git.saurik.com Git - apple/xnu.git/blob

1 #include <darwintest.h>

3 #include <TargetConditionals.h>

4 #include <limits.h>

5 #include <stdio.h>

6 #include <stdlib.h>

7 #include <string.h>

8 #include <sys/errno.h>

9 #include <unistd.h>

11 #if !TARGET_OS_OSX

12 #include <pwd.h>

13 #include <sys/types.h>

14 #include <uuid/uuid.h>

15 #endif

17 #include "drop_priv.h"

19 #if TARGET_OS_OSX

20 #define INVOKER_UID "SUDO_UID"

21 #define INVOKER_GID "SUDO_GID"

22 #define ID_MAX (unsigned long)UINT_MAX

23 static unsigned

 _get_sudo_invoker(const char *var)

         char *value_str = getenv(var);

         T_QUIET; T_WITH_ERRNO; T_ASSERT_NOTNULL(value_str,

             "Not running under sudo, getenv(\"%s\") failed", var);

         T_QUIET; T_ASSERT_NE_CHAR(*value_str, '\0',

             "getenv(\"%s\") returned an empty string", var);

32 char *endp;

         unsigned long value = strtoul(value_str, &endp, 10);

         T_QUIET; T_WITH_ERRNO; T_ASSERT_EQ_CHAR(*endp, '\0',

             "strtoul(\"%s\") not called on a valid number", value_str);

         T_QUIET; T_WITH_ERRNO; T_ASSERT_NE_ULONG(value, ULONG_MAX,

             "strtoul(\"%s\") overflow", value_str);

         T_QUIET; T_ASSERT_NE_ULONG(value, 0ul, "%s invalid", var);

         T_QUIET; T_ASSERT_LT_ULONG(value, ID_MAX, "%s invalid", var);

         return (unsigned)value;

43 #endif /* TARGET_OS_OSX */

45 void

46 drop_priv(void)

48 #if TARGET_OS_OSX

49 uid_t lower_uid = _get_sudo_invoker(INVOKER_UID);

50 gid_t lower_gid = _get_sudo_invoker(INVOKER_GID);

51 #else

         struct passwd *pw = getpwnam("mobile");

         T_QUIET; T_WITH_ERRNO; T_ASSERT_NOTNULL(pw, "getpwnam(\"mobile\")");

54 uid_t lower_uid = pw->pw_uid;

55 gid_t lower_gid = pw->pw_gid;

56 #endif

         T_ASSERT_POSIX_SUCCESS(setgid(lower_gid), "Change group to %u", lower_gid);

         T_ASSERT_POSIX_SUCCESS(setuid(lower_uid), "Change user to %u", lower_uid);