From: Apple <opensource@apple.com>
Date: Wed, 29 Jan 2020 22:30:43 +0000 (+0000)
Subject: configd-963.270.3.tar.gz
X-Git-Tag: macos-10146^0
X-Git-Url: https://git.saurik.com/apple/configd.git/commitdiff_plain/3b56ad6b79c967ddbd4a0e31f92dc3e6cef3961e
configd-963.270.3.tar.gz
---
diff --git a/Plugins/InterfaceNamer/ifnamer.c b/Plugins/InterfaceNamer/ifnamer.c
index 52f4a7a..bccc4b3 100644
--- a/Plugins/InterfaceNamer/ifnamer.c
+++ b/Plugins/InterfaceNamer/ifnamer.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2018 Apple Inc. All rights reserved.
+ * Copyright (c) 2001-2019 Apple Inc. All rights reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
@@ -217,6 +217,12 @@ static CFMutableDictionaryRef S_state = NULL;
*/
static Boolean S_trustedHostAttached = FALSE;
+/*
+ *
+ * Note: this global must only be updated on trustRequired_queue()
+ */
+static CFIndex S_trustedHostCount = 0;
+
/*
* S_trustRequired
* An array of CFData(WatchedInfo) objects representing those
@@ -2156,11 +2162,12 @@ watchLockedInterface(SCNetworkInterfaceRef interface)
static void
shareExcluded()
{
- CFMutableArrayRef excluded = NULL;
- CFIndex n;
+ CFIndex n;
n = (S_trustRequired != NULL) ? CFArrayGetCount(S_trustRequired) : 0;
if ((n > 0) && !S_trustedHostAttached) {
+ CFMutableArrayRef excluded;
+
// if we have interfaces that require not [yet] granted "trust".
excluded = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
@@ -2178,9 +2185,7 @@ shareExcluded()
}
CFArrayAppendValue(excluded, bsdName);
}
- }
- if (excluded != NULL) {
CFDictionarySetValue(S_state, kInterfaceNamerKey_ExcludedInterfaces, excluded);
CFRelease(excluded);
} else {
@@ -2210,25 +2215,42 @@ trustRequired_queue()
static void
trustRequiredNotification_update(CFRunLoopRef rl, CFStringRef reason)
{
- Boolean curTrusted = FALSE;
- CFBooleanRef trusted;
-
- trusted = lockdown_copy_trustedHostAttached();
- if (trusted != NULL) {
- curTrusted = isA_CFBoolean(trusted) && CFBooleanGetValue(trusted);
- CFRelease(trusted);
- }
-
- SC_log(LOG_INFO, "%@, trusted = %s", reason, curTrusted ? "Yes" : "No");
+ Boolean changed = FALSE;
+ CFStringRef error = NULL;
+ CFIndex n;
+ Boolean trusted;
- if (S_trustedHostAttached != curTrusted) {
- S_trustedHostAttached = curTrusted;
+ /*
+ * determine whether the device has "trusted" the host (or other device)
+ */
+ trusted = lockdown_is_host_trusted(MY_PLUGIN_ID, NULL, &error);
+ n = (S_trustRequired != NULL) ? CFArrayGetCount(S_trustRequired) : 0;
+ if ((S_trustedHostCount != n) || (S_trustedHostAttached != trusted)) {
+ changed = TRUE;
+ }
+
+ SC_log(LOG_INFO, "%@, trusted = %s%s%@, %ld interface%s)%s",
+ reason,
+ trusted ? "Yes" : "No",
+ (error != NULL) ? ", error = " : "",
+ (error != NULL) ? error : CFSTR(""),
+ n,
+ (n == 1) ? "" : "s",
+ changed ? " *" : "");
+
+ if (changed) {
+ S_trustedHostAttached = trusted;
+ S_trustedHostCount = n;
CFRunLoopPerformBlock(rl, kCFRunLoopDefaultMode, ^{
shareExcluded();
});
CFRunLoopWakeUp(rl);
}
+ if (error != NULL) {
+ CFRelease(error);
+ }
+
return;
}
@@ -2308,6 +2330,26 @@ watchTrustedStatus(CFStringRef notification, CFStringRef reason)
return;
}
+static Boolean
+isWatchedInterface(SCNetworkInterfaceRef interface)
+{
+ Boolean found = FALSE;
+ CFIndex n;
+
+ n = (S_trustRequired != NULL) ? CFArrayGetCount(S_trustRequired) : 0;
+ for (CFIndex i = 0; i < n; i++) {
+ CFDataRef watched = CFArrayGetValueAtIndex(S_trustRequired, i);
+ WatchedInfo *watchedInfo = (WatchedInfo *)(void *)CFDataGetBytePtr(watched);
+
+ if (CFEqual((watchedInfo->interface), interface)) {
+ found = TRUE;
+ break;
+ }
+ }
+
+ return found;
+}
+
static void
updateTrustRequiredInterfaces(CFArrayRef interfaces)
{
@@ -2319,7 +2361,7 @@ updateTrustRequiredInterfaces(CFArrayRef interfaces)
SCNetworkInterfaceRef interface;
interface = CFArrayGetValueAtIndex(interfaces, i);
- if (_SCNetworkInterfaceIsTrustRequired(interface)) {
+ if (_SCNetworkInterfaceIsTrustRequired(interface) && !isWatchedInterface(interface)) {
CFDataRef watched;
watched = watcherCreate(interface, trustRequiredInterfaceUpdated);
@@ -2341,13 +2383,21 @@ updateTrustRequiredInterfaces(CFArrayRef interfaces)
CFRunLoopRef rl = CFRunLoopGetCurrent();
dispatch_once(&once, ^{
- // watch for "Trusted host attached"
- watchTrustedStatus(kLockdownNotificationTrustedHostAttached,
- CFSTR("Trusted Host attached"));
+ // watch for "Host attached"
+ watchTrustedStatus(kLockdownNotificationHostAttached,
+ CFSTR("Host attached"));
// watch for "Host detached"
watchTrustedStatus(kLockdownNotificationHostDetached,
CFSTR("Host detached"));
+
+ // watch for "Trusted host attached"
+ watchTrustedStatus(kLockdownNotificationTrustedHostAttached,
+ CFSTR("Trusted Host attached"));
+
+ // watch for "Trusted PDP attached"
+ watchTrustedStatus(kLockdownNotificationTrustedPTPAttached,
+ CFSTR("Trusted PTP attached"));
});
CFRetain(rl);
diff --git a/configd.tproj/entitlements-ios.plist b/configd.tproj/entitlements-ios.plist
index f4da916..256c3d9 100644
--- a/configd.tproj/entitlements-ios.plist
+++ b/configd.tproj/entitlements-ios.plist
@@ -50,9 +50,9 @@
<true/>
<key>com.apple.carousel.modalappservice</key>
<true/>
- <key>com.apple.private.lockdown.finegrained-get</key>
+ <key>com.apple.private.lockdown.is-host-trusted</key>
<array>
- <string>NULL/TrustedHostAttached</string>
+ <string>com.apple.SystemConfiguration.InterfaceNamer</string>
</array>
</dict>
</plist>
diff --git a/configd.xcodeproj/project.pbxproj b/configd.xcodeproj/project.pbxproj
index 4f32631..d7e4567 100644
--- a/configd.xcodeproj/project.pbxproj
+++ b/configd.xcodeproj/project.pbxproj
@@ -8457,7 +8457,7 @@
LIBRARY_STYLE = STATIC;
OTHER_CFLAGS = (
"$(inherited)",
- "-DSC_LOG_HANDLE=\"__log_IPMonitor()\"",
+ "-DSC_LOG_HANDLE=\"__log_InterfaceNamer()\"",
);
PRODUCT_NAME = InterfaceNamer;
SDKROOT = iphoneos.internal;
@@ -8474,7 +8474,7 @@
LIBRARY_STYLE = STATIC;
OTHER_CFLAGS = (
"$(inherited)",
- "-DSC_LOG_HANDLE=\"__log_IPMonitor()\"",
+ "-DSC_LOG_HANDLE=\"__log_InterfaceNamer()\"",
);
PRODUCT_NAME = InterfaceNamer;
SDKROOT = iphoneos.internal;