2 * Copyright (c) 2007-2009,2013-2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
27 #include <CoreFoundation/CoreFoundation.h>
28 #include <Security/SecTask.h>
29 #include <Security/SecEntitlements.h>
30 #include <AssertMacros.h>
31 #include <TargetConditionals.h>
32 #include <sys/sysctl.h>
34 #include "utilities/SecCFRelease.h"
36 #include "sectask_regressions.h"
40 This is a hack to get our own audittoken:
41 We send a simple request with no argument to our mach port.
42 The mach port callback copy the audittoken to a global.
45 #include <mach/mach.h>
46 #include <mach/message.h>
47 #include "sectask_ipc.h"
49 static audit_token_t g_self_audittoken
= {{0}};
51 kern_return_t
sectask_server_request(mach_port_t receiver
,
52 audit_token_t auditToken
);
53 kern_return_t
sectask_server_request(mach_port_t receiver
,
54 audit_token_t auditToken
)
56 memcpy(&g_self_audittoken
, &auditToken
, sizeof(g_self_audittoken
));
58 CFRunLoopStop(CFRunLoopGetCurrent());
63 extern boolean_t
sectask_ipc_server(mach_msg_header_t
*InHeadP
, mach_msg_header_t
*OutHeadP
);
65 union max_msg_size_union
{
66 union __RequestUnion__sectask_client_sectask_ipc_subsystem reply
;
69 static uint8_t reply_buffer
[sizeof(union max_msg_size_union
) + MAX_TRAILER_SIZE
];
71 static void server_callback(CFMachPortRef port
, void *msg
, CFIndex size
, void *info
)
73 mach_msg_header_t
*message
= (mach_msg_header_t
*)msg
;
74 mach_msg_header_t
*reply
= (mach_msg_header_t
*)reply_buffer
;
76 sectask_ipc_server(message
, reply
);
81 void init_self_audittoken(void)
83 /* create a mach port and an event source */
84 CFMachPortRef server_port
= CFMachPortCreate (NULL
, server_callback
, NULL
, false);
85 CFRunLoopSourceRef server_source
= CFMachPortCreateRunLoopSource(NULL
, server_port
, 0/*order*/);
87 /* add the source to the current run loop */
88 CFRunLoopAddSource(CFRunLoopGetCurrent(), server_source
, kCFRunLoopDefaultMode
);
89 CFRelease(server_source
);
91 /* Send the request */
92 sectask_client_request(CFMachPortGetPort(server_port
));
94 /* Run the loop to process the message */
98 CFRelease(server_port
);
103 CFStringRef
copyProcName(pid_t pid
) {
104 const char *task_name
;
105 int mib
[] = {CTL_KERN
, KERN_PROC
, KERN_PROC_PID
, pid
};
106 struct kinfo_proc kp
;
107 size_t len
= sizeof(kp
);
108 if (sysctl(mib
, 4, &kp
, &len
, NULL
, 0) == -1 || len
== 0)
109 task_name
= strerror(errno
);
111 task_name
= kp
.kp_proc
.p_comm
;
112 return CFStringCreateWithCString(kCFAllocatorDefault
, task_name
, kCFStringEncodingASCII
);
115 /* Actual test code */
117 int sectask_10_sectask_self(int argc
, char *const *argv
)
119 SecTaskRef task
=NULL
;
120 CFStringRef appId
=NULL
;
121 CFStringRef signingIdentifier
=NULL
;
124 ok(task
=SecTaskCreateFromSelf(kCFAllocatorDefault
), "SecTaskCreateFromSelf");
127 /* TODO: remove the todo once xcode signs simulator binaries */
129 #if TARGET_OS_SIMULATOR
130 todo("no entitlements in the simulator binaries yet, until <rdar://problem/12194625>");
132 ok(appId
=SecTaskCopyValueForEntitlement(task
, kSecEntitlementApplicationIdentifier
, NULL
), "SecTaskCopyValueForEntitlement");
133 skip("appId is NULL", 1, appId
);
134 ok(CFEqual(appId
, CFSTR("com.apple.security.regressions")), "Application Identifier match");
136 ok(signingIdentifier
=SecTaskCopySigningIdentifier(task
, NULL
), "SecTaskCopySigningIdentifier");
137 ok(CFEqual(signingIdentifier
, CFBundleGetIdentifier(CFBundleGetMainBundle())), "CodeSigning Identifier match");
140 pid_t pid
= getpid();
141 CFStringRef name
= copyProcName(pid
);
142 CFStringRef pidstr
= CFStringCreateWithFormat(kCFAllocatorDefault
, NULL
, CFSTR("[%d]"), pid
);
143 CFStringRef desc
= CFCopyDescription(task
);
145 ok(CFStringFind(desc
, name
, 0).location
!= kCFNotFound
, "didn't find name: %@ vs %@", desc
, name
);
146 ok(CFStringFind(desc
, pidstr
, 0).location
!= kCFNotFound
, "didn't find pidstr: %@ vs %@", desc
, pidstr
);
150 CFReleaseSafe(pidstr
);
154 CFReleaseSafe(appId
);
155 CFReleaseSafe(signingIdentifier
);
160 int sectask_10_sectask(int argc
, char *const *argv
)
162 SecTaskRef task
=NULL
;
163 CFStringRef appId
=NULL
;
164 CFStringRef signingIdentifier
=NULL
;
168 init_self_audittoken();
170 ok(task
=SecTaskCreateWithAuditToken(kCFAllocatorDefault
, g_self_audittoken
), "SecTaskCreateFromAuditToken");
173 /* TODO: remove the todo once xcode signs simulator binaries */
175 #if TARGET_OS_SIMULATOR
176 todo("no entitlements in the simulator binaries yet, until <rdar://problem/12194625>");
178 ok(appId
=SecTaskCopyValueForEntitlement(task
, kSecEntitlementApplicationIdentifier
, NULL
), "SecTaskCopyValueForEntitlement");
179 skip("appId is NULL", 1, appId
);
180 ok(CFEqual(appId
, CFSTR("com.apple.security.regressions")), "Application Identifier match");
181 ok(signingIdentifier
=SecTaskCopySigningIdentifier(task
, NULL
), "SecTaskCopySigningIdentifier");
182 ok(CFEqual(signingIdentifier
, CFBundleGetIdentifier(CFBundleGetMainBundle())), "CodeSigning Identifier match");
185 pid_t pid
= getpid();
186 CFStringRef name
= copyProcName(pid
);
187 CFStringRef pidstr
= CFStringCreateWithFormat(kCFAllocatorDefault
, NULL
, CFSTR("[%d]"), pid
);
188 CFStringRef desc
= CFCopyDescription(task
);
190 ok(CFStringFind(desc
, name
, 0).location
!= kCFNotFound
, "didn't find name: %@ vs %@", desc
, name
);
191 ok(CFStringFind(desc
, pidstr
, 0).location
!= kCFNotFound
, "didn't find pidstr: %@ vs %@", desc
, pidstr
);
195 CFReleaseSafe(pidstr
);
199 CFReleaseSafe(appId
);
200 CFReleaseSafe(signingIdentifier
);