1*bbb1b6f9SApple OSS Distributions #include <errno.h>
2*bbb1b6f9SApple OSS Distributions #include <stdlib.h>
3*bbb1b6f9SApple OSS Distributions #include <libgen.h>
4*bbb1b6f9SApple OSS Distributions #include <limits.h>
5*bbb1b6f9SApple OSS Distributions #include <mach-o/dyld.h>
6*bbb1b6f9SApple OSS Distributions #include <sys/types.h>
7*bbb1b6f9SApple OSS Distributions #include <sys/sysctl.h>
8*bbb1b6f9SApple OSS Distributions #include <xlocale.h>
9*bbb1b6f9SApple OSS Distributions
10*bbb1b6f9SApple OSS Distributions #include <darwintest.h>
11*bbb1b6f9SApple OSS Distributions #include <darwintest_utils.h>
12*bbb1b6f9SApple OSS Distributions
13*bbb1b6f9SApple OSS Distributions #include "drop_priv.h"
14*bbb1b6f9SApple OSS Distributions #include "test_utils.h"
15*bbb1b6f9SApple OSS Distributions
16*bbb1b6f9SApple OSS Distributions #if ENTITLED
17*bbb1b6f9SApple OSS Distributions #define SET_TREATMENT_ID set_treatment_id_entitled
18*bbb1b6f9SApple OSS Distributions #define SET_TREATMENT_ID_DESCR "Can set treatment id with entitlement"
19*bbb1b6f9SApple OSS Distributions #else /* ENTITLED */
20*bbb1b6f9SApple OSS Distributions #define SET_TREATMENT_ID set_treatment_id_unentitled
21*bbb1b6f9SApple OSS Distributions #define SET_TREATMENT_ID_DESCR "Can't set treatment id without entitlement"
22*bbb1b6f9SApple OSS Distributions #endif /* ENTITLED */
23*bbb1b6f9SApple OSS Distributions
24*bbb1b6f9SApple OSS Distributions T_DECL(SET_TREATMENT_ID, "Verifies that EXPERIMENT sysctls can only be set with the entitlement", T_META_ASROOT(false))
25*bbb1b6f9SApple OSS Distributions {
26*bbb1b6f9SApple OSS Distributions #define TEST_STR "testing"
27*bbb1b6f9SApple OSS Distributions #define IDENTIFIER_LENGTH 36
28*bbb1b6f9SApple OSS Distributions
29*bbb1b6f9SApple OSS Distributions int ret;
30*bbb1b6f9SApple OSS Distributions errno_t err;
31*bbb1b6f9SApple OSS Distributions char val[IDENTIFIER_LENGTH + 1] = {0};
32*bbb1b6f9SApple OSS Distributions size_t len = sizeof(val);
33*bbb1b6f9SApple OSS Distributions char new_val[IDENTIFIER_LENGTH + 1] = {0};
34*bbb1b6f9SApple OSS Distributions
35*bbb1b6f9SApple OSS Distributions if (!is_development_kernel()) {
36*bbb1b6f9SApple OSS Distributions T_SKIP("skipping test on release kernel");
37*bbb1b6f9SApple OSS Distributions }
38*bbb1b6f9SApple OSS Distributions
39*bbb1b6f9SApple OSS Distributions strlcpy(new_val, TEST_STR, sizeof(new_val));
40*bbb1b6f9SApple OSS Distributions if (running_as_root()) {
41*bbb1b6f9SApple OSS Distributions drop_priv();
42*bbb1b6f9SApple OSS Distributions }
43*bbb1b6f9SApple OSS Distributions
44*bbb1b6f9SApple OSS Distributions ret = sysctlbyname("kern.trial_treatment_id", val, &len, new_val, strlen(new_val));
45*bbb1b6f9SApple OSS Distributions err = errno;
46*bbb1b6f9SApple OSS Distributions #if ENTITLED
47*bbb1b6f9SApple OSS Distributions len = sizeof(val);
48*bbb1b6f9SApple OSS Distributions memset(new_val, 0, sizeof(new_val));
49*bbb1b6f9SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(ret, "set kern.trial_treatment_id");
50*bbb1b6f9SApple OSS Distributions /* Cleanup. Set it back to the empty string. */
51*bbb1b6f9SApple OSS Distributions ret = sysctlbyname("kern.trial_treatment_id", val, &len, new_val, 1);
52*bbb1b6f9SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "reset kern.trial_treatment_id");
53*bbb1b6f9SApple OSS Distributions #else
54*bbb1b6f9SApple OSS Distributions T_ASSERT_POSIX_FAILURE(ret, EPERM, "set kern.trial_treatment_id");
55*bbb1b6f9SApple OSS Distributions #endif /* ENTITLED */
56*bbb1b6f9SApple OSS Distributions }
57*bbb1b6f9SApple OSS Distributions
58*bbb1b6f9SApple OSS Distributions #if ENTITLED
59*bbb1b6f9SApple OSS Distributions /* Check min and max value limits on numeric factors */
60*bbb1b6f9SApple OSS Distributions T_DECL(experiment_factor_numeric_limits,
61*bbb1b6f9SApple OSS Distributions "Can only set factors within the legal range.",
62*bbb1b6f9SApple OSS Distributions T_META_ASROOT(false))
63*bbb1b6f9SApple OSS Distributions {
64*bbb1b6f9SApple OSS Distributions #define kMinVal 5 /* The min value allowed for the testing factor. */
65*bbb1b6f9SApple OSS Distributions #define kMaxVal 10 /* The max value allowed for the testing factor. */
66*bbb1b6f9SApple OSS Distributions errno_t err;
67*bbb1b6f9SApple OSS Distributions int ret;
68*bbb1b6f9SApple OSS Distributions unsigned int current_val;
69*bbb1b6f9SApple OSS Distributions size_t len = sizeof(current_val);
70*bbb1b6f9SApple OSS Distributions unsigned int new_val;
71*bbb1b6f9SApple OSS Distributions
72*bbb1b6f9SApple OSS Distributions if (running_as_root()) {
73*bbb1b6f9SApple OSS Distributions drop_priv();
74*bbb1b6f9SApple OSS Distributions }
75*bbb1b6f9SApple OSS Distributions new_val = kMinVal - 1;
76*bbb1b6f9SApple OSS Distributions ret = sysctlbyname("kern.testing_experiment_factor", ¤t_val, &len, &new_val, sizeof(new_val));
77*bbb1b6f9SApple OSS Distributions err = errno;
78*bbb1b6f9SApple OSS Distributions T_ASSERT_POSIX_FAILURE(ret, EINVAL, "set kern.testing_experiment_factor below range.");
79*bbb1b6f9SApple OSS Distributions
80*bbb1b6f9SApple OSS Distributions new_val = kMaxVal + 1;
81*bbb1b6f9SApple OSS Distributions ret = sysctlbyname("kern.testing_experiment_factor", ¤t_val, &len, &new_val, sizeof(new_val));
82*bbb1b6f9SApple OSS Distributions err = errno;
83*bbb1b6f9SApple OSS Distributions T_ASSERT_POSIX_FAILURE(ret, EINVAL, "set kern.testing_experiment_factor above range.");
84*bbb1b6f9SApple OSS Distributions
85*bbb1b6f9SApple OSS Distributions new_val = kMaxVal;
86*bbb1b6f9SApple OSS Distributions ret = sysctlbyname("kern.testing_experiment_factor", ¤t_val, &len, &new_val, sizeof(new_val));
87*bbb1b6f9SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(ret, "set kern.testing_experiment_factor at top of range.");
88*bbb1b6f9SApple OSS Distributions
89*bbb1b6f9SApple OSS Distributions new_val = kMinVal;
90*bbb1b6f9SApple OSS Distributions ret = sysctlbyname("kern.testing_experiment_factor", ¤t_val, &len, &new_val, sizeof(new_val));
91*bbb1b6f9SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(ret, "set kern.testing_experiment_factor at bottom of range.");
92*bbb1b6f9SApple OSS Distributions }
93*bbb1b6f9SApple OSS Distributions
94*bbb1b6f9SApple OSS Distributions static uint64_t original_libmalloc_experiment_value = 0;
95*bbb1b6f9SApple OSS Distributions
96*bbb1b6f9SApple OSS Distributions static void
reset_libmalloc_experiment(void)97*bbb1b6f9SApple OSS Distributions reset_libmalloc_experiment(void)
98*bbb1b6f9SApple OSS Distributions {
99*bbb1b6f9SApple OSS Distributions int ret = sysctlbyname("kern.libmalloc_experiments", NULL, NULL, &original_libmalloc_experiment_value, sizeof(original_libmalloc_experiment_value));
100*bbb1b6f9SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(ret, "reset kern.libmalloc_experiments");
101*bbb1b6f9SApple OSS Distributions }
102*bbb1b6f9SApple OSS Distributions
103*bbb1b6f9SApple OSS Distributions static void
set_libmalloc_experiment(uint64_t val)104*bbb1b6f9SApple OSS Distributions set_libmalloc_experiment(uint64_t val)
105*bbb1b6f9SApple OSS Distributions {
106*bbb1b6f9SApple OSS Distributions T_LOG("Setting kern.libmalloc_experiments to %llu", val);
107*bbb1b6f9SApple OSS Distributions size_t len = sizeof(original_libmalloc_experiment_value);
108*bbb1b6f9SApple OSS Distributions int ret = sysctlbyname("kern.libmalloc_experiments", &original_libmalloc_experiment_value, &len, &val, sizeof(val));
109*bbb1b6f9SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(ret, "set kern.libmalloc_experiments");
110*bbb1b6f9SApple OSS Distributions T_ATEND(reset_libmalloc_experiment);
111*bbb1b6f9SApple OSS Distributions }
112*bbb1b6f9SApple OSS Distributions
113*bbb1b6f9SApple OSS Distributions #define PRINT_APPLE_ARRAY_TOOL "tools/print_apple_array"
114*bbb1b6f9SApple OSS Distributions /*
115*bbb1b6f9SApple OSS Distributions * Spawns a new binary and returns the contents of its apple array
116*bbb1b6f9SApple OSS Distributions * (after libsystem initialization).
117*bbb1b6f9SApple OSS Distributions */
118*bbb1b6f9SApple OSS Distributions static char **
get_apple_array(size_t * num_array_entries,const char * filename)119*bbb1b6f9SApple OSS Distributions get_apple_array(size_t *num_array_entries, const char * filename)
120*bbb1b6f9SApple OSS Distributions {
121*bbb1b6f9SApple OSS Distributions if (filename == NULL) {
122*bbb1b6f9SApple OSS Distributions filename = PRINT_APPLE_ARRAY_TOOL;
123*bbb1b6f9SApple OSS Distributions }
124*bbb1b6f9SApple OSS Distributions int ret;
125*bbb1b6f9SApple OSS Distributions char stdout_path[MAXPATHLEN] = "apple_array.txt";
126*bbb1b6f9SApple OSS Distributions dt_resultfile(stdout_path, MAXPATHLEN);
127*bbb1b6f9SApple OSS Distributions int exit_status = 0, signum = 0;
128*bbb1b6f9SApple OSS Distributions char binary_path[MAXPATHLEN], binary_dir[MAXPATHLEN];
129*bbb1b6f9SApple OSS Distributions char *char_ret;
130*bbb1b6f9SApple OSS Distributions const static size_t kMaxNumArguments = 256;
131*bbb1b6f9SApple OSS Distributions size_t linecap = 0;
132*bbb1b6f9SApple OSS Distributions ssize_t linelen = 0;
133*bbb1b6f9SApple OSS Distributions char **apple_array;
134*bbb1b6f9SApple OSS Distributions char **line = NULL;
135*bbb1b6f9SApple OSS Distributions size_t num_lines = 0;
136*bbb1b6f9SApple OSS Distributions FILE *stdout_f = NULL;
137*bbb1b6f9SApple OSS Distributions uint32_t name_size = MAXPATHLEN;
138*bbb1b6f9SApple OSS Distributions
139*bbb1b6f9SApple OSS Distributions ret = _NSGetExecutablePath(binary_path, &name_size);
140*bbb1b6f9SApple OSS Distributions T_QUIET; T_ASSERT_EQ(ret, 0, "_NSGetExecutablePath");
141*bbb1b6f9SApple OSS Distributions char_ret = dirname_r(binary_path, binary_dir);
142*bbb1b6f9SApple OSS Distributions T_QUIET; T_ASSERT_TRUE(char_ret != NULL, "dirname_r");
143*bbb1b6f9SApple OSS Distributions snprintf(binary_path, MAXPATHLEN, "%s/%s", binary_dir, filename);
144*bbb1b6f9SApple OSS Distributions
145*bbb1b6f9SApple OSS Distributions char *launch_tool_args[] = {
146*bbb1b6f9SApple OSS Distributions binary_path,
147*bbb1b6f9SApple OSS Distributions NULL
148*bbb1b6f9SApple OSS Distributions };
149*bbb1b6f9SApple OSS Distributions pid_t child_pid;
150*bbb1b6f9SApple OSS Distributions ret = dt_launch_tool(&child_pid, launch_tool_args, false, stdout_path, NULL);
151*bbb1b6f9SApple OSS Distributions T_WITH_ERRNO; T_ASSERT_EQ(ret, 0, "dt_launch_tool: %s", binary_path);
152*bbb1b6f9SApple OSS Distributions
153*bbb1b6f9SApple OSS Distributions ret = dt_waitpid(child_pid, &exit_status, &signum, 60 * 5);
154*bbb1b6f9SApple OSS Distributions T_ASSERT_EQ(ret, 1, "dt_waitpid");
155*bbb1b6f9SApple OSS Distributions T_QUIET; T_ASSERT_EQ(exit_status, 0, "dt_waitpid: exit_status");
156*bbb1b6f9SApple OSS Distributions T_QUIET; T_ASSERT_EQ(signum, 0, "dt_waitpid: signum");
157*bbb1b6f9SApple OSS Distributions
158*bbb1b6f9SApple OSS Distributions stdout_f = fopen(stdout_path, "r");
159*bbb1b6f9SApple OSS Distributions T_WITH_ERRNO; T_ASSERT_NOTNULL(stdout_f, "open(%s)", stdout_path);
160*bbb1b6f9SApple OSS Distributions apple_array = calloc(kMaxNumArguments, sizeof(char *));
161*bbb1b6f9SApple OSS Distributions T_QUIET; T_ASSERT_NOTNULL(apple_array, "calloc: %lu\n", sizeof(char *) * kMaxNumArguments);
162*bbb1b6f9SApple OSS Distributions while (num_lines < kMaxNumArguments) {
163*bbb1b6f9SApple OSS Distributions line = &(apple_array[num_lines++]);
164*bbb1b6f9SApple OSS Distributions linecap = 0;
165*bbb1b6f9SApple OSS Distributions linelen = getline(line, &linecap, stdout_f);
166*bbb1b6f9SApple OSS Distributions if (linelen == -1) {
167*bbb1b6f9SApple OSS Distributions break;
168*bbb1b6f9SApple OSS Distributions }
169*bbb1b6f9SApple OSS Distributions }
170*bbb1b6f9SApple OSS Distributions *num_array_entries = num_lines - 1;
171*bbb1b6f9SApple OSS Distributions
172*bbb1b6f9SApple OSS Distributions ret = fclose(stdout_f);
173*bbb1b6f9SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(ret, "fclose(%s)", stdout_path);
174*bbb1b6f9SApple OSS Distributions
175*bbb1b6f9SApple OSS Distributions return apple_array;
176*bbb1b6f9SApple OSS Distributions }
177*bbb1b6f9SApple OSS Distributions
178*bbb1b6f9SApple OSS Distributions #define LIBMALLOC_EXPERIMENT_FACTORS_KEY "MallocExperiment="
179*bbb1b6f9SApple OSS Distributions
180*bbb1b6f9SApple OSS Distributions #define HARDENED_RUNTIME_KEY "HardenedRuntime="
181*bbb1b6f9SApple OSS Distributions
182*bbb1b6f9SApple OSS Distributions #define SECURITY_CONFIG_KEY "security_config="
183*bbb1b6f9SApple OSS Distributions
184*bbb1b6f9SApple OSS Distributions
185*bbb1b6f9SApple OSS Distributions /*
186*bbb1b6f9SApple OSS Distributions * Get the value of the key in the apple array.
187*bbb1b6f9SApple OSS Distributions * Returns true iff the key is present.
188*bbb1b6f9SApple OSS Distributions */
189*bbb1b6f9SApple OSS Distributions static bool
get_apple_array_key(char ** apple_array,size_t num_array_entries,uint64_t * factors,const char * key)190*bbb1b6f9SApple OSS Distributions get_apple_array_key(char **apple_array, size_t num_array_entries, uint64_t *factors, const char *key)
191*bbb1b6f9SApple OSS Distributions {
192*bbb1b6f9SApple OSS Distributions bool found = false;
193*bbb1b6f9SApple OSS Distributions for (size_t i = 0; i < num_array_entries; i++) {
194*bbb1b6f9SApple OSS Distributions char *str = apple_array[i];
195*bbb1b6f9SApple OSS Distributions if (strstr(str, key)) {
196*bbb1b6f9SApple OSS Distributions found = true;
197*bbb1b6f9SApple OSS Distributions if (factors != NULL) {
198*bbb1b6f9SApple OSS Distributions str = strchr(str, '=');
199*bbb1b6f9SApple OSS Distributions T_ASSERT_NOTNULL(str, "skip over =");
200*bbb1b6f9SApple OSS Distributions ++str;
201*bbb1b6f9SApple OSS Distributions *factors = strtoull_l(str, NULL, 16, NULL);
202*bbb1b6f9SApple OSS Distributions }
203*bbb1b6f9SApple OSS Distributions break;
204*bbb1b6f9SApple OSS Distributions }
205*bbb1b6f9SApple OSS Distributions }
206*bbb1b6f9SApple OSS Distributions return found;
207*bbb1b6f9SApple OSS Distributions }
208*bbb1b6f9SApple OSS Distributions
209*bbb1b6f9SApple OSS Distributions /* libmalloc relies on these values not changing. If they change,
210*bbb1b6f9SApple OSS Distributions * you need to update the values in that project as well */
211*bbb1b6f9SApple OSS Distributions __options_decl(hardened_browser_flags_t, uint32_t, {
212*bbb1b6f9SApple OSS Distributions BrowserHostEntitlementMask = 0x01,
213*bbb1b6f9SApple OSS Distributions BrowserGPUEntitlementMask = 0x02,
214*bbb1b6f9SApple OSS Distributions BrowserNetworkEntitlementMask = 0x04,
215*bbb1b6f9SApple OSS Distributions BrowserWebContentEntitlementMask = 0x08,
216*bbb1b6f9SApple OSS Distributions });
217*bbb1b6f9SApple OSS Distributions
218*bbb1b6f9SApple OSS Distributions T_DECL(libmalloc_hardened_browser_present,
219*bbb1b6f9SApple OSS Distributions "platform restrictions binary flags show up in apple array",
220*bbb1b6f9SApple OSS Distributions T_META_ASROOT(false))
221*bbb1b6f9SApple OSS Distributions {
222*bbb1b6f9SApple OSS Distributions uint64_t apple_array_val = 0;
223*bbb1b6f9SApple OSS Distributions size_t num_array_entries = 0;
224*bbb1b6f9SApple OSS Distributions char **apple_array;
225*bbb1b6f9SApple OSS Distributions bool found = false;
226*bbb1b6f9SApple OSS Distributions
227*bbb1b6f9SApple OSS Distributions /* These are the entitlements on the HR1 binary */
228*bbb1b6f9SApple OSS Distributions uint32_t mask_val = BrowserHostEntitlementMask | BrowserGPUEntitlementMask | BrowserWebContentEntitlementMask;
229*bbb1b6f9SApple OSS Distributions apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_HR1");
230*bbb1b6f9SApple OSS Distributions found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, HARDENED_RUNTIME_KEY);
231*bbb1b6f9SApple OSS Distributions T_ASSERT_TRUE(found, "Found " HARDENED_RUNTIME_KEY " in apple array");
232*bbb1b6f9SApple OSS Distributions T_ASSERT_EQ(apple_array_val, mask_val, "Bitmask value matches");
233*bbb1b6f9SApple OSS Distributions free(apple_array);
234*bbb1b6f9SApple OSS Distributions
235*bbb1b6f9SApple OSS Distributions /* These are the entitlements on the HR2 binary */
236*bbb1b6f9SApple OSS Distributions mask_val = BrowserGPUEntitlementMask | BrowserNetworkEntitlementMask;
237*bbb1b6f9SApple OSS Distributions apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_HR2");
238*bbb1b6f9SApple OSS Distributions found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, HARDENED_RUNTIME_KEY);
239*bbb1b6f9SApple OSS Distributions T_ASSERT_TRUE(found, "Found " HARDENED_RUNTIME_KEY " in apple array");
240*bbb1b6f9SApple OSS Distributions T_ASSERT_EQ(apple_array_val, mask_val, "Bitmask value matches");
241*bbb1b6f9SApple OSS Distributions free(apple_array);
242*bbb1b6f9SApple OSS Distributions }
243*bbb1b6f9SApple OSS Distributions
244*bbb1b6f9SApple OSS Distributions #define SECURITY_CONFIG_HARDENED_HEAP_ENTRY (0x01)
245*bbb1b6f9SApple OSS Distributions #define SECURITY_CONFIG_TPRO_ENTRY (0x02)
246*bbb1b6f9SApple OSS Distributions
247*bbb1b6f9SApple OSS Distributions T_DECL(libmalloc_security_config_hardened_heap_entitlements,
248*bbb1b6f9SApple OSS Distributions "parse security_config values to verify security configs hardened_heap enablement/disablement",
249*bbb1b6f9SApple OSS Distributions T_META_ASROOT(false))
250*bbb1b6f9SApple OSS Distributions {
251*bbb1b6f9SApple OSS Distributions uint64_t apple_array_val = 0;
252*bbb1b6f9SApple OSS Distributions size_t num_array_entries = 0;
253*bbb1b6f9SApple OSS Distributions char **apple_array;
254*bbb1b6f9SApple OSS Distributions bool found = false;
255*bbb1b6f9SApple OSS Distributions
256*bbb1b6f9SApple OSS Distributions apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_hardened_proc");
257*bbb1b6f9SApple OSS Distributions found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, SECURITY_CONFIG_KEY);
258*bbb1b6f9SApple OSS Distributions T_ASSERT_TRUE(found, "Found " SECURITY_CONFIG_KEY " in apple array");
259*bbb1b6f9SApple OSS Distributions
260*bbb1b6f9SApple OSS Distributions /* Let's start parsing the security config, to see what's enabled. */
261*bbb1b6f9SApple OSS Distributions T_EXPECT_FALSE(apple_array_val & SECURITY_CONFIG_HARDENED_HEAP_ENTRY, "Hardened-heap is disabled");
262*bbb1b6f9SApple OSS Distributions free(apple_array);
263*bbb1b6f9SApple OSS Distributions
264*bbb1b6f9SApple OSS Distributions apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_hardened_heap");
265*bbb1b6f9SApple OSS Distributions found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, SECURITY_CONFIG_KEY);
266*bbb1b6f9SApple OSS Distributions T_ASSERT_TRUE(found, "Found " SECURITY_CONFIG_KEY " in apple array");
267*bbb1b6f9SApple OSS Distributions
268*bbb1b6f9SApple OSS Distributions T_EXPECT_TRUE(apple_array_val & SECURITY_CONFIG_HARDENED_HEAP_ENTRY, "Hardened-heap is enabled");
269*bbb1b6f9SApple OSS Distributions free(apple_array);
270*bbb1b6f9SApple OSS Distributions
271*bbb1b6f9SApple OSS Distributions /* Verify that the same config is mirrored with the com.apple.security namespace */
272*bbb1b6f9SApple OSS Distributions apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_hardened_heap_security");
273*bbb1b6f9SApple OSS Distributions found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, SECURITY_CONFIG_KEY);
274*bbb1b6f9SApple OSS Distributions T_ASSERT_TRUE(found, "Found " SECURITY_CONFIG_KEY " in apple array");
275*bbb1b6f9SApple OSS Distributions
276*bbb1b6f9SApple OSS Distributions T_EXPECT_TRUE(apple_array_val & SECURITY_CONFIG_HARDENED_HEAP_ENTRY, "Hardened-heap is enabled");
277*bbb1b6f9SApple OSS Distributions free(apple_array);
278*bbb1b6f9SApple OSS Distributions }
279*bbb1b6f9SApple OSS Distributions
280*bbb1b6f9SApple OSS Distributions
281*bbb1b6f9SApple OSS Distributions T_DECL(libmalloc_hardened_browser_absent,
282*bbb1b6f9SApple OSS Distributions "platform restrictions binary flags do not show up in apple array for normal third party processes",
283*bbb1b6f9SApple OSS Distributions T_META_ASROOT(false))
284*bbb1b6f9SApple OSS Distributions {
285*bbb1b6f9SApple OSS Distributions uint64_t new_val, apple_array_val = 0;
286*bbb1b6f9SApple OSS Distributions size_t num_array_entries = 0;
287*bbb1b6f9SApple OSS Distributions char **apple_array;
288*bbb1b6f9SApple OSS Distributions bool found = false;
289*bbb1b6f9SApple OSS Distributions apple_array = get_apple_array(&num_array_entries, NULL); // todo apple_array_3p?
290*bbb1b6f9SApple OSS Distributions found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, HARDENED_RUNTIME_KEY);
291*bbb1b6f9SApple OSS Distributions T_ASSERT_TRUE(!found, "Did not find " HARDENED_RUNTIME_KEY " in apple array");
292*bbb1b6f9SApple OSS Distributions free(apple_array);
293*bbb1b6f9SApple OSS Distributions }
294*bbb1b6f9SApple OSS Distributions
295*bbb1b6f9SApple OSS Distributions T_DECL(libmalloc_experiment,
296*bbb1b6f9SApple OSS Distributions "libmalloc experiment flags show up in apple array if we're doing an experiment",
297*bbb1b6f9SApple OSS Distributions T_META_ASROOT(false))
298*bbb1b6f9SApple OSS Distributions {
299*bbb1b6f9SApple OSS Distributions uint64_t new_val, apple_array_val = 0;
300*bbb1b6f9SApple OSS Distributions size_t num_array_entries = 0;
301*bbb1b6f9SApple OSS Distributions char **apple_array;
302*bbb1b6f9SApple OSS Distributions bool found = false;
303*bbb1b6f9SApple OSS Distributions
304*bbb1b6f9SApple OSS Distributions if (running_as_root()) {
305*bbb1b6f9SApple OSS Distributions drop_priv();
306*bbb1b6f9SApple OSS Distributions }
307*bbb1b6f9SApple OSS Distributions new_val = (1ULL << 63) - 1;
308*bbb1b6f9SApple OSS Distributions set_libmalloc_experiment(new_val);
309*bbb1b6f9SApple OSS Distributions
310*bbb1b6f9SApple OSS Distributions apple_array = get_apple_array(&num_array_entries, NULL);
311*bbb1b6f9SApple OSS Distributions found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, LIBMALLOC_EXPERIMENT_FACTORS_KEY);
312*bbb1b6f9SApple OSS Distributions T_ASSERT_TRUE(found, "Found " LIBMALLOC_EXPERIMENT_FACTORS_KEY " in apple array");
313*bbb1b6f9SApple OSS Distributions T_ASSERT_EQ(apple_array_val, new_val, "Experiment value matches");
314*bbb1b6f9SApple OSS Distributions free(apple_array);
315*bbb1b6f9SApple OSS Distributions }
316*bbb1b6f9SApple OSS Distributions
317*bbb1b6f9SApple OSS Distributions T_DECL(libmalloc_experiment_not_in_array,
318*bbb1b6f9SApple OSS Distributions "libmalloc experiment flags do not show up in apple array if we're not doing an experiment",
319*bbb1b6f9SApple OSS Distributions T_META_ASROOT(false))
320*bbb1b6f9SApple OSS Distributions {
321*bbb1b6f9SApple OSS Distributions size_t num_array_entries = 0;
322*bbb1b6f9SApple OSS Distributions char **apple_array;
323*bbb1b6f9SApple OSS Distributions bool found = false;
324*bbb1b6f9SApple OSS Distributions
325*bbb1b6f9SApple OSS Distributions if (running_as_root()) {
326*bbb1b6f9SApple OSS Distributions drop_priv();
327*bbb1b6f9SApple OSS Distributions }
328*bbb1b6f9SApple OSS Distributions set_libmalloc_experiment(0);
329*bbb1b6f9SApple OSS Distributions
330*bbb1b6f9SApple OSS Distributions apple_array = get_apple_array(&num_array_entries, NULL);
331*bbb1b6f9SApple OSS Distributions found = get_apple_array_key(apple_array, num_array_entries, NULL, LIBMALLOC_EXPERIMENT_FACTORS_KEY);
332*bbb1b6f9SApple OSS Distributions T_ASSERT_TRUE(!found, "Did not find " LIBMALLOC_EXPERIMENT_FACTORS_KEY " in apple array");
333*bbb1b6f9SApple OSS Distributions free(apple_array);
334*bbb1b6f9SApple OSS Distributions }
335*bbb1b6f9SApple OSS Distributions #endif /* ENTITLED */
336