Open Menu / tests / sr_entitlement.c
Loading...
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
#include <stdlib.h>
#include <unistd.h>
#include <sys/sysctl.h>

#include <darwintest.h>
#include <darwintest_utils.h>

T_GLOBAL_META(T_META_RUN_CONCURRENTLY(false));

static int after_regions = 0;

/*
 * No system(3c) on watchOS, so provide our own.
 */
static int
my_system(const char *command)
{
	pid_t pid;
	int status = 0;
	const char *argv[] = {
		"/bin/sh",
		"-c",
		command,
		NULL
	};

	if (dt_launch_tool(&pid, (char **)(void *)argv, FALSE, NULL, NULL)) {
		return -1;
	}
	sleep(2); /* let the child start running */

	size_t size = sizeof(after_regions);
	int ret = sysctlbyname("vm.shared_region_pager_count", &after_regions, &size, NULL, 0);
	T_QUIET; T_EXPECT_POSIX_SUCCESS(ret, "get shared_region_pager_count after");

	if (!dt_waitpid(pid, &status, NULL, 30)) {
		if (status != 0) {
			return status;
		}
		return -1;
	}
	return status;
}

/*
 * If shared regions by entitlement was not originally active, turn it back off.
 */
static int orig_setting = 0;
static void
cleanup(void)
{
	int ret;
	int off = 0;
	size_t size_off = sizeof(off);

	if (orig_setting == 0) {
		ret = sysctlbyname("vm.vm_shared_region_by_entitlement", NULL, NULL, &off, size_off);
		T_QUIET; T_EXPECT_POSIX_SUCCESS(ret, "turning sysctl back off");
	}
}

/*
 * This test:
 * - looks at the number of shared region pagers,
 * - launches a helper app that has entitlement for unique signing
 * - gets the number of shared region pagers again.
 * It expects to see additional shared region pager(s) to exist.
 *
 */
T_DECL(sr_entitlement, "shared region by entitlement test")
{
	int ret;
	size_t size;
	int before_regions = 0;
	int on = 1;
	size_t size_on = sizeof(on);

#if !__arm64e__
	T_SKIP("No pointer authentication support");
#endif

	/*
	 * Check if the sysctl vm_shared_region_by_entitlement exists and if so make
	 * sure it is set.
	 */
	size = sizeof(orig_setting);
	ret = sysctlbyname("vm.vm_shared_region_by_entitlement", &orig_setting, &size, &on, size_on);
	if (ret != 0) {
		T_SKIP("No pointer authentication support");
	}

	T_ATEND(cleanup);

	size = sizeof(before_regions);
	ret = sysctlbyname("vm.shared_region_pager_count", &before_regions, &size, NULL, 0);
	T_QUIET; T_EXPECT_POSIX_SUCCESS(ret, "get shared_region_pager_count before");
	T_QUIET; T_EXPECT_GE_INT(before_regions, 1, "invalid before number of regions");

	ret = my_system("./sr_entitlement_helper");
	if (ret != 0) {
		T_ASSERT_FAIL("Couldn't run helper first time ret = %d", ret);
	}

	T_EXPECT_GT_INT(after_regions, before_regions, "expected additional SR pagers after running helper");
}