--- /dev/null
+/*
+ * Copyright (c) 2016 Apple Computer, Inc. All rights reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/sysctl.h>
+#include <sys/types.h>
+#include <dispatch/dispatch.h>
+#include <xpc/xpc.h>
+#include <xpc/private.h>
+#include <System/sys/csr.h>
+#include <System/machine/cpu_capabilities.h>
+
+#include <os/assumes.h>
+#include <os/variant_private.h>
+
+enum variant_property {
+ VP_ALL = 0,
+ VP_CONTENT,
+ VP_DIAGNOSTICS,
+ VP_UI,
+ VP_SECURITY,
+ VP_MAX
+};
+
+enum check_status {
+ S_UNKNOWN = 0,
+ S_NO = 2,
+ S_YES = 3
+};
+
+static bool
+status2bool(enum check_status status) {
+ switch (status) {
+ case S_NO:
+ return false;
+ case S_YES:
+ return true;
+ default:
+ os_crash("os_variant had unexpected status");
+ }
+}
+
+#define VAR_FILE_LEGACY "/var/db/disableAppleInternal"
+
+#if TARGET_OS_OSX
+#define VAR_FILE_OVERRIDE "/var/db/os_variant_override"
+#else
+#define VAR_FILE_OVERRIDE "/usr/share/misc/os_variant_override"
+#endif
+
+#if !TARGET_OS_SIMULATOR
+#define INTERNAL_CONTENT_PATH "/System/Library/CoreServices/AppleInternalVariant.plist"
+#else
+#define INTERNAL_CONTENT_PATH "/AppleInternal"
+#endif
+
+#define SYSTEM_VERSION_PLIST_PATH "/System/Library/CoreServices/SystemVersion.plist"
+#define SYSTEM_VERSION_PLIST_KEY "ReleaseType"
+
+#if TARGET_OS_IPHONE
+#define INTERNAL_SETTINGS_PATH "/AppleInternal/Library/PreferenceBundles/Internal Settings.bundle"
+#else
+#define INTERNAL_DIAGS_PROFILE_PATH "/var/db/ConfigurationProfiles/Settings/com.apple.InternalDiagnostics.plist"
+#endif
+
+#if !TARGET_OS_SIMULATOR
+#define CACHE_SYSCTL_NAME "kern.osvariant_status"
+
+static void _restore_cached_check_status(uint64_t status);
+static uint64_t _get_cached_check_status(void);
+
+static char * _read_file(const char *path, size_t *size_out)
+{
+ char *buf = NULL;
+
+ int fd = open(path, O_RDONLY);
+ if (fd == -1) return NULL;
+
+ struct stat sb;
+ int rc = fstat(fd, &sb);
+ if (rc != 0 || sb.st_size == 0) {
+ goto error;
+ }
+
+ size_t size_limit = (size_out && *size_out != 0) ? *size_out : 1024;
+ size_t size = (size_t)sb.st_size;
+ if (size_out) *size_out = (size_t)sb.st_size;
+ if (size > size_limit) {
+ goto error;
+ }
+
+ buf = malloc(size + 1);
+ if (!buf) {
+ goto error;
+ }
+
+ ssize_t bytes_read = read(fd, buf, size);
+ buf[size] = '\0';
+
+
+ if (bytes_read == (ssize_t)size) {
+ close(fd);
+ return buf;
+ }
+
+error:
+ close(fd);
+ free(buf);
+ return NULL;
+}
+
+static xpc_object_t read_plist(const char *path)
+{
+ size_t size = 16 * 1024;
+ uint8_t *buf = (uint8_t*)_read_file(path, &size);
+ if (!buf) return NULL;
+
+ xpc_object_t plist = xpc_create_from_plist(buf, size);
+ if (plist && xpc_get_type(plist) != XPC_TYPE_DICTIONARY) {
+ xpc_release(plist);
+ plist = NULL;
+ }
+
+ free(buf);
+
+ return plist;
+}
+#endif
+
+#if !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR
+static enum check_status internal_content = S_UNKNOWN;
+#endif
+#if !TARGET_OS_SIMULATOR
+static enum check_status can_has_debugger = S_UNKNOWN;
+#if TARGET_OS_IPHONE
+static enum check_status internal_release_type = S_UNKNOWN;
+#else // TARGET_OS_IPHONE
+static enum check_status internal_diags_profile = S_UNKNOWN;
+#endif // TARGET_OS_IPHONE
+#endif // !TARGET_OS_SIMULATOR
+
+static bool disabled_status[VP_MAX] = {};
+
+static void _parse_disabled_status(char *test_string)
+{
+#if TARGET_OS_SIMULATOR
+#pragma unused(test_string)
+#else // TARGET_OS_SIMULATOR
+ char *override_str = NULL;
+
+ bzero(disabled_status, sizeof(disabled_status));
+
+ if (test_string != NULL) {
+ /* used for unit tests */
+ override_str = strdup(test_string);
+ } else {
+ if (access(VAR_FILE_LEGACY, F_OK) == 0) {
+ goto disable_all;
+ } else if (access(VAR_FILE_OVERRIDE, F_OK) != 0) {
+ return;
+ }
+
+ override_str = _read_file(VAR_FILE_OVERRIDE, NULL);
+ }
+
+ if (override_str == NULL) goto disable_all;
+
+ char *token, *string = override_str;
+ while ((token = strsep(&string, ",\n")) != NULL) {
+ if (strcmp(token, "content") == 0) {
+ disabled_status[VP_CONTENT] = true;
+ } else if (strcmp(token, "diagnostics") == 0) {
+ disabled_status[VP_DIAGNOSTICS] = true;
+ } else if (strcmp(token, "ui") == 0) {
+ disabled_status[VP_UI] = true;
+ } else if (strcmp(token, "security") == 0) {
+ disabled_status[VP_SECURITY] = true;
+ }
+ }
+
+ free(override_str);
+ return;
+
+disable_all:
+ for (int i = 0; i < VP_MAX; i++) {
+ disabled_status[i] = true;
+ }
+#endif //!TARGET_OS_SIMULATOR
+}
+
+#if !TARGET_OS_SIMULATOR
+static bool _load_cached_status(void)
+{
+ uint64_t status = 0;
+ size_t status_size = sizeof(status);
+ int ret = sysctlbyname(CACHE_SYSCTL_NAME, &status, &status_size, NULL, 0);
+ if (ret != 0) {
+ return false;
+ }
+
+ if (status) {
+ _restore_cached_check_status(status);
+ return true;
+ }
+
+ if (status == 0 && getpid() == 1) {
+ /*
+ * Looks like we are in launchd; try to set the status.
+ *
+ * We don't actually care if this works because we'll have warmed our state.
+ */
+ status = _get_cached_check_status();
+ sysctlbyname(CACHE_SYSCTL_NAME, NULL, 0, &status, status_size);
+ return true;
+ }
+
+ return false;
+}
+#endif
+
+static void _initialize_status(void * __unused ctx)
+{
+#if !TARGET_OS_SIMULATOR
+ if (!_load_cached_status()) {
+ _parse_disabled_status(NULL);
+ }
+#else
+ _parse_disabled_status(NULL);
+#endif
+}
+
+static bool _check_disabled(enum variant_property variant_property)
+{
+ static dispatch_once_t disabled_status_pred;
+ dispatch_once_f(&disabled_status_pred, NULL, _initialize_status);
+
+ return disabled_status[variant_property];
+}
+
+#if !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR
+static bool _check_internal_content(void)
+{
+ if (internal_content == S_UNKNOWN) {
+#if !TARGET_OS_SIMULATOR
+ const char * path = INTERNAL_CONTENT_PATH;
+#else
+ char *simulator_root = getenv("IPHONE_SIMULATOR_ROOT");
+ char *to_free = NULL, *path = NULL;
+ if (simulator_root) {
+ asprintf(&path, "%s/%s", simulator_root, INTERNAL_CONTENT_PATH);
+ if (path == NULL) {
+ return false;
+ }
+ to_free = path;
+ }
+#endif
+ internal_content = (access(path, F_OK) == 0) ? S_YES : S_NO;
+#if TARGET_OS_SIMULATOR
+ free(to_free);
+#endif
+ }
+ return status2bool(internal_content);
+}
+#endif // !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR
+
+#if TARGET_OS_IPHONE
+
+/*
+ * This set of criteria was taken from copyInternalBuild in MobileGestalt.c
+ */
+static bool _check_internal_release_type(void)
+{
+#if TARGET_OS_SIMULATOR
+ return _check_internal_content();
+#else // TARGET_OS_SIMULATOR
+ if (internal_release_type == S_UNKNOWN) {
+ xpc_object_t system_version_plist = read_plist(SYSTEM_VERSION_PLIST_PATH);
+ if (system_version_plist) {
+ const char *release_type =
+ xpc_dictionary_get_string(system_version_plist,
+ SYSTEM_VERSION_PLIST_KEY);
+
+ if (release_type == NULL) {
+ /*
+ * Confusingly, customer images are just completely missing this key.
+ */
+ internal_release_type = S_NO;
+ } else if (strcmp(release_type, "Internal") == 0 ||
+ strcmp(release_type, "Lite Internal") == 0 ||
+ strcmp(release_type, "NonUI") == 0) {
+ internal_release_type = S_YES;
+ } else {
+ internal_release_type = S_NO;
+ }
+
+ xpc_release(system_version_plist);
+ } else {
+ internal_release_type = (access(INTERNAL_SETTINGS_PATH, F_OK) == 0) ? S_YES : S_NO;
+ }
+ }
+
+ return status2bool(internal_release_type);
+#endif // TARGET_OS_SIMULATOR
+}
+
+#else
+
+static bool _check_internal_diags_profile() {
+ static enum check_status internal_diags_profile = S_UNKNOWN;
+
+ if (internal_diags_profile == S_UNKNOWN) {
+ xpc_object_t profile_settings = read_plist(INTERNAL_DIAGS_PROFILE_PATH);
+ if (profile_settings) {
+ internal_diags_profile = xpc_dictionary_get_bool(profile_settings, "AppleInternal") ? S_YES : S_NO;
+ xpc_release(profile_settings);
+ } else {
+ internal_diags_profile = S_NO;
+ }
+ }
+
+ return status2bool(internal_diags_profile);
+}
+
+#endif
+
+static bool _check_can_has_debugger(void)
+{
+#if TARGET_OS_SIMULATOR
+ return _check_internal_content();
+#else
+ if (can_has_debugger == S_UNKNOWN) {
+#if TARGET_OS_IPHONE
+ can_has_debugger = *((uint32_t *)_COMM_PAGE_DEV_FIRM) ? S_YES : S_NO;
+#else
+ /*
+ * The comm page bit does exist on macOS, but also requires kernel
+ * debugging in the CSR configuration. We don't need to be that strict
+ * here.
+ */
+ can_has_debugger = (csr_check(CSR_ALLOW_APPLE_INTERNAL) == 0) ? S_YES : S_NO;
+#endif
+ }
+ return status2bool(can_has_debugger);
+#endif // TARGET_OS_SIMULATOR
+}
+
+// For unit tests
+#ifndef VARIANT_SKIP_EXPORTED
+
+bool
+os_variant_has_internal_content(const char * __unused subsystem)
+{
+ if (_check_disabled(VP_CONTENT)) {
+ return false;
+ }
+
+#if TARGET_OS_IPHONE
+ return _check_internal_release_type();
+#else
+ return _check_internal_content();
+#endif
+}
+
+
+bool
+os_variant_has_internal_diagnostics(const char * __unused subsystem)
+{
+ if (_check_disabled(VP_DIAGNOSTICS)) {
+ return false;
+ }
+
+#if TARGET_OS_IPHONE
+ return _check_internal_release_type();
+#else
+ return _check_internal_content() || _check_internal_diags_profile();
+#endif
+}
+
+bool
+os_variant_has_internal_ui(const char * __unused subsystem)
+{
+ if (_check_disabled(VP_UI)) {
+ return false;
+ }
+
+#if TARGET_OS_IPHONE
+ return _check_internal_release_type();
+#else
+ return _check_internal_content();
+#endif
+}
+
+bool
+os_variant_allows_internal_security_policies(const char * __unused subsystem)
+{
+ if (_check_disabled(VP_SECURITY)) {
+ return false;
+ }
+
+ return _check_can_has_debugger();
+}
+
+#endif // VARIANT_SKIP_EXPORTED
+
+#define STATUS_INITIAL_BITS 0x70000000F0000000ULL
+#define STATUS_BIT_WIDTH 2
+#define STATUS_SET 0x2
+#define STATUS_MASK 0x3
+
+enum status_flags_positions {
+ SFP_INTERNAL_CONTENT = 0,
+ SFP_CAN_HAS_DEBUGGER = 1,
+ SFP_INTERNAL_RELEASE_TYPE = 2,
+ SFP_INTERNAL_DIAGS_PROFILE = 3
+};
+
+#if !TARGET_OS_SIMULATOR
+static uint64_t _get_cached_check_status(void)
+{
+ uint64_t res = STATUS_INITIAL_BITS;
+
+#if !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR
+ _check_internal_content();
+ if (internal_content != S_UNKNOWN)
+ res |= internal_content << SFP_INTERNAL_CONTENT * STATUS_BIT_WIDTH;
+#endif
+
+ _check_can_has_debugger();
+ if (can_has_debugger != S_UNKNOWN)
+ res |= can_has_debugger << SFP_CAN_HAS_DEBUGGER * STATUS_BIT_WIDTH;
+
+#if TARGET_OS_IPHONE
+ _check_internal_release_type();
+ if (internal_release_type != S_UNKNOWN)
+ res |= internal_release_type << SFP_INTERNAL_RELEASE_TYPE * STATUS_BIT_WIDTH;
+#else
+ _check_internal_diags_profile();
+ if (internal_diags_profile != S_UNKNOWN)
+ res |= internal_diags_profile << SFP_INTERNAL_DIAGS_PROFILE * STATUS_BIT_WIDTH;
+#endif
+
+ _parse_disabled_status(NULL);
+ for (int i = 0; i < VP_MAX; i++) {
+ if (disabled_status[i]) {
+ res |= 0x1ULL << (i + 32);
+ }
+ }
+
+ return res;
+}
+
+static void _restore_cached_check_status(uint64_t status)
+{
+#if !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR
+ if ((status >> (SFP_INTERNAL_CONTENT * STATUS_BIT_WIDTH)) & STATUS_SET)
+ internal_content = (status >> (SFP_INTERNAL_CONTENT * STATUS_BIT_WIDTH)) & STATUS_MASK;
+#endif
+ if ((status >> (SFP_CAN_HAS_DEBUGGER * STATUS_BIT_WIDTH)) & STATUS_SET)
+ can_has_debugger = (status >> (SFP_CAN_HAS_DEBUGGER * STATUS_BIT_WIDTH)) & STATUS_MASK;
+#if TARGET_OS_IPHONE
+ if ((status >> (SFP_INTERNAL_RELEASE_TYPE * STATUS_BIT_WIDTH)) & STATUS_SET)
+ internal_release_type = (status >> (SFP_INTERNAL_RELEASE_TYPE * STATUS_BIT_WIDTH)) & STATUS_MASK;
+#else
+ if ((status >> (SFP_INTERNAL_DIAGS_PROFILE * STATUS_BIT_WIDTH)) & STATUS_SET)
+ internal_diags_profile = (status >> (SFP_INTERNAL_DIAGS_PROFILE * STATUS_BIT_WIDTH)) & STATUS_MASK;
+#endif
+
+ for (int i = 0; i < VP_MAX; i++) {
+ disabled_status[i] = (status >> (32 + i)) & 0x1;
+ }
+}
+#endif // !TARGET_OS_SIMULATOR
projects / apple / libc.git / blobdiff