libmalloc_apple_array.c diff - tests/libmalloc_apple_array.c - Xnu source code xnu-12377.121.6

tests/libmalloc_apple_array.c xnu-12377.121.6 ⇄ xnu-11417.101.15
--- xnu/xnu-12377.121.6/tests/libmalloc_apple_array.c
+++ xnu/xnu-11417.101.15/tests/libmalloc_apple_array.c
@@ -179,7 +179,7 @@
 
 #define HARDENED_RUNTIME_KEY "HardenedRuntime="
 
-#define SECURITY_CONFIG_KEY "security_config="
+#define HARDENED_HEAP_KEY "hardened_heap="
 
 
 /*
@@ -208,15 +208,15 @@
 
 /* libmalloc relies on these values not changing. If they change,
  * you need to update the values in that project as well */
-__options_decl(hardened_browser_flags_t, uint32_t, {
+__options_decl(HR_flags_t, uint32_t, {
 	BrowserHostEntitlementMask       = 0x01,
 	BrowserGPUEntitlementMask        = 0x02,
 	BrowserNetworkEntitlementMask    = 0x04,
 	BrowserWebContentEntitlementMask = 0x08,
 });
 
-T_DECL(libmalloc_hardened_browser_present,
-    "platform restrictions binary flags show up in apple array",
+T_DECL(libmalloc_hardened_binary_present,
+    "hardened binary flags show up in apple array",
     T_META_ASROOT(false))
 {
 	uint64_t apple_array_val = 0;
@@ -241,11 +241,8 @@
 	free(apple_array);
 }
 
-#define SECURITY_CONFIG_HARDENED_HEAP_ENTRY        (0x01)
-#define SECURITY_CONFIG_TPRO_ENTRY                 (0x02)
-
-T_DECL(libmalloc_security_config_hardened_heap_entitlements,
-    "parse security_config values to verify security configs hardened_heap enablement/disablement",
+T_DECL(libmalloc_hardened_heap_entitlements,
+    "hardened heap enablement via hardened process and hardened heap entitlements",
     T_META_ASROOT(false))
 {
 	uint64_t apple_array_val = 0;
@@ -253,33 +250,33 @@
 	char **apple_array;
 	bool found = false;
 
+	uint32_t mask_val = 1;
 	apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_hardened_proc");
-	found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, SECURITY_CONFIG_KEY);
-	T_ASSERT_TRUE(found, "Found " SECURITY_CONFIG_KEY " in apple array");
-
-	/* Let's start parsing the security config, to see what's enabled. */
-	T_EXPECT_FALSE(apple_array_val & SECURITY_CONFIG_HARDENED_HEAP_ENTRY, "Hardened-heap is disabled");
+	found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, HARDENED_HEAP_KEY);
+	T_ASSERT_FALSE(found, "Didn't find " HARDENED_HEAP_KEY " in apple array");
+	free(apple_array);
+
+	apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_hardened_heap_disable");
+	found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, HARDENED_HEAP_KEY);
+	T_ASSERT_FALSE(found, "Didn't find " HARDENED_HEAP_KEY " in apple array");
 	free(apple_array);
 
 	apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_hardened_heap");
-	found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, SECURITY_CONFIG_KEY);
-	T_ASSERT_TRUE(found, "Found " SECURITY_CONFIG_KEY " in apple array");
-
-	T_EXPECT_TRUE(apple_array_val & SECURITY_CONFIG_HARDENED_HEAP_ENTRY, "Hardened-heap is enabled");
-	free(apple_array);
-
-	/* Verify that the same config is mirrored with the com.apple.security namespace */
-	apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_hardened_heap_security");
-	found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, SECURITY_CONFIG_KEY);
-	T_ASSERT_TRUE(found, "Found " SECURITY_CONFIG_KEY " in apple array");
-
-	T_EXPECT_TRUE(apple_array_val & SECURITY_CONFIG_HARDENED_HEAP_ENTRY, "Hardened-heap is enabled");
-	free(apple_array);
-}
-
-
-T_DECL(libmalloc_hardened_browser_absent,
-    "platform restrictions binary flags do not show up in apple array for normal third party processes",
+	found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, HARDENED_HEAP_KEY);
+	T_ASSERT_TRUE(found, "Found " HARDENED_HEAP_KEY " in apple array");
+	T_ASSERT_EQ(apple_array_val, mask_val, "Bitmask value matches");
+	free(apple_array);
+
+	apple_array = get_apple_array(&num_array_entries, "tools/print_apple_array_hardened_proc_all_subfeatures");
+	found = get_apple_array_key(apple_array, num_array_entries, &apple_array_val, HARDENED_HEAP_KEY);
+	T_ASSERT_TRUE(found, "Found " HARDENED_HEAP_KEY " in apple array");
+	T_ASSERT_EQ(apple_array_val, mask_val, "Bitmask value matches");
+	free(apple_array);
+}
+
+
+T_DECL(libmalloc_hardened_binary_absent,
+    "hardened binary flags do not show up in apple array for normal third party processes",
     T_META_ASROOT(false))
 {
 	uint64_t new_val, apple_array_val = 0;