sectask/regressions/sectask-10-sectask.c

   1 /*
   2  * Copyright (c) 2007-2009,2013-2014 Apple Inc.  All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25
  26 #include <stdio.h>
  27 #include <CoreFoundation/CoreFoundation.h>
  28 #include <Security/SecTask.h>
  29 #include <Security/SecEntitlements.h>
  30 #include <AssertMacros.h>
  31 #include <TargetConditionals.h>
  32 #include <sys/sysctl.h>
  33
  34 #include "utilities/SecCFRelease.h"
  35
  36 #include "sectask_regressions.h"
  37
  38 /* IPC stuff:
  39
  40  This is a hack to get our own audittoken:
  41  We send a simple request with no argument to our mach port.
  42  The mach port callback copy the audittoken to a global.
  43  */
  44
  45 #include <mach/mach.h>
  46 #include <mach/message.h>
  47 #include "sectask_ipc.h"
  48
  49 static audit_token_t g_self_audittoken = {{0}};
  50
  51 kern_return_t sectask_server_request(mach_port_t receiver,
  52         audit_token_t auditToken);
  53 kern_return_t sectask_server_request(mach_port_t receiver,
  54         audit_token_t auditToken)
  55 {
  56     memcpy(&g_self_audittoken, &auditToken, sizeof(g_self_audittoken));
  57
  58     CFRunLoopStop(CFRunLoopGetCurrent());
  59
  60     return 0;
  61 }
  62
  63 extern boolean_t sectask_ipc_server(mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP);
  64
  65 union max_msg_size_union {
  66     union __RequestUnion__sectask_client_sectask_ipc_subsystem reply;
  67 };
  68
  69 static uint8_t reply_buffer[sizeof(union max_msg_size_union) + MAX_TRAILER_SIZE];
  70
  71 static void server_callback(CFMachPortRef port, void *msg, CFIndex size, void *info)
  72 {
  73     mach_msg_header_t *message = (mach_msg_header_t *)msg;
  74     mach_msg_header_t *reply = (mach_msg_header_t *)reply_buffer;
  75
  76     sectask_ipc_server(message, reply);
  77
  78 }
  79
  80 static
  81 void init_self_audittoken(void)
  82 {
  83     /* create a mach port and an event source */
  84     CFMachPortRef server_port = CFMachPortCreate (NULL, server_callback, NULL, false);
  85     CFRunLoopSourceRef server_source = CFMachPortCreateRunLoopSource(NULL, server_port, 0/*order*/);
  86
  87     /* add the source to the current run loop */
  88     CFRunLoopAddSource(CFRunLoopGetCurrent(), server_source, kCFRunLoopDefaultMode);
  89     CFRelease(server_source);
  90
  91     /* Send the request */
  92     sectask_client_request(CFMachPortGetPort(server_port));
  93
  94     /* Run the loop to process the message */
  95     CFRunLoopRun();
  96
  97     /* done */
  98     CFRelease(server_port);
  99
 100 }
 101
 102 static
 103 CFStringRef copyProcName(pid_t pid) {
 104     const char *task_name;
 105     int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
 106     struct kinfo_proc kp;
 107     size_t len = sizeof(kp);
 108     if (sysctl(mib, 4, &kp, &len, NULL, 0) == -1 || len == 0)
 109         task_name = strerror(errno);
 110     else
 111         task_name = kp.kp_proc.p_comm;
 112     return CFStringCreateWithCString(kCFAllocatorDefault, task_name, kCFStringEncodingASCII);
 113 }
 114
 115 /* Actual test code */
 116
 117 int sectask_10_sectask_self(int argc, char *const *argv)
 118 {
 119     SecTaskRef task=NULL;
 120     CFStringRef appId=NULL;
 121     CFStringRef signingIdentifier=NULL;
 122     plan_tests(7);
 123
 124     ok(task=SecTaskCreateFromSelf(kCFAllocatorDefault), "SecTaskCreateFromSelf");
 125     require(task, out);
 126
 127     /* TODO: remove the todo once xcode signs simulator binaries */
 128 SKIP: {
 129 #if TARGET_OS_SIMULATOR
 130         todo("no entitlements in the simulator binaries yet, until <rdar://problem/12194625>");
 131 #endif
 132         ok(appId=SecTaskCopyValueForEntitlement(task, kSecEntitlementApplicationIdentifier, NULL), "SecTaskCopyValueForEntitlement");
 133         skip("appId is NULL", 1, appId);
 134         ok(CFEqual(appId, CFSTR("com.apple.security.regressions")), "Application Identifier match");
 135
 136         ok(signingIdentifier=SecTaskCopySigningIdentifier(task, NULL), "SecTaskCopySigningIdentifier");
 137         ok(CFEqual(signingIdentifier, CFBundleGetIdentifier(CFBundleGetMainBundle())), "CodeSigning Identifier match");
 138     }
 139
 140     pid_t pid = getpid();
 141     CFStringRef name = copyProcName(pid);
 142     CFStringRef pidstr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("[%d]"), pid);
 143     CFStringRef desc = CFCopyDescription(task);
 144
 145     ok(CFStringFind(desc, name, 0).location != kCFNotFound, "didn't find name: %@ vs %@", desc, name);
 146     ok(CFStringFind(desc, pidstr, 0).location != kCFNotFound, "didn't find pidstr: %@ vs %@", desc, pidstr);
 147
 148     CFReleaseSafe(name);
 149     CFReleaseSafe(desc);
 150     CFReleaseSafe(pidstr);
 151
 152 out:
 153     CFReleaseSafe(task);
 154     CFReleaseSafe(appId);
 155     CFReleaseSafe(signingIdentifier);
 156
 157     return 0;
 158 }
 159
 160 int sectask_10_sectask(int argc, char *const *argv)
 161 {
 162     SecTaskRef task=NULL;
 163     CFStringRef appId=NULL;
 164     CFStringRef signingIdentifier=NULL;
 165
 166     plan_tests(7);
 167
 168     init_self_audittoken();
 169
 170     ok(task=SecTaskCreateWithAuditToken(kCFAllocatorDefault, g_self_audittoken), "SecTaskCreateFromAuditToken");
 171     require(task, out);
 172
 173     /* TODO: remove the todo once xcode signs simulator binaries */
 174 SKIP: {
 175 #if TARGET_OS_SIMULATOR
 176     todo("no entitlements in the simulator binaries yet, until <rdar://problem/12194625>");
 177 #endif
 178     ok(appId=SecTaskCopyValueForEntitlement(task, kSecEntitlementApplicationIdentifier, NULL), "SecTaskCopyValueForEntitlement");
 179     skip("appId is NULL", 1, appId);
 180     ok(CFEqual(appId, CFSTR("com.apple.security.regressions")), "Application Identifier match");
 181     ok(signingIdentifier=SecTaskCopySigningIdentifier(task, NULL), "SecTaskCopySigningIdentifier");
 182     ok(CFEqual(signingIdentifier, CFBundleGetIdentifier(CFBundleGetMainBundle())), "CodeSigning Identifier match");
 183 }
 184
 185     pid_t pid = getpid();
 186     CFStringRef name = copyProcName(pid);
 187     CFStringRef pidstr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("[%d]"), pid);
 188     CFStringRef desc = CFCopyDescription(task);
 189
 190     ok(CFStringFind(desc, name, 0).location != kCFNotFound, "didn't find name: %@ vs %@", desc, name);
 191     ok(CFStringFind(desc, pidstr, 0).location != kCFNotFound, "didn't find pidstr: %@ vs %@", desc, pidstr);
 192
 193     CFReleaseSafe(name);
 194     CFReleaseSafe(desc);
 195     CFReleaseSafe(pidstr);
 196
 197 out:
 198     CFReleaseSafe(task);
 199     CFReleaseSafe(appId);
 200     CFReleaseSafe(signingIdentifier);
 201
 202     return 0;
 203 }