xref: /xnu-11417.101.15/tests/posix_spawn_filtering.c (revision e3723e1f17661b24996789d8afc084c0c3303b26) 
1*e3723e1fSApple OSS Distributions #include <darwintest.h>
2*e3723e1fSApple OSS Distributions #include <darwintest_utils.h>
3*e3723e1fSApple OSS Distributions 
4*e3723e1fSApple OSS Distributions #include <errno.h>
5*e3723e1fSApple OSS Distributions #include <fcntl.h>
6*e3723e1fSApple OSS Distributions #include <signal.h>
7*e3723e1fSApple OSS Distributions #include <spawn.h>
8*e3723e1fSApple OSS Distributions #include <spawn_filtering_private.h>
9*e3723e1fSApple OSS Distributions #include <spawn_private.h>
10*e3723e1fSApple OSS Distributions #include <stdbool.h>
11*e3723e1fSApple OSS Distributions #include <stdint.h>
12*e3723e1fSApple OSS Distributions #include <stdio.h>
13*e3723e1fSApple OSS Distributions #include <stdlib.h>
14*e3723e1fSApple OSS Distributions #include <string.h>
15*e3723e1fSApple OSS Distributions #include <sys/spawn_internal.h>
16*e3723e1fSApple OSS Distributions #include <sys/stat.h>
17*e3723e1fSApple OSS Distributions #include <sys/sysctl.h>
18*e3723e1fSApple OSS Distributions #include <sys/syslimits.h>
19*e3723e1fSApple OSS Distributions #include <sysexits.h>
20*e3723e1fSApple OSS Distributions #include <unistd.h>
21*e3723e1fSApple OSS Distributions 
22*e3723e1fSApple OSS Distributions static char tmp_path_filter_rules[PATH_MAX] = "";
23*e3723e1fSApple OSS Distributions static char tmp_path_env_output[PATH_MAX] = "";
24*e3723e1fSApple OSS Distributions 
25*e3723e1fSApple OSS Distributions static void
cleanup_tmpfiles(void)26*e3723e1fSApple OSS Distributions cleanup_tmpfiles(void)
27*e3723e1fSApple OSS Distributions {
28*e3723e1fSApple OSS Distributions 	if (tmp_path_filter_rules[0] != '\0') {
29*e3723e1fSApple OSS Distributions 		unlink(tmp_path_filter_rules);
30*e3723e1fSApple OSS Distributions 	}
31*e3723e1fSApple OSS Distributions 	if (tmp_path_env_output[0] != '\0') {
32*e3723e1fSApple OSS Distributions 		unlink(tmp_path_env_output);
33*e3723e1fSApple OSS Distributions 	}
34*e3723e1fSApple OSS Distributions }
35*e3723e1fSApple OSS Distributions 
36*e3723e1fSApple OSS Distributions /*
37*e3723e1fSApple OSS Distributions  * Creates a filtering rules file that says "when launching sh, add this env
38*e3723e1fSApple OSS Distributions  * var". The we launch "sh -c env", redirect the output to a file, read the file
39*e3723e1fSApple OSS Distributions  * and check that the added env var is present.
40*e3723e1fSApple OSS Distributions  */
41*e3723e1fSApple OSS Distributions T_DECL(posix_spawn_filtering,
42*e3723e1fSApple OSS Distributions     "Check posix_spawn_filtering",
43*e3723e1fSApple OSS Distributions     T_META_ENVVAR("FEATUREFLAGS_ENABLED=Libsystem/posix_spawn_filtering"))
44*e3723e1fSApple OSS Distributions {
45*e3723e1fSApple OSS Distributions #if POSIX_SPAWN_FILTERING_ENABLED
46*e3723e1fSApple OSS Distributions 	const char *tmpdir = dt_tmpdir();
47*e3723e1fSApple OSS Distributions 	T_LOG("tmpdir: %s\n", tmpdir);
48*e3723e1fSApple OSS Distributions 
49*e3723e1fSApple OSS Distributions 	strlcat(tmp_path_filter_rules, tmpdir ? tmpdir : "/tmp", sizeof(tmp_path_filter_rules));
50*e3723e1fSApple OSS Distributions 	strlcat(tmp_path_filter_rules, "/filter.rules.XXXXX", sizeof(tmp_path_filter_rules));
51*e3723e1fSApple OSS Distributions 	int filter_rules_fd = mkstemp(tmp_path_filter_rules);
52*e3723e1fSApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(filter_rules_fd, "create temporary file 1");
53*e3723e1fSApple OSS Distributions 
54*e3723e1fSApple OSS Distributions 	const char *filter_rules_contents =
55*e3723e1fSApple OSS Distributions 	    "binary_name:sh\n"
56*e3723e1fSApple OSS Distributions 	    "add_env:ADDED_VAR=VIA_RULES\n";
57*e3723e1fSApple OSS Distributions 	ssize_t bytes_written = write(filter_rules_fd, filter_rules_contents, strlen(filter_rules_contents));
58*e3723e1fSApple OSS Distributions 	T_ASSERT_EQ(bytes_written, (long)strlen(filter_rules_contents), "write should write all contents");
59*e3723e1fSApple OSS Distributions 	close(filter_rules_fd);
60*e3723e1fSApple OSS Distributions 
61*e3723e1fSApple OSS Distributions 	strlcat(tmp_path_env_output, tmpdir ? tmpdir : "/tmp", sizeof(tmp_path_env_output));
62*e3723e1fSApple OSS Distributions 	strlcat(tmp_path_env_output, "/env.output.XXXXX", sizeof(tmp_path_env_output));
63*e3723e1fSApple OSS Distributions 	int env_output_fd = mkstemp(tmp_path_env_output);
64*e3723e1fSApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(env_output_fd, "create temporary file 2");
65*e3723e1fSApple OSS Distributions 
66*e3723e1fSApple OSS Distributions 	T_ATEND(cleanup_tmpfiles);
67*e3723e1fSApple OSS Distributions 
68*e3723e1fSApple OSS Distributions 	char * const    prog = "/bin/sh";
69*e3723e1fSApple OSS Distributions 	char * const    argv_child[] = { prog,
70*e3723e1fSApple OSS Distributions 		                         "-c",
71*e3723e1fSApple OSS Distributions 		                         "/usr/bin/env",
72*e3723e1fSApple OSS Distributions 		                         NULL, };
73*e3723e1fSApple OSS Distributions 
74*e3723e1fSApple OSS Distributions 	char rules_path_env[PATH_MAX + 100] = {0};
75*e3723e1fSApple OSS Distributions 	sprintf(rules_path_env, "POSIX_SPAWN_FILTERING_RULES_PATH=%s", tmp_path_filter_rules);
76*e3723e1fSApple OSS Distributions 	char * const    envp_child[] = {
77*e3723e1fSApple OSS Distributions 		"HELLO=WORLD",
78*e3723e1fSApple OSS Distributions 		rules_path_env,
79*e3723e1fSApple OSS Distributions 		NULL,
80*e3723e1fSApple OSS Distributions 	};
81*e3723e1fSApple OSS Distributions 
82*e3723e1fSApple OSS Distributions 	pid_t           child_pid;
83*e3723e1fSApple OSS Distributions 
84*e3723e1fSApple OSS Distributions 	posix_spawn_file_actions_t      file_actions;
85*e3723e1fSApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(posix_spawn_file_actions_init(&file_actions), "posix_spawn_file_actions_init");
86*e3723e1fSApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(posix_spawn_file_actions_adddup2(&file_actions, env_output_fd, STDOUT_FILENO), "posix_spawn_file_actions_addup2");
87*e3723e1fSApple OSS Distributions 
88*e3723e1fSApple OSS Distributions 	int ret;
89*e3723e1fSApple OSS Distributions 	ret = posix_spawn(&child_pid, prog, &file_actions, NULL, argv_child, envp_child);
90*e3723e1fSApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(ret, "posix_spawn");
91*e3723e1fSApple OSS Distributions 	T_LOG("parent: spawned child with pid %d, waiting for child to exit\n", child_pid);
92*e3723e1fSApple OSS Distributions 
93*e3723e1fSApple OSS Distributions 	ret = posix_spawn_file_actions_destroy(&file_actions);
94*e3723e1fSApple OSS Distributions 	T_QUIET;
95*e3723e1fSApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(ret, "posix_spawn_file_actions_destroy");
96*e3723e1fSApple OSS Distributions 
97*e3723e1fSApple OSS Distributions 	int status = 0;
98*e3723e1fSApple OSS Distributions 	int waitpid_result = waitpid(child_pid, &status, 0);
99*e3723e1fSApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(waitpid_result, "waitpid");
100*e3723e1fSApple OSS Distributions 	T_ASSERT_EQ(waitpid_result, child_pid, "waitpid should return child we spawned");
101*e3723e1fSApple OSS Distributions 	T_ASSERT_EQ(WIFEXITED(status), 1, "child should have exited normally");
102*e3723e1fSApple OSS Distributions 	T_ASSERT_EQ(WEXITSTATUS(status), EX_OK, "child should have exited with success");
103*e3723e1fSApple OSS Distributions 
104*e3723e1fSApple OSS Distributions 	T_ASSERT_EQ(lseek(env_output_fd, 0, SEEK_SET), 0ull, "lseek should succeed");
105*e3723e1fSApple OSS Distributions 	struct stat s;
106*e3723e1fSApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(fstat(env_output_fd, &s), "fstat should succeed");
107*e3723e1fSApple OSS Distributions 	T_ASSERT_GT(s.st_size, 0ll, "s.st_size > 0");
108*e3723e1fSApple OSS Distributions 	char env_file_content[s.st_size + 1];
109*e3723e1fSApple OSS Distributions 	memset(env_file_content, 0, s.st_size + 1);
110*e3723e1fSApple OSS Distributions 	T_ASSERT_EQ((long)read(env_output_fd, env_file_content, (size_t)s.st_size), (long)s.st_size, "read should load the whole file");
111*e3723e1fSApple OSS Distributions 
112*e3723e1fSApple OSS Distributions 	T_ASSERT_NOTNULL(strstr(env_file_content, "HELLO=WORLD\n"), "original env var present");
113*e3723e1fSApple OSS Distributions 	T_ASSERT_NOTNULL(strstr(env_file_content, "ADDED_VAR=VIA_RULES\n"), "added env var present");
114*e3723e1fSApple OSS Distributions 
115*e3723e1fSApple OSS Distributions 	T_PASS("posix_spawn_filtering did succeed to set an env var");
116*e3723e1fSApple OSS Distributions 
117*e3723e1fSApple OSS Distributions #else // POSIX_SPAWN_FILTERING_ENABLED
118*e3723e1fSApple OSS Distributions 	T_SKIP("posix_spawn_filtering only supported with POSIX_SPAWN_FILTERING_ENABLED");
119*e3723e1fSApple OSS Distributions #endif // POSIX_SPAWN_FILTERING_ENABLED
120*e3723e1fSApple OSS Distributions }
121