configd-963.270.3.tar.gz

diff --git a/Plugins/InterfaceNamer/ifnamer.c b/Plugins/InterfaceNamer/ifnamer.c
index 52f4a7a62bd4905c08797427c8089323d3a20f23..bccc4b399d999a966ba502701f917c88dad81509 100644 (file)
--- a/Plugins/InterfaceNamer/ifnamer.c
+++ b/Plugins/InterfaceNamer/ifnamer.c
@@ -1,5 +1,5 @@
 /*
 /*

- * Copyright (c) 2001-2018 Apple Inc. All rights reserved.
+ * Copyright (c) 2001-2019 Apple Inc. All rights reserved.

  *
  * @APPLE_LICENSE_HEADER_START@
  *
  *
  * @APPLE_LICENSE_HEADER_START@
  *


@@ -217,6 +217,12 @@ static CFMutableDictionaryRef      S_state                 = NULL;
  */
 static Boolean                 S_trustedHostAttached   = FALSE;
 
  */
 static Boolean                 S_trustedHostAttached   = FALSE;
 

+/*
+ *
+ * Note: this global must only be updated on trustRequired_queue()
+ */
+static CFIndex                 S_trustedHostCount      = 0;
+

 /*
  * S_trustRequired
  *   An array of CFData(WatchedInfo) objects representing those
 /*
  * S_trustRequired
  *   An array of CFData(WatchedInfo) objects representing those


@@ -2156,11 +2162,12 @@ watchLockedInterface(SCNetworkInterfaceRef interface)
 static void
 shareExcluded()
 {
 static void
 shareExcluded()
 {

-    CFMutableArrayRef  excluded        = NULL;
-    CFIndex            n;
+    CFIndex    n;

 
     n = (S_trustRequired != NULL) ? CFArrayGetCount(S_trustRequired) : 0;
     if ((n > 0) && !S_trustedHostAttached) {
 
     n = (S_trustRequired != NULL) ? CFArrayGetCount(S_trustRequired) : 0;
     if ((n > 0) && !S_trustedHostAttached) {

+       CFMutableArrayRef       excluded;
+

        // if we have interfaces that require not [yet] granted "trust".
 
        excluded = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
        // if we have interfaces that require not [yet] granted "trust".
 
        excluded = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);


@@ -2178,9 +2185,7 @@ shareExcluded()
            }
            CFArrayAppendValue(excluded, bsdName);
        }
            }
            CFArrayAppendValue(excluded, bsdName);
        }

-    }

 
 

-    if (excluded != NULL) {

        CFDictionarySetValue(S_state, kInterfaceNamerKey_ExcludedInterfaces, excluded);
        CFRelease(excluded);
     } else {
        CFDictionarySetValue(S_state, kInterfaceNamerKey_ExcludedInterfaces, excluded);
        CFRelease(excluded);
     } else {


@@ -2210,25 +2215,42 @@ trustRequired_queue()
 static void
 trustRequiredNotification_update(CFRunLoopRef rl, CFStringRef reason)
 {
 static void
 trustRequiredNotification_update(CFRunLoopRef rl, CFStringRef reason)
 {

-    Boolean            curTrusted      = FALSE;
-    CFBooleanRef       trusted;
-
-    trusted = lockdown_copy_trustedHostAttached();
-    if (trusted != NULL) {
-       curTrusted = isA_CFBoolean(trusted) && CFBooleanGetValue(trusted);
-       CFRelease(trusted);
-    }
-
-    SC_log(LOG_INFO, "%@, trusted = %s", reason, curTrusted ? "Yes" : "No");
+    Boolean                    changed         = FALSE;
+    CFStringRef                        error           = NULL;
+    CFIndex                    n;
+    Boolean                    trusted;

 
 

-    if (S_trustedHostAttached != curTrusted) {
-       S_trustedHostAttached = curTrusted;
+    /*
+     * determine whether the device has "trusted" the host (or other device)
+     */
+    trusted = lockdown_is_host_trusted(MY_PLUGIN_ID, NULL, &error);
+    n = (S_trustRequired != NULL) ? CFArrayGetCount(S_trustRequired) : 0;
+    if ((S_trustedHostCount != n) || (S_trustedHostAttached != trusted)) {
+       changed = TRUE;
+    }
+
+    SC_log(LOG_INFO, "%@, trusted = %s%s%@, %ld interface%s)%s",
+          reason,
+          trusted ? "Yes" : "No",
+          (error != NULL) ? ", error = " : "",
+          (error != NULL) ? error : CFSTR(""),
+          n,
+          (n == 1) ? "" : "s",
+          changed ? " *" : "");
+
+    if (changed) {
+       S_trustedHostAttached = trusted;
+       S_trustedHostCount = n;

        CFRunLoopPerformBlock(rl, kCFRunLoopDefaultMode, ^{
            shareExcluded();
        });
        CFRunLoopWakeUp(rl);
     }
 
        CFRunLoopPerformBlock(rl, kCFRunLoopDefaultMode, ^{
            shareExcluded();
        });
        CFRunLoopWakeUp(rl);
     }
 

+    if (error != NULL) {
+       CFRelease(error);
+    }
+

     return;
 }
 
     return;
 }
 


@@ -2308,6 +2330,26 @@ watchTrustedStatus(CFStringRef notification, CFStringRef reason)
     return;
 }
 
     return;
 }
 

+static Boolean
+isWatchedInterface(SCNetworkInterfaceRef interface)
+{
+    Boolean    found   = FALSE;
+    CFIndex    n;
+
+    n = (S_trustRequired != NULL) ? CFArrayGetCount(S_trustRequired) : 0;
+    for (CFIndex i = 0; i < n; i++) {
+       CFDataRef       watched         = CFArrayGetValueAtIndex(S_trustRequired, i);
+       WatchedInfo     *watchedInfo    = (WatchedInfo *)(void *)CFDataGetBytePtr(watched);
+
+       if (CFEqual((watchedInfo->interface), interface)) {
+           found = TRUE;
+           break;
+       }
+    }
+
+    return found;
+}
+

 static void
 updateTrustRequiredInterfaces(CFArrayRef interfaces)
 {
 static void
 updateTrustRequiredInterfaces(CFArrayRef interfaces)
 {


@@ -2319,7 +2361,7 @@ updateTrustRequiredInterfaces(CFArrayRef interfaces)
        SCNetworkInterfaceRef   interface;
 
        interface = CFArrayGetValueAtIndex(interfaces, i);
        SCNetworkInterfaceRef   interface;
 
        interface = CFArrayGetValueAtIndex(interfaces, i);

-       if (_SCNetworkInterfaceIsTrustRequired(interface)) {
+       if (_SCNetworkInterfaceIsTrustRequired(interface) && !isWatchedInterface(interface)) {

            CFDataRef   watched;
 
            watched = watcherCreate(interface, trustRequiredInterfaceUpdated);
            CFDataRef   watched;
 
            watched = watcherCreate(interface, trustRequiredInterfaceUpdated);


@@ -2341,13 +2383,21 @@ updateTrustRequiredInterfaces(CFArrayRef interfaces)
        CFRunLoopRef            rl      = CFRunLoopGetCurrent();
 
        dispatch_once(&once, ^{
        CFRunLoopRef            rl      = CFRunLoopGetCurrent();
 
        dispatch_once(&once, ^{

-           // watch for "Trusted host attached"
-           watchTrustedStatus(kLockdownNotificationTrustedHostAttached,
-                              CFSTR("Trusted Host attached"));
+           // watch for "Host attached"
+           watchTrustedStatus(kLockdownNotificationHostAttached,
+                              CFSTR("Host attached"));

 
            // watch for "Host detached"
            watchTrustedStatus(kLockdownNotificationHostDetached,
                               CFSTR("Host detached"));
 
            // watch for "Host detached"
            watchTrustedStatus(kLockdownNotificationHostDetached,
                               CFSTR("Host detached"));

+
+           // watch for "Trusted host attached"
+           watchTrustedStatus(kLockdownNotificationTrustedHostAttached,
+                              CFSTR("Trusted Host attached"));
+
+           // watch for "Trusted PDP attached"
+           watchTrustedStatus(kLockdownNotificationTrustedPTPAttached,
+                              CFSTR("Trusted PTP attached"));

        });
 
        CFRetain(rl);
        });
 
        CFRetain(rl);

diff --git a/configd.tproj/entitlements-ios.plist b/configd.tproj/entitlements-ios.plist
index f4da916b44964f192ce2026a4b02688d1b088912..256c3d95d553502a6423f9b036e64fb9a8a8f9f7 100644 (file)
--- a/configd.tproj/entitlements-ios.plist
+++ b/configd.tproj/entitlements-ios.plist
@@ -50,9 +50,9 @@
        <true/>
        <key>com.apple.carousel.modalappservice</key>
        <true/>
        <true/>
        <key>com.apple.carousel.modalappservice</key>
        <true/>

-       <key>com.apple.private.lockdown.finegrained-get</key>
+       <key>com.apple.private.lockdown.is-host-trusted</key>

        <array>
        <array>

-               <string>NULL/TrustedHostAttached</string>
+               <string>com.apple.SystemConfiguration.InterfaceNamer</string>

        </array>
 </dict>
 </plist>
        </array>
 </dict>
 </plist>

diff --git a/configd.xcodeproj/project.pbxproj b/configd.xcodeproj/project.pbxproj
index 4f32631090c7a52b41044f6311fe9878b96177d7..d7e4567198f47ab937f4dcecbc618e89124fe0d5 100644 (file)
--- a/configd.xcodeproj/project.pbxproj
+++ b/configd.xcodeproj/project.pbxproj
@@ -8457,7 +8457,7 @@
                                LIBRARY_STYLE = STATIC;
                                OTHER_CFLAGS = (
                                        "$(inherited)",
                                LIBRARY_STYLE = STATIC;
                                OTHER_CFLAGS = (
                                        "$(inherited)",

-                                       "-DSC_LOG_HANDLE=\"__log_IPMonitor()\"",
+                                       "-DSC_LOG_HANDLE=\"__log_InterfaceNamer()\"",

                                );
                                PRODUCT_NAME = InterfaceNamer;
                                SDKROOT = iphoneos.internal;
                                );
                                PRODUCT_NAME = InterfaceNamer;
                                SDKROOT = iphoneos.internal;


@@ -8474,7 +8474,7 @@
                                LIBRARY_STYLE = STATIC;
                                OTHER_CFLAGS = (
                                        "$(inherited)",
                                LIBRARY_STYLE = STATIC;
                                OTHER_CFLAGS = (
                                        "$(inherited)",

-                                       "-DSC_LOG_HANDLE=\"__log_IPMonitor()\"",
+                                       "-DSC_LOG_HANDLE=\"__log_InterfaceNamer()\"",

                                );
                                PRODUCT_NAME = InterfaceNamer;
                                SDKROOT = iphoneos.internal;
                                );
                                PRODUCT_NAME = InterfaceNamer;
                                SDKROOT = iphoneos.internal;