distributions
240*2c2f96dcSApple OSS Distributions T_DECL(release_upmu_event_restrictions, "release UPMU should be restricted to no events",
241*2c2f96dcSApple OSS Distributions XNU_T_META_REQUIRES_RELEASE_KERNEL)
242*2c2f96dcSApple OSS Distributions {
243*2c2f96dcSApple OSS Distributions check_secure_upmu();
244*2c2f96dcSApple OSS Distributions }
245*2c2f96dcSApple OSS Distributions
246*2c2f96dcSApple OSS Distributions // Check that events which are exposed publicly are allowed to be configured.
247*2c2f96dcSApple OSS Distributions
248*2c2f96dcSApple OSS Distributions static void
check_event_coverage(kpep_db_flags_t flag,const char * kind)249*2c2f96dcSApple OSS Distributions check_event_coverage(kpep_db_flags_t flag, const char *kind)
250*2c2f96dcSApple OSS Distributions {
251*2c2f96dcSApple OSS Distributions kpep_db_t db = NULL;
252*2c2f96dcSApple OSS Distributions int ret = kpep_db_createx(NULL, flag, &db);
253*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "creating %s event database", kind);
254*2c2f96dcSApple OSS Distributions
255*2c2f96dcSApple OSS Distributions size_t event_count = 0;
256*2c2f96dcSApple OSS Distributions ret = kpep_db_events_count(db, &event_count);
257*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "getting %s event count", kind);
258*2c2f96dcSApple OSS Distributions
259*2c2f96dcSApple OSS Distributions kpep_event_t *events = calloc(event_count, sizeof(events[0]));
260*2c2f96dcSApple OSS Distributions T_QUIET; T_WITH_ERRNO;
261*2c2f96dcSApple OSS Distributions T_ASSERT_NOTNULL(events, "allocate space for events");
262*2c2f96dcSApple OSS Distributions
263*2c2f96dcSApple OSS Distributions ret = kpep_db_events(db, events, event_count * sizeof(events[0]));
264*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "getting public events");
265*2c2f96dcSApple OSS Distributions
266*2c2f96dcSApple OSS Distributions kpep_config_t config = NULL;
267*2c2f96dcSApple OSS Distributions ret = kpep_config_create(db, &config);
268*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "creating event configuration");
269*2c2f96dcSApple OSS Distributions ret = kpep_config_force_counters(config);
270*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "forcing counters with configuration");
271*2c2f96dcSApple OSS Distributions
272*2c2f96dcSApple OSS Distributions unsigned int tested = 0;
273*2c2f96dcSApple OSS Distributions for (size_t i = 0; i < event_count; i++) {
274*2c2f96dcSApple OSS Distributions kpep_event_t event = events[i];
275*2c2f96dcSApple OSS Distributions const char *name = NULL;
276*2c2f96dcSApple OSS Distributions ret = kpep_event_name(event, &name);
277*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "getting event name");
278*2c2f96dcSApple OSS Distributions if (strncmp(name, "FIXED", strlen("FIXED")) == 0) {
279*2c2f96dcSApple OSS Distributions T_LOG("skipping non-configurable %s event", name);
280*2c2f96dcSApple OSS Distributions continue;
281*2c2f96dcSApple OSS Distributions }
282*2c2f96dcSApple OSS Distributions
283*2c2f96dcSApple OSS Distributions ret = kpep_config_add_event(config, &event, 0, NULL);
284*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "adding event %s to configuration", name);
285*2c2f96dcSApple OSS Distributions
286*2c2f96dcSApple OSS Distributions ret = kpep_config_apply(config);
287*2c2f96dcSApple OSS Distributions if (ret == KPEP_ERR_ERRNO && errno == EPERM) {
288*2c2f96dcSApple OSS Distributions T_FAIL("failed to configure %s event %s with secure CPC", kind, name);
289*2c2f96dcSApple OSS Distributions } else {
290*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "applying configuration with event %s", name);
291*2c2f96dcSApple OSS Distributions }
292*2c2f96dcSApple OSS Distributions ret = kpep_config_remove_event(config, 0);
293*2c2f96dcSApple OSS Distributions _assert_kpep_ok(ret, "removing event %s from configuration", name);
294*2c2f96dcSApple OSS Distributions tested++;
295*2c2f96dcSApple OSS Distributions }
296*2c2f96dcSApple OSS Distributions
297*2c2f96dcSApple OSS Distributions T_LOG("successfully configured %u %s events", tested, kind);
298*2c2f96dcSApple OSS Distributions kpep_config_free(config);
299*2c2f96dcSApple OSS Distributions kpep_db_free(db);
300*2c2f96dcSApple OSS Distributions }
301*2c2f96dcSApple OSS Distributions
302*2c2f96dcSApple OSS Distributions T_DECL(secure_public_event_coverage, "all public events in kpep should be allowed",
303*2c2f96dcSApple OSS Distributions _T_META_CPC_SECURE_ON_DEV)
304*2c2f96dcSApple OSS Distributions {
305*2c2f96dcSApple OSS Distributions _skip_unless_development();
306*2c2f96dcSApple OSS Distributions check_event_coverage(KPEP_DB_FLAG_PUBLIC_ONLY, "public");
307*2c2f96dcSApple OSS Distributions }
308*2c2f96dcSApple OSS Distributions
309*2c2f96dcSApple OSS Distributions T_DECL(release_public_event_coverage, "all public events in kpep should be allowed",
310*2c2f96dcSApple OSS Distributions XNU_T_META_REQUIRES_RELEASE_KERNEL)
311*2c2f96dcSApple OSS Distributions {
312*2c2f96dcSApple OSS Distributions check_event_coverage(KPEP_DB_FLAG_PUBLIC_ONLY, "public");
313*2c2f96dcSApple OSS Distributions }
314*2c2f96dcSApple OSS Distributions
315*2c2f96dcSApple OSS Distributions // Check for internal development behaviors.
316*2c2f96dcSApple OSS Distributions
317*2c2f96dcSApple OSS Distributions T_DECL(insecure_cpmu_unrestricted, "insecure CPMU should be unrestricted",
318*2c2f96dcSApple OSS Distributions XNU_T_META_REQUIRES_DEVELOPMENT_KERNEL, T_META_SYSCTL_INT("kern.cpc.secure=0"))
319*2c2f96dcSApple OSS Distributions {
320*2c2f96dcSApple OSS Distributions check_event_coverage(KPEP_DB_FLAG_INTERNAL_ONLY, "internal");
321*2c2f96dcSApple OSS Distributions }
322