1*f6217f89SApple OSS Distributions #include <stdlib.h>
2*f6217f89SApple OSS Distributions #include <stdio.h>
3*f6217f89SApple OSS Distributions #include <pthread.h>
4*f6217f89SApple OSS Distributions #include <pthread/private.h>
5*f6217f89SApple OSS Distributions #include <unistd.h>
6*f6217f89SApple OSS Distributions #include <mach/kern_return.h>
7*f6217f89SApple OSS Distributions #include <mach/mach.h>
8*f6217f89SApple OSS Distributions #include <mach/task.h>
9*f6217f89SApple OSS Distributions #include <mach/thread_status.h>
10*f6217f89SApple OSS Distributions #include <os/tsd.h>
11*f6217f89SApple OSS Distributions #include <assert.h>
12*f6217f89SApple OSS Distributions #include <sys/codesign.h>
13*f6217f89SApple OSS Distributions #include <stdbool.h>
14*f6217f89SApple OSS Distributions #include <darwintest.h>
15*f6217f89SApple OSS Distributions #include <mach/mk_timer.h>
16*f6217f89SApple OSS Distributions #include "cs_helpers.h"
17*f6217f89SApple OSS Distributions
18*f6217f89SApple OSS Distributions #define MAX_TEST_NUM 22
19*f6217f89SApple OSS Distributions
20*f6217f89SApple OSS Distributions #if __arm64__
21*f6217f89SApple OSS Distributions #define machine_thread_state_t arm_thread_state64_t
22*f6217f89SApple OSS Distributions #define EXCEPTION_THREAD_STATE ARM_THREAD_STATE64
23*f6217f89SApple OSS Distributions #define EXCEPTION_THREAD_STATE_COUNT ARM_THREAD_STATE64_COUNT
24*f6217f89SApple OSS Distributions #elif __x86_64__
25*f6217f89SApple OSS Distributions #define machine_thread_state_t x86_thread_state_t
26*f6217f89SApple OSS Distributions #define EXCEPTION_THREAD_STATE x86_THREAD_STATE
27*f6217f89SApple OSS Distributions #define EXCEPTION_THREAD_STATE_COUNT x86_THREAD_STATE_COUNT
28*f6217f89SApple OSS Distributions #else
29*f6217f89SApple OSS Distributions #error Unsupported architecture
30*f6217f89SApple OSS Distributions #endif
31*f6217f89SApple OSS Distributions
32*f6217f89SApple OSS Distributions /* in xpc/launch_private.h */
33*f6217f89SApple OSS Distributions #define XPC_DOMAIN_SYSTEM 1
34*f6217f89SApple OSS Distributions
35*f6217f89SApple OSS Distributions static mach_port_t
alloc_server_port(void)36*f6217f89SApple OSS Distributions alloc_server_port(void)
37*f6217f89SApple OSS Distributions {
38*f6217f89SApple OSS Distributions mach_port_t server_port = MACH_PORT_NULL;
39*f6217f89SApple OSS Distributions kern_return_t kr;
40*f6217f89SApple OSS Distributions
41*f6217f89SApple OSS Distributions kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &server_port);
42*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "alloc_server_port");
43*f6217f89SApple OSS Distributions
44*f6217f89SApple OSS Distributions kr = mach_port_insert_right(mach_task_self(), server_port, server_port, MACH_MSG_TYPE_MAKE_SEND);
45*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "alloc_server_port mach_port_insert_right");
46*f6217f89SApple OSS Distributions
47*f6217f89SApple OSS Distributions return server_port;
48*f6217f89SApple OSS Distributions }
49*f6217f89SApple OSS Distributions
50*f6217f89SApple OSS Distributions static mach_port_t
alloc_reply_port()51*f6217f89SApple OSS Distributions alloc_reply_port()
52*f6217f89SApple OSS Distributions {
53*f6217f89SApple OSS Distributions kern_return_t kr;
54*f6217f89SApple OSS Distributions mach_port_t reply_port = MACH_PORT_NULL;
55*f6217f89SApple OSS Distributions
56*f6217f89SApple OSS Distributions mach_port_options_t opts = {
57*f6217f89SApple OSS Distributions .flags = MPO_REPLY_PORT | MPO_INSERT_SEND_RIGHT,
58*f6217f89SApple OSS Distributions };
59*f6217f89SApple OSS Distributions
60*f6217f89SApple OSS Distributions kr = mach_port_construct(mach_task_self(), &opts, 0, &reply_port);
61*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "alloc_reply_port");
62*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_NE(reply_port, (mach_port_t)MACH_PORT_NULL, "reply_port_create: %s", mach_error_string(kr));
63*f6217f89SApple OSS Distributions
64*f6217f89SApple OSS Distributions return reply_port;
65*f6217f89SApple OSS Distributions }
66*f6217f89SApple OSS Distributions
67*f6217f89SApple OSS Distributions static mach_port_t
alloc_weak_reply_port()68*f6217f89SApple OSS Distributions alloc_weak_reply_port()
69*f6217f89SApple OSS Distributions {
70*f6217f89SApple OSS Distributions kern_return_t kr;
71*f6217f89SApple OSS Distributions mach_port_t reply_port = MACH_PORT_NULL;
72*f6217f89SApple OSS Distributions
73*f6217f89SApple OSS Distributions mach_port_options_t opts = {
74*f6217f89SApple OSS Distributions .flags = MPO_PROVISIONAL_REPLY_PORT,
75*f6217f89SApple OSS Distributions };
76*f6217f89SApple OSS Distributions
77*f6217f89SApple OSS Distributions kr = mach_port_construct(mach_task_self(), &opts, 0, &reply_port);
78*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "alloc_reply_port");
79*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_NE(reply_port, (mach_port_t)MACH_PORT_NULL, "weak_reply_port_create: %s", mach_error_string(kr));
80*f6217f89SApple OSS Distributions
81*f6217f89SApple OSS Distributions return reply_port;
82*f6217f89SApple OSS Distributions }
83*f6217f89SApple OSS Distributions
84*f6217f89SApple OSS Distributions static mach_port_t
alloc_service_port(void)85*f6217f89SApple OSS Distributions alloc_service_port(void)
86*f6217f89SApple OSS Distributions {
87*f6217f89SApple OSS Distributions kern_return_t kr;
88*f6217f89SApple OSS Distributions mach_port_t service_port = MACH_PORT_NULL;
89*f6217f89SApple OSS Distributions
90*f6217f89SApple OSS Distributions struct mach_service_port_info sp_info = {
91*f6217f89SApple OSS Distributions .mspi_string_name = "com.apple.testservice",
92*f6217f89SApple OSS Distributions .mspi_domain_type = XPC_DOMAIN_SYSTEM,
93*f6217f89SApple OSS Distributions };
94*f6217f89SApple OSS Distributions
95*f6217f89SApple OSS Distributions mach_port_options_t opts = {
96*f6217f89SApple OSS Distributions .flags = MPO_STRICT_SERVICE_PORT | MPO_INSERT_SEND_RIGHT,
97*f6217f89SApple OSS Distributions .service_port_info = &sp_info,
98*f6217f89SApple OSS Distributions };
99*f6217f89SApple OSS Distributions
100*f6217f89SApple OSS Distributions kr = mach_port_construct(mach_task_self(), &opts, 0, &service_port);
101*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "alloc_service_port");
102*f6217f89SApple OSS Distributions
103*f6217f89SApple OSS Distributions return service_port;
104*f6217f89SApple OSS Distributions }
105*f6217f89SApple OSS Distributions
106*f6217f89SApple OSS Distributions static mach_port_t
alloc_weak_service_port(void)107*f6217f89SApple OSS Distributions alloc_weak_service_port(void)
108*f6217f89SApple OSS Distributions {
109*f6217f89SApple OSS Distributions kern_return_t kr;
110*f6217f89SApple OSS Distributions mach_port_t weak_service_port = MACH_PORT_NULL;
111*f6217f89SApple OSS Distributions
112*f6217f89SApple OSS Distributions struct mach_service_port_info sp_info = {
113*f6217f89SApple OSS Distributions .mspi_string_name = "com.apple.testservice",
114*f6217f89SApple OSS Distributions .mspi_domain_type = XPC_DOMAIN_SYSTEM,
115*f6217f89SApple OSS Distributions };
116*f6217f89SApple OSS Distributions
117*f6217f89SApple OSS Distributions mach_port_options_t opts = {
118*f6217f89SApple OSS Distributions .flags = MPO_SERVICE_PORT | MPO_INSERT_SEND_RIGHT,
119*f6217f89SApple OSS Distributions .service_port_info = &sp_info,
120*f6217f89SApple OSS Distributions };
121*f6217f89SApple OSS Distributions
122*f6217f89SApple OSS Distributions kr = mach_port_construct(mach_task_self(), &opts, 0, &weak_service_port);
123*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "alloc_weak_service_port");
124*f6217f89SApple OSS Distributions
125*f6217f89SApple OSS Distributions return weak_service_port;
126*f6217f89SApple OSS Distributions }
127*f6217f89SApple OSS Distributions
128*f6217f89SApple OSS Distributions /* The rcv right of the port would be marked immovable. */
129*f6217f89SApple OSS Distributions static void
test_immovable_receive_right(void)130*f6217f89SApple OSS Distributions test_immovable_receive_right(void)
131*f6217f89SApple OSS Distributions {
132*f6217f89SApple OSS Distributions kern_return_t kr;
133*f6217f89SApple OSS Distributions mach_port_t server_port = MACH_PORT_NULL, reply_port = MACH_PORT_NULL;
134*f6217f89SApple OSS Distributions struct {
135*f6217f89SApple OSS Distributions mach_msg_header_t header;
136*f6217f89SApple OSS Distributions mach_msg_body_t body;
137*f6217f89SApple OSS Distributions mach_msg_port_descriptor_t desc;
138*f6217f89SApple OSS Distributions } msg;
139*f6217f89SApple OSS Distributions
140*f6217f89SApple OSS Distributions server_port = alloc_server_port();
141*f6217f89SApple OSS Distributions reply_port = alloc_reply_port();
142*f6217f89SApple OSS Distributions
143*f6217f89SApple OSS Distributions msg.header.msgh_remote_port = server_port;
144*f6217f89SApple OSS Distributions msg.header.msgh_local_port = MACH_PORT_NULL;
145*f6217f89SApple OSS Distributions msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0) | MACH_MSGH_BITS_COMPLEX;
146*f6217f89SApple OSS Distributions msg.header.msgh_size = sizeof msg;
147*f6217f89SApple OSS Distributions
148*f6217f89SApple OSS Distributions msg.body.msgh_descriptor_count = 1;
149*f6217f89SApple OSS Distributions
150*f6217f89SApple OSS Distributions msg.desc.name = reply_port;
151*f6217f89SApple OSS Distributions msg.desc.disposition = MACH_MSG_TYPE_MOVE_RECEIVE;
152*f6217f89SApple OSS Distributions msg.desc.type = MACH_MSG_PORT_DESCRIPTOR;
153*f6217f89SApple OSS Distributions kr = mach_msg_send(&msg.header);
154*f6217f89SApple OSS Distributions
155*f6217f89SApple OSS Distributions printf("[reply_port_defense_client test_immovable_receive_right]: mach_msg2() returned %d\n", kr);
156*f6217f89SApple OSS Distributions }
157*f6217f89SApple OSS Distributions
158*f6217f89SApple OSS Distributions /* The only way you could create a send once right is when you send the port in local port of a mach msg with MAKE_SEND_ONCE disposition. */
159*f6217f89SApple OSS Distributions static void
test_make_send_once_right(void)160*f6217f89SApple OSS Distributions test_make_send_once_right(void)
161*f6217f89SApple OSS Distributions {
162*f6217f89SApple OSS Distributions kern_return_t kr;
163*f6217f89SApple OSS Distributions mach_port_t reply_port = alloc_reply_port();
164*f6217f89SApple OSS Distributions kr = mach_port_insert_right(mach_task_self(), reply_port, reply_port, MACH_MSG_TYPE_MAKE_SEND_ONCE);
165*f6217f89SApple OSS Distributions printf("[reply_port_defense_client test_make_send_once_right]: mach_port_insert_right() returned %d\n", kr);
166*f6217f89SApple OSS Distributions }
167*f6217f89SApple OSS Distributions
168*f6217f89SApple OSS Distributions static void
test_alloc_weak_reply_port(void)169*f6217f89SApple OSS Distributions test_alloc_weak_reply_port(void)
170*f6217f89SApple OSS Distributions {
171*f6217f89SApple OSS Distributions mach_port_t reply_port = alloc_weak_reply_port();
172*f6217f89SApple OSS Distributions printf("[reply_port_defense_client test_alloc_weak_reply_port]: did not crash with port=%d\n", reply_port);
173*f6217f89SApple OSS Distributions }
174*f6217f89SApple OSS Distributions
175*f6217f89SApple OSS Distributions /* The send right of the port would only used for guarding a name in ipc space, it would not allow to send a message. */
176*f6217f89SApple OSS Distributions static void
test_using_send_right(void)177*f6217f89SApple OSS Distributions test_using_send_right(void)
178*f6217f89SApple OSS Distributions {
179*f6217f89SApple OSS Distributions kern_return_t kr;
180*f6217f89SApple OSS Distributions mach_port_t reply_port = alloc_reply_port();
181*f6217f89SApple OSS Distributions struct {
182*f6217f89SApple OSS Distributions mach_msg_header_t header;
183*f6217f89SApple OSS Distributions mach_msg_body_t body;
184*f6217f89SApple OSS Distributions } msg;
185*f6217f89SApple OSS Distributions
186*f6217f89SApple OSS Distributions msg.header.msgh_remote_port = reply_port;
187*f6217f89SApple OSS Distributions msg.header.msgh_local_port = MACH_PORT_NULL;
188*f6217f89SApple OSS Distributions msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0);
189*f6217f89SApple OSS Distributions msg.header.msgh_size = sizeof msg;
190*f6217f89SApple OSS Distributions
191*f6217f89SApple OSS Distributions kr = mach_msg_send(&msg.header);
192*f6217f89SApple OSS Distributions printf("[reply_port_defense_client test_using_send_right]: mach_msg2() returned %d\n", kr);
193*f6217f89SApple OSS Distributions }
194*f6217f89SApple OSS Distributions
195*f6217f89SApple OSS Distributions /* The send right of the port would only used for guarding a name in ipc space, it would not allowed to get moved. */
196*f6217f89SApple OSS Distributions static void
test_move_send_right(void)197*f6217f89SApple OSS Distributions test_move_send_right(void)
198*f6217f89SApple OSS Distributions {
199*f6217f89SApple OSS Distributions kern_return_t kr;
200*f6217f89SApple OSS Distributions mach_port_t server_port = MACH_PORT_NULL, reply_port = MACH_PORT_NULL;
201*f6217f89SApple OSS Distributions struct {
202*f6217f89SApple OSS Distributions mach_msg_header_t header;
203*f6217f89SApple OSS Distributions mach_msg_body_t body;
204*f6217f89SApple OSS Distributions mach_msg_port_descriptor_t desc;
205*f6217f89SApple OSS Distributions } msg;
206*f6217f89SApple OSS Distributions
207*f6217f89SApple OSS Distributions server_port = alloc_server_port();
208*f6217f89SApple OSS Distributions reply_port = alloc_reply_port();
209*f6217f89SApple OSS Distributions
210*f6217f89SApple OSS Distributions msg.header.msgh_remote_port = server_port;
211*f6217f89SApple OSS Distributions msg.header.msgh_local_port = MACH_PORT_NULL;
212*f6217f89SApple OSS Distributions msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0) | MACH_MSGH_BITS_COMPLEX;
213*f6217f89SApple OSS Distributions msg.header.msgh_size = sizeof msg;
214*f6217f89SApple OSS Distributions
215*f6217f89SApple OSS Distributions msg.body.msgh_descriptor_count = 1;
216*f6217f89SApple OSS Distributions
217*f6217f89SApple OSS Distributions msg.desc.name = reply_port;
218*f6217f89SApple OSS Distributions msg.desc.disposition = MACH_MSG_TYPE_MOVE_SEND;
219*f6217f89SApple OSS Distributions msg.desc.type = MACH_MSG_PORT_DESCRIPTOR;
220*f6217f89SApple OSS Distributions
221*f6217f89SApple OSS Distributions kr = mach_msg_send(&msg.header);
222*f6217f89SApple OSS Distributions printf("[reply_port_defense_client test_move_send_right]: mach_msg2() returned %d\n", kr);
223*f6217f89SApple OSS Distributions }
224*f6217f89SApple OSS Distributions
225*f6217f89SApple OSS Distributions static void
test_unentitled_thread_set_state(void)226*f6217f89SApple OSS Distributions test_unentitled_thread_set_state(void)
227*f6217f89SApple OSS Distributions {
228*f6217f89SApple OSS Distributions machine_thread_state_t ts;
229*f6217f89SApple OSS Distributions mach_msg_type_number_t count = MACHINE_THREAD_STATE_COUNT;
230*f6217f89SApple OSS Distributions
231*f6217f89SApple OSS Distributions /* thread_set_state as a platform restrictions binary should fail */
232*f6217f89SApple OSS Distributions kern_return_t kr = thread_get_state(mach_thread_self(), MACHINE_THREAD_STATE, (thread_state_t)&ts, &count);
233*f6217f89SApple OSS Distributions
234*f6217f89SApple OSS Distributions kr = thread_set_state(mach_thread_self(), MACHINE_THREAD_STATE, (thread_state_t)&ts, count);
235*f6217f89SApple OSS Distributions assert(kr != KERN_SUCCESS);
236*f6217f89SApple OSS Distributions exit(-1); /* Should have crashed before here! */
237*f6217f89SApple OSS Distributions }
238*f6217f89SApple OSS Distributions
239*f6217f89SApple OSS Distributions static void
test_unentitled_thread_set_exception_ports(void)240*f6217f89SApple OSS Distributions test_unentitled_thread_set_exception_ports(void)
241*f6217f89SApple OSS Distributions {
242*f6217f89SApple OSS Distributions mach_port_t exc_port = alloc_server_port();
243*f6217f89SApple OSS Distributions
244*f6217f89SApple OSS Distributions /* thread_set_exception_ports as a platform restrictions binary should fail without identity protected options */
245*f6217f89SApple OSS Distributions kern_return_t kr = thread_set_exception_ports(
246*f6217f89SApple OSS Distributions mach_thread_self(),
247*f6217f89SApple OSS Distributions EXC_MASK_ALL,
248*f6217f89SApple OSS Distributions exc_port,
249*f6217f89SApple OSS Distributions (exception_behavior_t)((unsigned int)EXCEPTION_DEFAULT | MACH_EXCEPTION_CODES),
250*f6217f89SApple OSS Distributions EXCEPTION_THREAD_STATE);
251*f6217f89SApple OSS Distributions
252*f6217f89SApple OSS Distributions /* thread_set_exception_ports is supposed to crash, unless the policy is turned off.
253*f6217f89SApple OSS Distributions * Things that disable the policy: AMFI boot-args in use, SIP disabled,
254*f6217f89SApple OSS Distributions * third party plugins in a process. The caller of this client will check
255*f6217f89SApple OSS Distributions * whether the test crashed and correctly adhered to these policies.
256*f6217f89SApple OSS Distributions */
257*f6217f89SApple OSS Distributions printf("thread_set_exception_ports did not crash\n");
258*f6217f89SApple OSS Distributions }
259*f6217f89SApple OSS Distributions
260*f6217f89SApple OSS Distributions static void
unentitled_set_exception_ports_pass(void)261*f6217f89SApple OSS Distributions unentitled_set_exception_ports_pass(void)
262*f6217f89SApple OSS Distributions {
263*f6217f89SApple OSS Distributions mach_port_t exc_port = alloc_server_port();
264*f6217f89SApple OSS Distributions
265*f6217f89SApple OSS Distributions /* thread_set_exception_ports with state *IDENTITY_PROTECTED should not fail */
266*f6217f89SApple OSS Distributions kern_return_t kr = thread_set_exception_ports(
267*f6217f89SApple OSS Distributions mach_thread_self(),
268*f6217f89SApple OSS Distributions EXC_MASK_ALL,
269*f6217f89SApple OSS Distributions exc_port,
270*f6217f89SApple OSS Distributions (exception_behavior_t)((unsigned int)EXCEPTION_STATE_IDENTITY_PROTECTED | MACH_EXCEPTION_CODES),
271*f6217f89SApple OSS Distributions EXCEPTION_THREAD_STATE);
272*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "thread_set_exception_ports EXCEPTION_STATE_IDENTITY_PROTECTED");
273*f6217f89SApple OSS Distributions
274*f6217f89SApple OSS Distributions kr = thread_set_exception_ports(
275*f6217f89SApple OSS Distributions mach_thread_self(),
276*f6217f89SApple OSS Distributions EXC_MASK_ALL,
277*f6217f89SApple OSS Distributions exc_port,
278*f6217f89SApple OSS Distributions (exception_behavior_t)((unsigned int)EXCEPTION_IDENTITY_PROTECTED | MACH_EXCEPTION_CODES),
279*f6217f89SApple OSS Distributions EXCEPTION_THREAD_STATE);
280*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "thread_set_exception_ports EXCEPTION_IDENTITY_PROTECTED");
281*f6217f89SApple OSS Distributions
282*f6217f89SApple OSS Distributions return;
283*f6217f89SApple OSS Distributions }
284*f6217f89SApple OSS Distributions
285*f6217f89SApple OSS Distributions static void
exception_ports_crash(void)286*f6217f89SApple OSS Distributions exception_ports_crash(void)
287*f6217f89SApple OSS Distributions {
288*f6217f89SApple OSS Distributions kern_return_t kr;
289*f6217f89SApple OSS Distributions mach_port_t exc_port;
290*f6217f89SApple OSS Distributions mach_port_options_t opts = {
291*f6217f89SApple OSS Distributions .flags = MPO_INSERT_SEND_RIGHT | MPO_EXCEPTION_PORT,
292*f6217f89SApple OSS Distributions };
293*f6217f89SApple OSS Distributions
294*f6217f89SApple OSS Distributions kr = mach_port_construct(mach_task_self(), &opts, 0ull, &exc_port);
295*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "exception_ports_crash mach_port_construct");
296*f6217f89SApple OSS Distributions
297*f6217f89SApple OSS Distributions kr = task_register_hardened_exception_handler(current_task(),
298*f6217f89SApple OSS Distributions 0, EXC_MASK_BAD_ACCESS,
299*f6217f89SApple OSS Distributions EXCEPTION_STATE_IDENTITY_PROTECTED, EXCEPTION_THREAD_STATE, exc_port);
300*f6217f89SApple OSS Distributions
301*f6217f89SApple OSS Distributions kr = thread_set_exception_ports(
302*f6217f89SApple OSS Distributions mach_thread_self(),
303*f6217f89SApple OSS Distributions EXC_MASK_BAD_ACCESS,
304*f6217f89SApple OSS Distributions exc_port,
305*f6217f89SApple OSS Distributions (exception_behavior_t)((unsigned int)EXCEPTION_STATE_IDENTITY_PROTECTED | MACH_EXCEPTION_CODES),
306*f6217f89SApple OSS Distributions EXCEPTION_THREAD_STATE);
307*f6217f89SApple OSS Distributions
308*f6217f89SApple OSS Distributions printf("thread_set_exception_ports did not crash: %d\n", kr);
309*f6217f89SApple OSS Distributions }
310*f6217f89SApple OSS Distributions
311*f6217f89SApple OSS Distributions static void
kobject_reply_port_defense(void)312*f6217f89SApple OSS Distributions kobject_reply_port_defense(void)
313*f6217f89SApple OSS Distributions {
314*f6217f89SApple OSS Distributions machine_thread_state_t ts;
315*f6217f89SApple OSS Distributions mach_msg_type_number_t count = MACHINE_THREAD_STATE_COUNT;
316*f6217f89SApple OSS Distributions mach_port_t port = MACH_PORT_NULL;
317*f6217f89SApple OSS Distributions
318*f6217f89SApple OSS Distributions kern_return_t kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &port);
319*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "kobject_reply_port_defense mach_port_allocate");
320*f6217f89SApple OSS Distributions
321*f6217f89SApple OSS Distributions // make a kobject call
322*f6217f89SApple OSS Distributions kr = thread_get_state(mach_thread_self(), MACHINE_THREAD_STATE, (thread_state_t)&ts, &count);
323*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "kobject_reply_port_defense thread_get_state");
324*f6217f89SApple OSS Distributions
325*f6217f89SApple OSS Distributions // set the MIG reply port to a "normal" port
326*f6217f89SApple OSS Distributions _os_tsd_set_direct(__TSD_MIG_REPLY, (void *)(uintptr_t)port);
327*f6217f89SApple OSS Distributions
328*f6217f89SApple OSS Distributions kr = thread_get_state(mach_thread_self(), MACHINE_THREAD_STATE, (thread_state_t)&ts, &count);
329*f6217f89SApple OSS Distributions
330*f6217f89SApple OSS Distributions T_FAIL("kobject call did not crash: %d\n", kr);
331*f6217f89SApple OSS Distributions }
332*f6217f89SApple OSS Distributions
333*f6217f89SApple OSS Distributions static void
test_move_service_port(void)334*f6217f89SApple OSS Distributions test_move_service_port(void)
335*f6217f89SApple OSS Distributions {
336*f6217f89SApple OSS Distributions kern_return_t kr;
337*f6217f89SApple OSS Distributions mach_port_t server_port = MACH_PORT_NULL, service_port = MACH_PORT_NULL;
338*f6217f89SApple OSS Distributions struct {
339*f6217f89SApple OSS Distributions mach_msg_header_t header;
340*f6217f89SApple OSS Distributions mach_msg_body_t body;
341*f6217f89SApple OSS Distributions mach_msg_port_descriptor_t desc;
342*f6217f89SApple OSS Distributions } msg;
343*f6217f89SApple OSS Distributions
344*f6217f89SApple OSS Distributions server_port = alloc_server_port();
345*f6217f89SApple OSS Distributions service_port = alloc_service_port();
346*f6217f89SApple OSS Distributions
347*f6217f89SApple OSS Distributions msg.header.msgh_remote_port = server_port;
348*f6217f89SApple OSS Distributions msg.header.msgh_local_port = MACH_PORT_NULL;
349*f6217f89SApple OSS Distributions msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0) | MACH_MSGH_BITS_COMPLEX;
350*f6217f89SApple OSS Distributions msg.header.msgh_size = sizeof msg;
351*f6217f89SApple OSS Distributions
352*f6217f89SApple OSS Distributions msg.body.msgh_descriptor_count = 1;
353*f6217f89SApple OSS Distributions
354*f6217f89SApple OSS Distributions msg.desc.name = service_port;
355*f6217f89SApple OSS Distributions msg.desc.disposition = MACH_MSG_TYPE_MOVE_RECEIVE;
356*f6217f89SApple OSS Distributions msg.desc.type = MACH_MSG_PORT_DESCRIPTOR;
357*f6217f89SApple OSS Distributions
358*f6217f89SApple OSS Distributions kr = mach_msg_send(&msg.header);
359*f6217f89SApple OSS Distributions T_FAIL("move service port did not crash: %d\n", kr);
360*f6217f89SApple OSS Distributions }
361*f6217f89SApple OSS Distributions
362*f6217f89SApple OSS Distributions static void
test_mktimer_notification_policy(void)363*f6217f89SApple OSS Distributions test_mktimer_notification_policy(void)
364*f6217f89SApple OSS Distributions {
365*f6217f89SApple OSS Distributions mach_port_t timer_port = MACH_PORT_NULL;
366*f6217f89SApple OSS Distributions mach_port_t notify_port = MACH_PORT_NULL;
367*f6217f89SApple OSS Distributions mach_port_t previous = MACH_PORT_NULL;
368*f6217f89SApple OSS Distributions
369*f6217f89SApple OSS Distributions kern_return_t kr = KERN_SUCCESS;
370*f6217f89SApple OSS Distributions
371*f6217f89SApple OSS Distributions timer_port = mk_timer_create();
372*f6217f89SApple OSS Distributions T_ASSERT_NE(timer_port, (mach_port_t)MACH_PORT_NULL, "mk_timer_create: %s", mach_error_string(kr));
373*f6217f89SApple OSS Distributions
374*f6217f89SApple OSS Distributions /* notification port for the mk_timer port to come back on */
375*f6217f89SApple OSS Distributions kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, ¬ify_port);
376*f6217f89SApple OSS Distributions T_ASSERT_EQ(kr, KERN_SUCCESS, "mach_port_allocate(notify_port): %s", mach_error_string(kr));
377*f6217f89SApple OSS Distributions
378*f6217f89SApple OSS Distributions T_LOG("timer: 0x%x, notify: 0x%x", timer_port, notify_port);
379*f6217f89SApple OSS Distributions
380*f6217f89SApple OSS Distributions /* request a port-destroyed notification on the timer port, which should crash */
381*f6217f89SApple OSS Distributions kr = mach_port_request_notification(mach_task_self(), timer_port, MACH_NOTIFY_PORT_DESTROYED,
382*f6217f89SApple OSS Distributions 0, notify_port, MACH_MSG_TYPE_MAKE_SEND_ONCE, &previous);
383*f6217f89SApple OSS Distributions
384*f6217f89SApple OSS Distributions T_FAIL("mktimer did not crash with exc_guard kr=%d", kr);
385*f6217f89SApple OSS Distributions }
386*f6217f89SApple OSS Distributions
387*f6217f89SApple OSS Distributions static void
test_reply_port_port_destroyed_notification_policy(void)388*f6217f89SApple OSS Distributions test_reply_port_port_destroyed_notification_policy(void)
389*f6217f89SApple OSS Distributions {
390*f6217f89SApple OSS Distributions mach_port_t reply_port = MACH_PORT_NULL;
391*f6217f89SApple OSS Distributions mach_port_t previous = MACH_PORT_NULL;
392*f6217f89SApple OSS Distributions mach_port_t notify_port = MACH_PORT_NULL;
393*f6217f89SApple OSS Distributions
394*f6217f89SApple OSS Distributions kern_return_t kr = KERN_SUCCESS;
395*f6217f89SApple OSS Distributions mach_port_options_t opts = {};
396*f6217f89SApple OSS Distributions
397*f6217f89SApple OSS Distributions reply_port = alloc_reply_port();
398*f6217f89SApple OSS Distributions
399*f6217f89SApple OSS Distributions kr = mach_port_construct(mach_task_self(), &opts, 0, ¬ify_port);
400*f6217f89SApple OSS Distributions T_ASSERT_EQ(kr, KERN_SUCCESS, "mach_port_allocate(notify_port): %s", mach_error_string(kr));
401*f6217f89SApple OSS Distributions
402*f6217f89SApple OSS Distributions /* request a port-destroyed notification on the reply port */
403*f6217f89SApple OSS Distributions kr = mach_port_request_notification(mach_task_self(), reply_port, MACH_NOTIFY_PORT_DESTROYED,
404*f6217f89SApple OSS Distributions 0, notify_port, MACH_MSG_TYPE_MAKE_SEND_ONCE, &previous);
405*f6217f89SApple OSS Distributions
406*f6217f89SApple OSS Distributions printf("reply port did not crash kr=%d\n", kr);
407*f6217f89SApple OSS Distributions }
408*f6217f89SApple OSS Distributions
409*f6217f89SApple OSS Distributions static void
test_reply_port_no_senders_notification_policy(void)410*f6217f89SApple OSS Distributions test_reply_port_no_senders_notification_policy(void)
411*f6217f89SApple OSS Distributions {
412*f6217f89SApple OSS Distributions mach_port_t reply_port = MACH_PORT_NULL;
413*f6217f89SApple OSS Distributions mach_port_t previous = MACH_PORT_NULL;
414*f6217f89SApple OSS Distributions mach_port_t notify_port = MACH_PORT_NULL;
415*f6217f89SApple OSS Distributions
416*f6217f89SApple OSS Distributions kern_return_t kr = KERN_SUCCESS;
417*f6217f89SApple OSS Distributions
418*f6217f89SApple OSS Distributions reply_port = alloc_reply_port();
419*f6217f89SApple OSS Distributions mach_port_options_t opts = {};
420*f6217f89SApple OSS Distributions
421*f6217f89SApple OSS Distributions kr = mach_port_construct(mach_task_self(), &opts, 0, ¬ify_port);
422*f6217f89SApple OSS Distributions T_ASSERT_EQ(kr, KERN_SUCCESS, "mach_port_allocate(notify_port): %s", mach_error_string(kr));
423*f6217f89SApple OSS Distributions
424*f6217f89SApple OSS Distributions /* request a no-senders notification on the reply port */
425*f6217f89SApple OSS Distributions kr = mach_port_request_notification(mach_task_self(), reply_port, MACH_NOTIFY_NO_SENDERS,
426*f6217f89SApple OSS Distributions 0, notify_port, MACH_MSG_TYPE_MAKE_SEND_ONCE, &previous);
427*f6217f89SApple OSS Distributions
428*f6217f89SApple OSS Distributions T_FAIL("reply port did not crash kr=%d", kr);
429*f6217f89SApple OSS Distributions }
430*f6217f89SApple OSS Distributions
431*f6217f89SApple OSS Distributions static void
test_reply_port_insert_right_disallowed(void)432*f6217f89SApple OSS Distributions test_reply_port_insert_right_disallowed(void)
433*f6217f89SApple OSS Distributions {
434*f6217f89SApple OSS Distributions mach_port_t reply_port = MACH_PORT_NULL;
435*f6217f89SApple OSS Distributions mach_port_t send_reply_port = MACH_PORT_NULL;
436*f6217f89SApple OSS Distributions mach_msg_type_name_t right = 0;
437*f6217f89SApple OSS Distributions
438*f6217f89SApple OSS Distributions kern_return_t kr = KERN_SUCCESS;
439*f6217f89SApple OSS Distributions reply_port = alloc_reply_port();
440*f6217f89SApple OSS Distributions kr = mach_port_extract_right(mach_task_self(), reply_port, MACH_MSG_TYPE_MAKE_SEND_ONCE, &send_reply_port, &right);
441*f6217f89SApple OSS Distributions T_ASSERT_EQ(kr, KERN_SUCCESS, "mach_port_extract_right(reply_port, make_send_once): %s", mach_error_string(kr));
442*f6217f89SApple OSS Distributions
443*f6217f89SApple OSS Distributions T_FAIL("reply port make send once outside of kmsg did not crash kr=%d", kr);
444*f6217f89SApple OSS Distributions }
445*f6217f89SApple OSS Distributions
446*f6217f89SApple OSS Distributions static kern_return_t
move_port(mach_port_t immovable_port)447*f6217f89SApple OSS Distributions move_port(mach_port_t immovable_port)
448*f6217f89SApple OSS Distributions {
449*f6217f89SApple OSS Distributions mach_port_t server_port = MACH_PORT_NULL;
450*f6217f89SApple OSS Distributions struct {
451*f6217f89SApple OSS Distributions mach_msg_header_t header;
452*f6217f89SApple OSS Distributions mach_msg_body_t body;
453*f6217f89SApple OSS Distributions mach_msg_port_descriptor_t desc;
454*f6217f89SApple OSS Distributions } msg;
455*f6217f89SApple OSS Distributions
456*f6217f89SApple OSS Distributions server_port = alloc_server_port();
457*f6217f89SApple OSS Distributions
458*f6217f89SApple OSS Distributions msg.header.msgh_remote_port = server_port;
459*f6217f89SApple OSS Distributions msg.header.msgh_local_port = MACH_PORT_NULL;
460*f6217f89SApple OSS Distributions msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0) | MACH_MSGH_BITS_COMPLEX;
461*f6217f89SApple OSS Distributions msg.header.msgh_size = sizeof msg;
462*f6217f89SApple OSS Distributions
463*f6217f89SApple OSS Distributions msg.body.msgh_descriptor_count = 1;
464*f6217f89SApple OSS Distributions
465*f6217f89SApple OSS Distributions msg.desc.name = immovable_port;
466*f6217f89SApple OSS Distributions msg.desc.disposition = MACH_MSG_TYPE_MOVE_SEND;
467*f6217f89SApple OSS Distributions msg.desc.type = MACH_MSG_PORT_DESCRIPTOR;
468*f6217f89SApple OSS Distributions return mach_msg_send(&msg.header);
469*f6217f89SApple OSS Distributions }
470*f6217f89SApple OSS Distributions
471*f6217f89SApple OSS Distributions /* attempt to move mach_task_self */
472*f6217f89SApple OSS Distributions static void
test_mach_task_self_send_movability(void)473*f6217f89SApple OSS Distributions test_mach_task_self_send_movability(void)
474*f6217f89SApple OSS Distributions {
475*f6217f89SApple OSS Distributions kern_return_t kr = move_port(mach_task_self());
476*f6217f89SApple OSS Distributions printf("[reply_port_defense_client test_task_self_immovable]: mach_msg2() returned %d\n", kr);
477*f6217f89SApple OSS Distributions }
478*f6217f89SApple OSS Distributions
479*f6217f89SApple OSS Distributions /* mach_task_self() is movable before and after calling task_get_special_port, when entitled */
480*f6217f89SApple OSS Distributions static void
test_task_self_movable_send(void)481*f6217f89SApple OSS Distributions test_task_self_movable_send(void)
482*f6217f89SApple OSS Distributions {
483*f6217f89SApple OSS Distributions kern_return_t kr;
484*f6217f89SApple OSS Distributions mach_port_t task_self = MACH_PORT_NULL;
485*f6217f89SApple OSS Distributions
486*f6217f89SApple OSS Distributions kr = move_port(mach_task_self());
487*f6217f89SApple OSS Distributions T_EXPECT_MACH_SUCCESS(kr, "move mach_task_self");
488*f6217f89SApple OSS Distributions
489*f6217f89SApple OSS Distributions kr = task_get_special_port(mach_task_self(), TASK_KERNEL_PORT, &task_self);
490*f6217f89SApple OSS Distributions T_EXPECT_MACH_SUCCESS(kr, "task_get_special_port");
491*f6217f89SApple OSS Distributions
492*f6217f89SApple OSS Distributions kr = move_port(mach_task_self());
493*f6217f89SApple OSS Distributions T_EXPECT_MACH_SUCCESS(kr, "move mach_task_self again");
494*f6217f89SApple OSS Distributions
495*f6217f89SApple OSS Distributions mach_port_t thread_port = pthread_mach_thread_np(pthread_main_thread_np());
496*f6217f89SApple OSS Distributions kr = move_port(thread_port);
497*f6217f89SApple OSS Distributions T_EXPECT_MACH_SUCCESS(kr, "move main_thread_port");
498*f6217f89SApple OSS Distributions }
499*f6217f89SApple OSS Distributions
500*f6217f89SApple OSS Distributions static void
test_move_newly_constructed_port_immovable_send(void)501*f6217f89SApple OSS Distributions test_move_newly_constructed_port_immovable_send(void)
502*f6217f89SApple OSS Distributions {
503*f6217f89SApple OSS Distributions kern_return_t kr;
504*f6217f89SApple OSS Distributions mach_port_t port = MACH_PORT_NULL;
505*f6217f89SApple OSS Distributions
506*f6217f89SApple OSS Distributions mach_port_options_t opts = {
507*f6217f89SApple OSS Distributions .flags = MPO_INSERT_SEND_RIGHT | MPO_CONNECTION_PORT,
508*f6217f89SApple OSS Distributions .service_port_name = MPO_ANONYMOUS_SERVICE,
509*f6217f89SApple OSS Distributions };
510*f6217f89SApple OSS Distributions
511*f6217f89SApple OSS Distributions kr = mach_port_construct(mach_task_self(), &opts, 0, &port);
512*f6217f89SApple OSS Distributions
513*f6217f89SApple OSS Distributions kr = move_port(port);
514*f6217f89SApple OSS Distributions printf("kr=%d\n", kr);
515*f6217f89SApple OSS Distributions T_EXPECT_MACH_ERROR(kr, KERN_DENIED, "move port with immovable send rights");
516*f6217f89SApple OSS Distributions }
517*f6217f89SApple OSS Distributions
518*f6217f89SApple OSS Distributions static void
test_move_special_reply_port(void)519*f6217f89SApple OSS Distributions test_move_special_reply_port(void)
520*f6217f89SApple OSS Distributions {
521*f6217f89SApple OSS Distributions kern_return_t kr;
522*f6217f89SApple OSS Distributions mach_port_t special_reply_port = thread_get_special_reply_port();
523*f6217f89SApple OSS Distributions
524*f6217f89SApple OSS Distributions kr = move_port(special_reply_port);
525*f6217f89SApple OSS Distributions T_EXPECT_MACH_ERROR(kr, KERN_DENIED, "move special reply port");
526*f6217f89SApple OSS Distributions }
527*f6217f89SApple OSS Distributions
528*f6217f89SApple OSS Distributions static void
test_reply_port_header_disposition(void)529*f6217f89SApple OSS Distributions test_reply_port_header_disposition(void)
530*f6217f89SApple OSS Distributions {
531*f6217f89SApple OSS Distributions kern_return_t kr;
532*f6217f89SApple OSS Distributions mach_port_t server_port = MACH_PORT_NULL;
533*f6217f89SApple OSS Distributions mach_port_t reply_port1 = MACH_PORT_NULL, reply_port2 = MACH_PORT_NULL;
534*f6217f89SApple OSS Distributions struct {
535*f6217f89SApple OSS Distributions mach_msg_header_t header;
536*f6217f89SApple OSS Distributions } msg;
537*f6217f89SApple OSS Distributions
538*f6217f89SApple OSS Distributions server_port = alloc_server_port();
539*f6217f89SApple OSS Distributions reply_port1 = alloc_reply_port();
540*f6217f89SApple OSS Distributions reply_port2 = alloc_reply_port();
541*f6217f89SApple OSS Distributions
542*f6217f89SApple OSS Distributions msg.header.msgh_remote_port = server_port;
543*f6217f89SApple OSS Distributions msg.header.msgh_size = sizeof msg;
544*f6217f89SApple OSS Distributions
545*f6217f89SApple OSS Distributions /* sending with make_send_once should succeed */
546*f6217f89SApple OSS Distributions msg.header.msgh_local_port = reply_port1;
547*f6217f89SApple OSS Distributions msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND,
548*f6217f89SApple OSS Distributions MACH_MSG_TYPE_MAKE_SEND_ONCE);
549*f6217f89SApple OSS Distributions kr = mach_msg_send(&msg.header);
550*f6217f89SApple OSS Distributions T_EXPECT_MACH_SUCCESS(kr, "reply_port_disposition make_send_once");
551*f6217f89SApple OSS Distributions
552*f6217f89SApple OSS Distributions /* sending with make_send should fail */
553*f6217f89SApple OSS Distributions msg.header.msgh_local_port = reply_port2;
554*f6217f89SApple OSS Distributions msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND,
555*f6217f89SApple OSS Distributions MACH_MSG_TYPE_MAKE_SEND);
556*f6217f89SApple OSS Distributions kr = mach_msg_send(&msg.header);
557*f6217f89SApple OSS Distributions T_ASSERT_MACH_ERROR(kr, MACH_SEND_INVALID_REPLY, "reply_port_disposition make_send");
558*f6217f89SApple OSS Distributions }
559*f6217f89SApple OSS Distributions
560*f6217f89SApple OSS Distributions static void
test_service_port_as_exception_port(void)561*f6217f89SApple OSS Distributions test_service_port_as_exception_port(void)
562*f6217f89SApple OSS Distributions {
563*f6217f89SApple OSS Distributions kern_return_t kr;
564*f6217f89SApple OSS Distributions mach_port_t service_port = alloc_service_port();
565*f6217f89SApple OSS Distributions mach_port_t weak_service_port = alloc_weak_service_port();
566*f6217f89SApple OSS Distributions
567*f6217f89SApple OSS Distributions kr = thread_set_exception_ports(
568*f6217f89SApple OSS Distributions mach_thread_self(),
569*f6217f89SApple OSS Distributions EXC_MASK_ALL,
570*f6217f89SApple OSS Distributions service_port,
571*f6217f89SApple OSS Distributions (exception_behavior_t)((unsigned int)EXCEPTION_STATE_IDENTITY_PROTECTED | MACH_EXCEPTION_CODES),
572*f6217f89SApple OSS Distributions EXCEPTION_THREAD_STATE);
573*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "test_service_port_as_exception_port IOT_SERVICE_PORT");
574*f6217f89SApple OSS Distributions
575*f6217f89SApple OSS Distributions kr = thread_set_exception_ports(
576*f6217f89SApple OSS Distributions mach_thread_self(),
577*f6217f89SApple OSS Distributions EXC_MASK_ALL,
578*f6217f89SApple OSS Distributions weak_service_port,
579*f6217f89SApple OSS Distributions (exception_behavior_t)((unsigned int)EXCEPTION_STATE_IDENTITY_PROTECTED | MACH_EXCEPTION_CODES),
580*f6217f89SApple OSS Distributions EXCEPTION_THREAD_STATE);
581*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "test_service_port_as_exception_port IOT_WEAK_SERVICE_PORT");
582*f6217f89SApple OSS Distributions }
583*f6217f89SApple OSS Distributions
584*f6217f89SApple OSS Distributions int
main(int argc,char * argv[])585*f6217f89SApple OSS Distributions main(int argc, char *argv[])
586*f6217f89SApple OSS Distributions {
587*f6217f89SApple OSS Distributions uint32_t my_csflags = 0;
588*f6217f89SApple OSS Distributions bool thirdparty_hardened = !strcmp(argv[0], "./reply_port_defense_client_3P_hardened");
589*f6217f89SApple OSS Distributions T_ASSERT_POSIX_ZERO(csops(getpid(), CS_OPS_STATUS, &my_csflags, sizeof(my_csflags)), NULL);
590*f6217f89SApple OSS Distributions
591*f6217f89SApple OSS Distributions /* TODO add some sysctl which disabled platform binary bit here */
592*f6217f89SApple OSS Distributions if ((my_csflags & CS_PLATFORM_BINARY) == thirdparty_hardened) {
593*f6217f89SApple OSS Distributions printf("platform binary does not match expected\n");
594*f6217f89SApple OSS Distributions return -1;
595*f6217f89SApple OSS Distributions }
596*f6217f89SApple OSS Distributions
597*f6217f89SApple OSS Distributions
598*f6217f89SApple OSS Distributions void (*tests[MAX_TEST_NUM])(void) = {
599*f6217f89SApple OSS Distributions test_immovable_receive_right, /* 0 */
600*f6217f89SApple OSS Distributions test_using_send_right, /* 1 */
601*f6217f89SApple OSS Distributions test_move_send_right, /* 2 */
602*f6217f89SApple OSS Distributions test_make_send_once_right, /* 3 */
603*f6217f89SApple OSS Distributions NULL, /* 4 */
604*f6217f89SApple OSS Distributions test_unentitled_thread_set_exception_ports, /* 5 */
605*f6217f89SApple OSS Distributions test_unentitled_thread_set_state, /* 6 */
606*f6217f89SApple OSS Distributions unentitled_set_exception_ports_pass,
607*f6217f89SApple OSS Distributions exception_ports_crash, /* 8 */
608*f6217f89SApple OSS Distributions kobject_reply_port_defense, /* 9 */
609*f6217f89SApple OSS Distributions test_alloc_weak_reply_port, /* 10 */
610*f6217f89SApple OSS Distributions test_move_service_port, /* 11 */
611*f6217f89SApple OSS Distributions test_mktimer_notification_policy, /* 12 */
612*f6217f89SApple OSS Distributions test_reply_port_port_destroyed_notification_policy, /* 13 */
613*f6217f89SApple OSS Distributions test_reply_port_no_senders_notification_policy, /* 14 */
614*f6217f89SApple OSS Distributions test_reply_port_insert_right_disallowed, /* 15 */
615*f6217f89SApple OSS Distributions test_mach_task_self_send_movability, /* 16 */
616*f6217f89SApple OSS Distributions test_task_self_movable_send, /* 17 */
617*f6217f89SApple OSS Distributions test_move_newly_constructed_port_immovable_send, /* 18 */
618*f6217f89SApple OSS Distributions test_move_special_reply_port, /* 19 */
619*f6217f89SApple OSS Distributions test_reply_port_header_disposition, /* 20 */
620*f6217f89SApple OSS Distributions test_service_port_as_exception_port, /* 21 */
621*f6217f89SApple OSS Distributions };
622*f6217f89SApple OSS Distributions
623*f6217f89SApple OSS Distributions if (argc < 2) {
624*f6217f89SApple OSS Distributions printf("[reply_port_defense_client]: Specify a test to run.");
625*f6217f89SApple OSS Distributions exit(-1);
626*f6217f89SApple OSS Distributions }
627*f6217f89SApple OSS Distributions
628*f6217f89SApple OSS Distributions int test_num = atoi(argv[1]);
629*f6217f89SApple OSS Distributions printf("[reply_port_defense_client]: My Pid: %d Test num: %d third_party_hardened: %s\n",
630*f6217f89SApple OSS Distributions getpid(), test_num, thirdparty_hardened ? "yes" : "no");
631*f6217f89SApple OSS Distributions fflush(stdout);
632*f6217f89SApple OSS Distributions if (test_num >= 0 && test_num < MAX_TEST_NUM) {
633*f6217f89SApple OSS Distributions (*tests[test_num])();
634*f6217f89SApple OSS Distributions } else {
635*f6217f89SApple OSS Distributions printf("[reply_port_defense_client]: Invalid test num. Exiting...\n");
636*f6217f89SApple OSS Distributions exit(-1);
637*f6217f89SApple OSS Distributions }
638*f6217f89SApple OSS Distributions printf("Child exiting cleanly!!\n");
639*f6217f89SApple OSS Distributions fflush(stdout);
640*f6217f89SApple OSS Distributions // return 0;
641*f6217f89SApple OSS Distributions exit(0);
642*f6217f89SApple OSS Distributions }
643