[apple/xnu.git] / tools / tests / personas / persona_spawn.c

/*
 * spawn_persona.c
 * Use new POSIX spawn attributes to create a new process in a persona
 *
 * Jeremy C. Andrus <jeremy_andrus@apple.com>
 *
 */
#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <inttypes.h>
#include <libgen.h>
#include <pthread.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <mach/mach.h>
#include <mach/task.h>
#include <mach/vm_param.h>
#include <sys/queue.h>
#include <sys/sysctl.h>
#include <sys/types.h>

#include "persona_test.h"

/* internal */
#include <libproc.h>
#include <spawn_private.h>
#include <sys/persona.h>
#include <sys/proc_info.h>
#include <sys/spawn_internal.h>

#define PERSONA_TEST_NAME   "Persona Spawn"
#define PERSONA_TEST_VMAJOR 0
#define PERSONA_TEST_VMINOR 1

static struct test_config {
	int verbose;
	int wait_for_children;
} g;


/* = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 *
 * Child Management
 *
 * = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 */
struct child {
	TAILQ_ENTRY(child) sibling;
	int pid;
};

static pthread_mutex_t g_child_mtx;
static TAILQ_HEAD(, child) g_children = TAILQ_HEAD_INITIALIZER(g_children);
static int g_nchildren = 0;

static pid_t spawn_child(int argc, char **argv, struct persona_args *pa)
{
	int ret;
	uint32_t persona_flags = 0;
	posix_spawnattr_t attr;
	struct child *child = NULL;
	extern char **environ;

	(void)argc;

	if (!pa) {
		err_print("Invalid persona args!");
		return -ERR_SYSTEM;
	}

	if (!pa->flags & PA_HAS_ID) {
		err_print("No persona ID specified!");
		return -ERR_SYSTEM;
	}

	if (g.verbose) {
		dump_persona_args("Spawning new child with args: ", pa);
		infov("\t prog: \"%s\"", argv[0]);
		for (int i = 1; i < argc; i++) {
			infov("\t arg[%d]: %s", i, argv[i]);
		}
	}

	child = (struct child *)calloc(1, sizeof(*child));
	if (!child) {
		err_print("No memory left :-(");
		return -ERR_SYSTEM;
	}

	ret = posix_spawnattr_init(&attr);
	if (ret != 0) {
		err_print("posix_spawnattr_init");
		ret = -ERR_SPAWN_ATTR;
		goto out_err;
	}

	if (pa->flags & PA_SHOULD_VERIFY)
		persona_flags |= POSIX_SPAWN_PERSONA_FLAGS_VERIFY;

	if (pa->flags & PA_OVERRIDE)
		persona_flags |= POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE;

	ret = posix_spawnattr_set_persona_np(&attr, pa->kinfo.persona_id, persona_flags);
	if (ret != 0) {
		err_print("posix_spawnattr_set_persona_np failed!");
		ret = -ERR_SPAWN_ATTR;
		goto out_err;
	}

	if (pa->flags & PA_HAS_UID) {
		ret = posix_spawnattr_set_persona_uid_np(&attr, pa->override_uid);
		if (ret != 0) {
			err_print("posix_spawnattr_set_persona_uid_np failed!");
			ret = -ERR_SPAWN_ATTR;
			goto out_err;
		}
	}

	if (pa->flags & PA_HAS_GID) {
		ret = posix_spawnattr_set_persona_gid_np(&attr, pa->kinfo.persona_gid);
		if (ret != 0) {
			err_print("posix_spawnattr_set_persona_gid_np failed!");
			ret = -ERR_SPAWN_ATTR;
			goto out_err;
		}
	}

	ret = posix_spawn(&child->pid, argv[0], NULL, &attr, argv, environ);
	if (ret != 0) {
		err_print("posix_spawn (ret=%d)", ret);
		ret = -ERR_SPAWN;
		goto out_err;
	}

	infov("\tspawned child PID: %d", child->pid);

	/* link the processes onto the global children list */
	pthread_mutex_lock(&g_child_mtx);
	TAILQ_INSERT_TAIL(&g_children, child, sibling);
	++g_nchildren;
	pthread_mutex_unlock(&g_child_mtx);

	posix_spawnattr_destroy(&attr);
	return child->pid;

out_err:
	posix_spawnattr_destroy(&attr);
	free(child);
	return (pid_t)ret;
}


static int child_should_exit = 0;

static void child_sighandler(int sig)
{
	(void)sig;
	dbg("PID: %d received sig %d", getpid(), sig);
	child_should_exit = 1;
}

static int child_main_loop(int argc, char **argv)
{
	char ch;
	sigset_t sigset;
	int err = 0;
	uid_t persona_id = 0;
	struct kpersona_info kinfo;
	int rval = 0;

	while ((ch = getopt(argc, argv, "vhER")) != -1) {
		switch (ch) {
		case 'v':
			g.verbose = 1;
			break;
		case 'E':
			child_should_exit = 1;
			break;
		case 'R':
			rval = 1;
			break;
		case 'h':
		case '?':
		case ':':
		default:
			err("Invalid child process invocation.");
		}
	}

	sigemptyset(&sigset);
	sigaddset(&sigset, SIGINT);
	sigaddset(&sigset, SIGHUP);
	sigaddset(&sigset, SIGTERM);
	sigaddset(&sigset, SIGABRT);
	sigaddset(&sigset, SIGCHLD);
	sigprocmask(SIG_UNBLOCK, &sigset, NULL);

	signal(SIGINT, child_sighandler);
	signal(SIGHUP, child_sighandler);
	signal(SIGTERM, child_sighandler);
	signal(SIGABRT, child_sighandler);
	signal(SIGCHLD, child_sighandler);

	err = kpersona_get(&persona_id);

	info("Child: PID:%d", getpid());
	info("Child: UID:%d, GID:%d", getuid(), getgid());
	info("Child: login:%s", getlogin());
	info("Child: Persona: %d (err:%d)", persona_id, err);

	kinfo.persona_info_version = PERSONA_INFO_V1;
	err = kpersona_info(persona_id, &kinfo);
	if (err == 0)
		dump_kpersona("Child: kpersona_info", &kinfo);
	else
		info("Child: ERROR grabbing kpersona_info: %d", errno);

	if (child_should_exit)
		return rval;

	infov("Child Sleeping!");
	while (!child_should_exit)
		sleep(1);

	infov("Child exiting!");
	return rval;
}


/* = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 *
 * Main Entry Point
 *
 * = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 */
static void main_sighandler(int sig)
{
	dbg("PID: %d received sig %d", getpid(), sig);
	if (sig == SIGCHLD) {
		--g_nchildren;
	}
}

static void usage_main(const char *progname, int verbose)
{
	const char *nm = basename((char *)progname);

	printf("%s v%d.%d\n", PERSONA_TEST_NAME, PERSONA_TEST_VMAJOR, PERSONA_TEST_VMINOR);
	printf("usage: %s [-I id] [-V] [-u uid] [-g gid] [-vw] progname [args...]\n", nm);
	printf("       Spawn a new process into a new or existing persona.\n");
	if (!verbose)
		exit(1);

	printf("\t%-10s\tID of the persona\n", "-I id");
	printf("\t%-10s\tVerify persona parameters against existing persona (given by -I)\n", "-V");
	printf("\t%-10s\tOverride/verify the user ID of the new process\n", "-u uid");
	printf("\t%-10s\tOverride/verify the group ID of the new process\n", "-g gid");
	printf("\t%-10s\tBe verbose\n", "-v");
	printf("\t%-10s\tDo not wait for the child process\n", "-w");
	printf("\n");

	exit(1);
}

int main(int argc, char **argv)
{
	char ch;
	int ret;

	pthread_mutex_init(&g_child_mtx, NULL);

	/*
	 * Defaults
	 */
	g.verbose = 0;
	g.wait_for_children = 1;

	if (argc > 1 && strcmp(argv[1], "child") == 0) {
		optind = 2;
		ret = child_main_loop(argc, argv);
		if (ret != 1)
			exit(0);

		/*
		 * If we get here, then the child wants us to continue running
		 * to potentially spawn yet another child process. This is
		 * helpful when testing inherited personas and verifying
		 * persona restrictions.
		 */
	}

	if (geteuid() != 0)
		err("%s must be run as root", argv[0] ? basename(argv[0]) : PERSONA_TEST_NAME);

	struct persona_args pa;
	memset(&pa, 0, sizeof(pa));

	pa.flags = PA_NONE;
	pa.kinfo.persona_id = getuid();

	/*
	 * Argument parse for default overrides:
	 */
	while ((ch = getopt(argc, argv, "Vg:I:u:vwh")) != -1) {
		switch (ch) {
		case 'V':
			pa.flags |= PA_SHOULD_VERIFY;
			break;
		case 'g':
			pa.kinfo.persona_gid = atoi(optarg);
			if (pa.kinfo.persona_gid <= 500)
				err("Invalid GID: %d", pa.kinfo.persona_gid);
			pa.flags |= PA_HAS_GID;
			pa.flags |= PA_OVERRIDE;
			break;
		case 'I':
			pa.kinfo.persona_id = atoi(optarg);
			if (pa.kinfo.persona_id == 0)
				err("Invalid Persona ID: %s", optarg);
			pa.flags |= PA_HAS_ID;
			break;
		case 'u':
			pa.override_uid = atoi(optarg);
			if (pa.override_uid <= 500)
				err("Invalid UID: %d", pa.override_uid);
			pa.flags |= PA_HAS_UID;
			pa.flags |= PA_OVERRIDE;
			break;
		case 'v':
			g.verbose = 1;
			break;
		case 'w':
			g.wait_for_children = 0;
			break;
		case 'h':
		case '?':
			usage_main(argv[0], 1);
		case ':':
		default:
			printf("Invalid option: '%c'\n", ch);
			usage_main(argv[0], 0);
		}
	}

	if (pa.flags & PA_SHOULD_VERIFY)
		pa.flags = ~PA_OVERRIDE;

	if (optind >= argc) {
		printf("No program given!\n");
		usage_main(argv[0], 0);
	}

	argc -= optind;
	for (int i = 0; i < argc; i++) {
		argv[i] = argv[i + optind];
	}

	argv[argc] = NULL;

	ret = spawn_child(argc, argv, &pa);
	if (ret < 0)
		return ret;

	pid_t child_pid = (pid_t)ret;
	int status = 0;
	sigset_t sigset;
	sigemptyset(&sigset);
	sigaddset(&sigset, SIGCHLD);
	sigprocmask(SIG_UNBLOCK, &sigset, NULL);
	signal(SIGCHLD, main_sighandler);

	if (g.wait_for_children) {
		infov("Waiting for child...");
		waitpid(child_pid, &status, 0);
		if (WIFEXITED(status)) {
			status = WEXITSTATUS(status);
			if (status != 0)
				errc(ERR_CHILD_FAIL,
				     "Child exited with status: %d", status);
		}
	}

	info("Done.");
	return 0;
}
Commit	Line	Data
490019cf A	1	/*
	2	* spawn_persona.c
	3	* Use new POSIX spawn attributes to create a new process in a persona
	4	*
	5	* Jeremy C. Andrus <jeremy_andrus@apple.com>
	6	*
	7	*/
	8	#include <ctype.h>
	9	#include <err.h>
	10	#include <errno.h>
	11	#include <inttypes.h>
	12	#include <libgen.h>
	13	#include <pthread.h>
	14	#include <signal.h>
	15	#include <stdio.h>
	16	#include <stdlib.h>
	17	#include <string.h>
	18	#include <unistd.h>
	19	#include <mach/mach.h>
	20	#include <mach/task.h>
	21	#include <mach/vm_param.h>
	22	#include <sys/queue.h>
	23	#include <sys/sysctl.h>
	24	#include <sys/types.h>
	25
	26	#include "persona_test.h"
	27
	28	/* internal */
	29	#include <libproc.h>
	30	#include <spawn_private.h>
	31	#include <sys/persona.h>
	32	#include <sys/proc_info.h>
	33	#include <sys/spawn_internal.h>
	34
	35	#define PERSONA_TEST_NAME "Persona Spawn"
	36	#define PERSONA_TEST_VMAJOR 0
	37	#define PERSONA_TEST_VMINOR 1
	38
	39	static struct test_config {
	40	int verbose;
	41	int wait_for_children;
	42	} g;
	43
	44
	45	/* = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
	46	*
	47	* Child Management
	48	*
	49	* = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
	50	*/
	51	struct child {
	52	TAILQ_ENTRY(child) sibling;
	53	int pid;
	54	};
	55
	56	static pthread_mutex_t g_child_mtx;
	57	static TAILQ_HEAD(, child) g_children = TAILQ_HEAD_INITIALIZER(g_children);
	58	static int g_nchildren = 0;
	59
	60	static pid_t spawn_child(int argc, char *argv, struct persona_args pa)
	61	{
	62	int ret;
	63	uint32_t persona_flags = 0;
	64	posix_spawnattr_t attr;
65	struct child *child = NULL;
66	extern char **environ;
67
68	(void)argc;
69
70	if (!pa) {
71	err_print("Invalid persona args!");
72	return -ERR_SYSTEM;
73	}
74
75	if (!pa->flags & PA_HAS_ID) {
76	err_print("No persona ID specified!");
77	return -ERR_SYSTEM;
78	}
79
80	if (g.verbose) {
81	dump_persona_args("Spawning new child with args: ", pa);
82	infov("\t prog: \"%s\"", argv[0]);
83	for (int i = 1; i < argc; i++) {
84	infov("\t arg[%d]: %s", i, argv[i]);
85	}
86	}
87
88	child = (struct child )calloc(1, sizeof(child));
89	if (!child) {
90	err_print("No memory left :-(");
91	return -ERR_SYSTEM;
92	}
93
94	ret = posix_spawnattr_init(&attr);
95	if (ret != 0) {
96	err_print("posix_spawnattr_init");
97	ret = -ERR_SPAWN_ATTR;
98	goto out_err;
99	}
100
101	if (pa->flags & PA_SHOULD_VERIFY)
102	persona_flags \|= POSIX_SPAWN_PERSONA_FLAGS_VERIFY;
103
104	if (pa->flags & PA_OVERRIDE)
105	persona_flags \|= POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE;
106
107	ret = posix_spawnattr_set_persona_np(&attr, pa->kinfo.persona_id, persona_flags);
108	if (ret != 0) {
109	err_print("posix_spawnattr_set_persona_np failed!");
110	ret = -ERR_SPAWN_ATTR;
111	goto out_err;
112	}
113
114	if (pa->flags & PA_HAS_UID) {
115	ret = posix_spawnattr_set_persona_uid_np(&attr, pa->override_uid);
116	if (ret != 0) {
117	err_print("posix_spawnattr_set_persona_uid_np failed!");
118	ret = -ERR_SPAWN_ATTR;
119	goto out_err;
120	}
121	}
122
123	if (pa->flags & PA_HAS_GID) {
124	ret = posix_spawnattr_set_persona_gid_np(&attr, pa->kinfo.persona_gid);
125	if (ret != 0) {
126	err_print("posix_spawnattr_set_persona_gid_np failed!");
127	ret = -ERR_SPAWN_ATTR;
128	goto out_err;
129	}
130	}
131
132	ret = posix_spawn(&child->pid, argv[0], NULL, &attr, argv, environ);
133	if (ret != 0) {
134	err_print("posix_spawn (ret=%d)", ret);
135	ret = -ERR_SPAWN;
136	goto out_err;
137	}
138
139	infov("\tspawned child PID: %d", child->pid);
140
141	/* link the processes onto the global children list */
142	pthread_mutex_lock(&g_child_mtx);
143	TAILQ_INSERT_TAIL(&g_children, child, sibling);
144	++g_nchildren;
145	pthread_mutex_unlock(&g_child_mtx);
146
147	posix_spawnattr_destroy(&attr);
148	return child->pid;
149
150	out_err:
151	posix_spawnattr_destroy(&attr);
152	free(child);
153	return (pid_t)ret;
154	}
155
156
157	static int child_should_exit = 0;
158
159	static void child_sighandler(int sig)
160	{
161	(void)sig;
162	dbg("PID: %d received sig %d", getpid(), sig);
163	child_should_exit = 1;
164	}
165
166	static int child_main_loop(int argc, char **argv)
167	{
168	char ch;
169	sigset_t sigset;
170	int err = 0;
171	uid_t persona_id = 0;
172	struct kpersona_info kinfo;
173	int rval = 0;
174
175	while ((ch = getopt(argc, argv, "vhER")) != -1) {
176	switch (ch) {
177	case 'v':
178	g.verbose = 1;
179	break;
180	case 'E':
181	child_should_exit = 1;
182	break;
183	case 'R':
184	rval = 1;
185	break;
186	case 'h':
187	case '?':
188	case ':':
189	default:
190	err("Invalid child process invocation.");
191	}
192	}
193
194	sigemptyset(&sigset);
195	sigaddset(&sigset, SIGINT);
196	sigaddset(&sigset, SIGHUP);
197	sigaddset(&sigset, SIGTERM);
198	sigaddset(&sigset, SIGABRT);
199	sigaddset(&sigset, SIGCHLD);
200	sigprocmask(SIG_UNBLOCK, &sigset, NULL);
201
202	signal(SIGINT, child_sighandler);
203	signal(SIGHUP, child_sighandler);
204	signal(SIGTERM, child_sighandler);
205	signal(SIGABRT, child_sighandler);
206	signal(SIGCHLD, child_sighandler);
207
208	err = kpersona_get(&persona_id);
209
210	info("Child: PID:%d", getpid());
211	info("Child: UID:%d, GID:%d", getuid(), getgid());
212	info("Child: login:%s", getlogin());
213	info("Child: Persona: %d (err:%d)", persona_id, err);
214
215	kinfo.persona_info_version = PERSONA_INFO_V1;
216	err = kpersona_info(persona_id, &kinfo);
217	if (err == 0)
218	dump_kpersona("Child: kpersona_info", &kinfo);
219	else
220	info("Child: ERROR grabbing kpersona_info: %d", errno);
221
222	if (child_should_exit)
223	return rval;
224
225	infov("Child Sleeping!");
226	while (!child_should_exit)
227	sleep(1);
228
229	infov("Child exiting!");
230	return rval;
231	}
232
233
234	/* = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
235	*
236	* Main Entry Point
237	*
238	* = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
239	*/
240	static void main_sighandler(int sig)
241	{
242	dbg("PID: %d received sig %d", getpid(), sig);
243	if (sig == SIGCHLD) {
244	--g_nchildren;
245	}
246	}
247
248	static void usage_main(const char *progname, int verbose)
249	{
250	const char nm = basename((char )progname);
251
252	printf("%s v%d.%d\n", PERSONA_TEST_NAME, PERSONA_TEST_VMAJOR, PERSONA_TEST_VMINOR);
253	printf("usage: %s [-I id] [-V] [-u uid] [-g gid] [-vw] progname [args...]\n", nm);
254	printf(" Spawn a new process into a new or existing persona.\n");
255	if (!verbose)
256	exit(1);
257
258	printf("\t%-10s\tID of the persona\n", "-I id");
259	printf("\t%-10s\tVerify persona parameters against existing persona (given by -I)\n", "-V");
260	printf("\t%-10s\tOverride/verify the user ID of the new process\n", "-u uid");
261	printf("\t%-10s\tOverride/verify the group ID of the new process\n", "-g gid");
262	printf("\t%-10s\tBe verbose\n", "-v");
263	printf("\t%-10s\tDo not wait for the child process\n", "-w");
264	printf("\n");
265
266	exit(1);
267	}
268
269	int main(int argc, char **argv)
270	{
271	char ch;
272	int ret;
273
274	pthread_mutex_init(&g_child_mtx, NULL);
275
276	/*
277	* Defaults
278	*/
279	g.verbose = 0;
280	g.wait_for_children = 1;
281
282	if (argc > 1 && strcmp(argv[1], "child") == 0) {
283	optind = 2;
284	ret = child_main_loop(argc, argv);
285	if (ret != 1)
286	exit(0);
287
288	/*
289	* If we get here, then the child wants us to continue running
290	* to potentially spawn yet another child process. This is
291	* helpful when testing inherited personas and verifying
292	* persona restrictions.
293	*/
294	}
295
296	if (geteuid() != 0)
297	err("%s must be run as root", argv[0] ? basename(argv[0]) : PERSONA_TEST_NAME);
298
299	struct persona_args pa;
300	memset(&pa, 0, sizeof(pa));
301
302	pa.flags = PA_NONE;
303	pa.kinfo.persona_id = getuid();
304
305	/*
306	* Argument parse for default overrides:
307	*/
308	while ((ch = getopt(argc, argv, "Vg:I:u:vwh")) != -1) {
309	switch (ch) {
310	case 'V':
311	pa.flags \|= PA_SHOULD_VERIFY;
312	break;
313	case 'g':
314	pa.kinfo.persona_gid = atoi(optarg);
315	if (pa.kinfo.persona_gid <= 500)
316	err("Invalid GID: %d", pa.kinfo.persona_gid);
317	pa.flags \|= PA_HAS_GID;
318	pa.flags \|= PA_OVERRIDE;
319	break;
320	case 'I':
321	pa.kinfo.persona_id = atoi(optarg);
322	if (pa.kinfo.persona_id == 0)
323	err("Invalid Persona ID: %s", optarg);
324	pa.flags \|= PA_HAS_ID;
325	break;
326	case 'u':
327	pa.override_uid = atoi(optarg);
328	if (pa.override_uid <= 500)
329	err("Invalid UID: %d", pa.override_uid);
330	pa.flags \|= PA_HAS_UID;
331	pa.flags \|= PA_OVERRIDE;
332	break;
333	case 'v':
334	g.verbose = 1;
335	break;
336	case 'w':
337	g.wait_for_children = 0;
338	break;
339	case 'h':
340	case '?':
341	usage_main(argv[0], 1);
342	case ':':
343	default:
344	printf("Invalid option: '%c'\n", ch);
345	usage_main(argv[0], 0);
346	}
347	}
348
349	if (pa.flags & PA_SHOULD_VERIFY)
350	pa.flags = ~PA_OVERRIDE;
351
352	if (optind >= argc) {
353	printf("No program given!\n");
354	usage_main(argv[0], 0);
355	}
356
357	argc -= optind;
358	for (int i = 0; i < argc; i++) {
359	argv[i] = argv[i + optind];
360	}
361
362	argv[argc] = NULL;
363
364	ret = spawn_child(argc, argv, &pa);
365	if (ret < 0)
366	return ret;
367
368	pid_t child_pid = (pid_t)ret;
369	int status = 0;
370	sigset_t sigset;
371	sigemptyset(&sigset);
372	sigaddset(&sigset, SIGCHLD);
373	sigprocmask(SIG_UNBLOCK, &sigset, NULL);
374	signal(SIGCHLD, main_sighandler);
375
376	if (g.wait_for_children) {
377	infov("Waiting for child...");
378	waitpid(child_pid, &status, 0);
379	if (WIFEXITED(status)) {
380	status = WEXITSTATUS(status);
381	if (status != 0)
382	errc(ERR_CHILD_FAIL,
383	"Child exited with status: %d", status);
384	}
385	}
386
387	info("Done.");
388	return 0;
389	}