1/*
2 * Copyright (c) 2006-2009 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23#include <stdio.h>  // fprintf(), NULL
24#include <stdlib.h> // exit(), EXIT_SUCCESS
25#include <string.h> // strcmp(), strncmp()
26#include <mach-o/dyld_priv.h> // dyld_process_is_restricted()
27
28#include "test.h" // PASS(), FAIL(), XPASS(), XFAIL()
29
30//
31// binaries set to run as some other user id never see any DYLD_ environment variables
32//
33
34int main(int argc, const char* argv[], const char* envp[], const char* apple[])
35{
36	// verify no DYLD_ variables
37	const char** p;
38	for(p = envp; *p != NULL; p++) {
39		//fprintf(stderr, "%s\n", *p);
40		if ( strncmp(*p, "DYLD_", 5) == 0 ) {
41			FAIL("restrict-environ: found %s", *p);
42			return EXIT_SUCCESS;
43		}
44	}
45	// verify same as apple parameter
46	++p;
47	if ( apple != p ) {
48		FAIL("restrict-environ: apple parameter not at end of envp");
49		return EXIT_SUCCESS;
50	}
51
52	// verify apple parameter is not NULL and ends in main
53	if ( *apple == NULL ) {
54		FAIL("restrict-environ: apple parameter is empty");
55		return EXIT_SUCCESS;
56	}
57	if ( strstr(*apple, "/main") == NULL ) {
58		FAIL("restrict-environ: apple parameter is not path to main");
59		return EXIT_SUCCESS;
60	}
61
62	// verify SPI says process is restricted
63	if ( !dyld_process_is_restricted() ) {
64		FAIL("restrict-environ: dyld_process_is_restrictet() returns false");
65		return EXIT_SUCCESS;
66	}
67
68
69	PASS("restrict-environ");
70	return EXIT_SUCCESS;
71}
72