1 /*
2 * Copyright (c) 2024 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #include <darwintest.h>
30 #include <assert.h>
31 #include <unistd.h>
32 #include <stdbool.h>
33 #include <string.h>
34 #include <stdlib.h>
35
36 #include "arm_mte_utilities.h"
37
38 /*
39 * The goal of this helper is to help ensure that MTE enablement
40 * rules work correctly in face of entitlements and spawn policies.
41 * We build several copies of this same file, one for each case that we
42 * currently support w.r.t. the hardened-process entitlement and the AMFI opt-out
43 * list.
44 */
45 int
main(int argc,char ** argv)46 main(int argc, char **argv)
47 {
48 /* Let's start by validating our own state. */
49 bool should_expect_mte = (strcmp(argv[1], "YES") == 0);
50 assert(validate_proc_pidinfo_mte_status(getpid(), should_expect_mte));
51
52 /* Extract the operation we are supposed to perform. */
53 int test_to_perform = (int)argv[2][0];
54
55 /* If we are the last process in the tree, just bail out. */
56 if (test_to_perform == MTE_ENABLEMENT_TEST_DONE) {
57 return 0;
58 }
59 /* We need to execute again, argv[3] contains the expectation. */
60 char *next_test_should_expect_mte = argv[3];
61
62 char *next_test_path;
63
64 switch (test_to_perform) {
65 case MTE_ENABLEMENT_TEST_HARDENED_PROCESS:
66 next_test_path = SPAWN_HELPER_WITH_ENTITLEMENT;
67 break;
68 case MTE_ENABLEMENT_TEST_VANILLA_PROCESS:
69 next_test_path = SPAWN_HELPER_WITHOUT_ENTITLEMENT;
70 break;
71 case MTE_ENABLEMENT_TEST_OPTED_OUT_PROCESS:
72 next_test_path = HARDENED_PROCESS_TOP_LEVEL_ONLY_AND_IN_AMFI_MTE_OPT_OUT_HELPER;
73 break;
74 default:
75 T_FAIL("Unexpected MTE enablement operation passed");
76 return 1;
77 }
78
79 /* We never recurse more than once as a two level dependency already exercises all our paths. */
80 char *next_test_to_perform = MTE_ENABLEMENT_TEST_DONE_STR;
81
82 /* Create the next set of arguments. */
83 char *next_test_argv[] = {
84 next_test_path,
85 next_test_should_expect_mte,
86 next_test_to_perform,
87 NULL, /* Change this if we ever need to recurse more than once. */
88 };
89
90 /*
91 * Rules are identical for both fork()/exec() and posix_spawn() with no extra flags.
92 */
93 T_ASSERT_TRUE(fork_and_exec_new_process(next_test_argv), "fork/exec matches expectations");
94 T_ASSERT_TRUE(posix_spawn_then_perform_action_from_process(next_test_argv, MTE_SPAWN_USE_VANILLA, 0), "posix_spawn matches expectations");
95
96 return 0;
97 }
98