1*e3723e1fSApple OSS Distributions #include <darwintest.h>
2*e3723e1fSApple OSS Distributions #include <stdio.h>
3*e3723e1fSApple OSS Distributions #include <stdlib.h>
4*e3723e1fSApple OSS Distributions #include <stdbool.h>
5*e3723e1fSApple OSS Distributions #include <errno.h>
6*e3723e1fSApple OSS Distributions #include <libproc.h>
7*e3723e1fSApple OSS Distributions #include <bsm/libbsm.h>
8*e3723e1fSApple OSS Distributions
9*e3723e1fSApple OSS Distributions #undef USE_AUDIT_TOKEN_FOR_PID
10*e3723e1fSApple OSS Distributions
11*e3723e1fSApple OSS Distributions #ifdef USE_AUDIT_TOKEN_FOR_PID
12*e3723e1fSApple OSS Distributions static bool
audit_token_for_pid(pid_t pid,audit_token_t * token)13*e3723e1fSApple OSS Distributions audit_token_for_pid(pid_t pid, audit_token_t *token)
14*e3723e1fSApple OSS Distributions {
15*e3723e1fSApple OSS Distributions kern_return_t err;
16*e3723e1fSApple OSS Distributions task_t task;
17*e3723e1fSApple OSS Distributions mach_msg_type_number_t info_size = TASK_AUDIT_TOKEN_COUNT;
18*e3723e1fSApple OSS Distributions
19*e3723e1fSApple OSS Distributions err = task_for_pid(mach_task_self(), pid, &task);
20*e3723e1fSApple OSS Distributions if (err != KERN_SUCCESS) {
21*e3723e1fSApple OSS Distributions printf("task_for_pid returned %d\n", err);
22*e3723e1fSApple OSS Distributions return false;
23*e3723e1fSApple OSS Distributions }
24*e3723e1fSApple OSS Distributions
25*e3723e1fSApple OSS Distributions err = task_info(task, TASK_AUDIT_TOKEN, (integer_t *)token, &info_size);
26*e3723e1fSApple OSS Distributions if (err != KERN_SUCCESS) {
27*e3723e1fSApple OSS Distributions printf("task_info returned %d\n", err);
28*e3723e1fSApple OSS Distributions return false;
29*e3723e1fSApple OSS Distributions }
30*e3723e1fSApple OSS Distributions
31*e3723e1fSApple OSS Distributions return true;
32*e3723e1fSApple OSS Distributions }
33*e3723e1fSApple OSS Distributions
34*e3723e1fSApple OSS Distributions #else
35*e3723e1fSApple OSS Distributions
36*e3723e1fSApple OSS Distributions static int
idversion_for_pid(pid_t pid)37*e3723e1fSApple OSS Distributions idversion_for_pid(pid_t pid)
38*e3723e1fSApple OSS Distributions {
39*e3723e1fSApple OSS Distributions struct proc_uniqidentifierinfo uniqidinfo = {0};
40*e3723e1fSApple OSS Distributions
41*e3723e1fSApple OSS Distributions int ret = proc_pidinfo(pid, PROC_PIDUNIQIDENTIFIERINFO, 0, &uniqidinfo, sizeof(uniqidinfo));
42*e3723e1fSApple OSS Distributions if (ret <= 0) {
43*e3723e1fSApple OSS Distributions perror("proc_pidinfo(PROC_PIDUNIQIDENTIFIERINFO)");
44*e3723e1fSApple OSS Distributions T_ASSERT_FAIL("proc_pidinfo(%d, PROC_PIDUNIQIDENTIFIERINFO) failed unexpectedly with errno %d", pid, errno);
45*e3723e1fSApple OSS Distributions }
46*e3723e1fSApple OSS Distributions
47*e3723e1fSApple OSS Distributions #ifdef NOTDEF
48*e3723e1fSApple OSS Distributions printf("%s>pid = %d, p_uniqueid = %lld\n", __FUNCTION__, pid, uniqidinfo.p_uniqueid);
49*e3723e1fSApple OSS Distributions printf("%s>pid = %d, p_idversion = %d\n", __FUNCTION__, pid, uniqidinfo.p_idversion);
50*e3723e1fSApple OSS Distributions #endif
51*e3723e1fSApple OSS Distributions
52*e3723e1fSApple OSS Distributions return uniqidinfo.p_idversion;
53*e3723e1fSApple OSS Distributions }
54*e3723e1fSApple OSS Distributions #endif
55*e3723e1fSApple OSS Distributions
56*e3723e1fSApple OSS Distributions static void
show_pidpaths(void)57*e3723e1fSApple OSS Distributions show_pidpaths(void)
58*e3723e1fSApple OSS Distributions {
59*e3723e1fSApple OSS Distributions char buffer[PROC_PIDPATHINFO_MAXSIZE] = {};
60*e3723e1fSApple OSS Distributions int count = 0;
61*e3723e1fSApple OSS Distributions
62*e3723e1fSApple OSS Distributions for (pid_t pid = 1; ((pid < 1000) && (count <= 25)); pid++) {
63*e3723e1fSApple OSS Distributions int ret = proc_pidpath(pid, buffer, sizeof(buffer));
64*e3723e1fSApple OSS Distributions if (ret <= 0) {
65*e3723e1fSApple OSS Distributions if (errno == ESRCH) {
66*e3723e1fSApple OSS Distributions continue;
67*e3723e1fSApple OSS Distributions }
68*e3723e1fSApple OSS Distributions T_ASSERT_FAIL("proc_pidpath(%d) failed unexpectedly with errno %d", pid, errno);
69*e3723e1fSApple OSS Distributions }
70*e3723e1fSApple OSS Distributions count++;
71*e3723e1fSApple OSS Distributions
72*e3723e1fSApple OSS Distributions memset(buffer, 0, sizeof(buffer));
73*e3723e1fSApple OSS Distributions
74*e3723e1fSApple OSS Distributions audit_token_t token = INVALID_AUDIT_TOKEN_VALUE;
75*e3723e1fSApple OSS Distributions #ifdef USE_AUDIT_TOKEN_FOR_PID
76*e3723e1fSApple OSS Distributions if (!audit_token_for_pid(pid, &token)) {
77*e3723e1fSApple OSS Distributions T_ASSERT_FAIL("audit_token_for_pid(%d) failed", pid);
78*e3723e1fSApple OSS Distributions continue;
79*e3723e1fSApple OSS Distributions }
80*e3723e1fSApple OSS Distributions #else
81*e3723e1fSApple OSS Distributions token.val[5] = (unsigned int)pid;
82*e3723e1fSApple OSS Distributions token.val[7] = (unsigned int)idversion_for_pid(pid);
83*e3723e1fSApple OSS Distributions #endif
84*e3723e1fSApple OSS Distributions ret = proc_pidpath_audittoken(&token, buffer, sizeof(buffer));
85*e3723e1fSApple OSS Distributions if (ret <= 0) {
86*e3723e1fSApple OSS Distributions if (errno == ESRCH) {
87*e3723e1fSApple OSS Distributions continue;
88*e3723e1fSApple OSS Distributions }
89*e3723e1fSApple OSS Distributions T_ASSERT_FAIL("proc_pidpath_audittoken(%d) failed unexpectedly with errno %d", pid, errno);
90*e3723e1fSApple OSS Distributions }
91*e3723e1fSApple OSS Distributions T_PASS("%5d %s\n", pid, buffer);
92*e3723e1fSApple OSS Distributions
93*e3723e1fSApple OSS Distributions token.val[7]--; /* Change to idversion so the next call fails */
94*e3723e1fSApple OSS Distributions ret = proc_pidpath_audittoken(&token, buffer, sizeof(buffer));
95*e3723e1fSApple OSS Distributions T_ASSERT_LE(ret, 0, "proc_pidpath_audittoken() failed as expected due to incorrect idversion");
96*e3723e1fSApple OSS Distributions T_ASSERT_EQ(errno, ESRCH, "errno is ESRCH as expected");
97*e3723e1fSApple OSS Distributions }
98*e3723e1fSApple OSS Distributions }
99*e3723e1fSApple OSS Distributions
100*e3723e1fSApple OSS Distributions T_DECL(proc_pidpath_audittoken, "Test proc_pidpath_audittoken()", T_META_ASROOT(false))
101*e3723e1fSApple OSS Distributions {
102*e3723e1fSApple OSS Distributions show_pidpaths();
103*e3723e1fSApple OSS Distributions T_PASS("Successfully tested prod_pidpath_audittoken()");
104*e3723e1fSApple OSS Distributions T_END;
105*e3723e1fSApple OSS Distributions }
106