]> git.saurik.com Git - apple/libsecurity_codesigning.git/blob - lib/bundlediskrep.cpp
projects / apple / libsecurity_codesigning.git / blob
? search:


09d5ca22fed9725e52892ea99b57b642849e81cb
[apple/libsecurity_codesigning.git] / lib / bundlediskrep.cpp
1 /*
2 * Copyright (c) 2006-2011 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #include "bundlediskrep.h"
24 #include "filediskrep.h"
25 #include <CoreFoundation/CFURLAccess.h>
26 #include <CoreFoundation/CFBundlePriv.h>
27 #include <security_utilities/cfmunge.h>
28 #include <copyfile.h>
29
30
31 namespace Security {
32 namespace CodeSigning {
33
34 using namespace UnixPlusPlus;
35
36
37 //
38 // We make a CFBundleRef immediately, but everything else is lazy
39 //
40 BundleDiskRep::BundleDiskRep(const char *path, const Context *ctx)
41 : mBundle(CFBundleCreate(NULL, CFTempURL(path)))
42 {
43 if (!mBundle)
44 MacOSError::throwMe(errSecCSBadBundleFormat);
45 setup(ctx);
46 CODESIGN_DISKREP_CREATE_BUNDLE_PATH(this, (char*)path, (void*)ctx, mExecRep);
47 }
48
49 BundleDiskRep::BundleDiskRep(CFBundleRef ref, const Context *ctx)
50 {
51 mBundle = ref; // retains
52 setup(ctx);
53 CODESIGN_DISKREP_CREATE_BUNDLE_REF(this, ref, (void*)ctx, mExecRep);
54 }
55
56 // common construction code
57 void BundleDiskRep::setup(const Context *ctx)
58 {
59 // deal with versioned bundles (aka Frameworks)
60 string version = resourcesRootPath()
61 + "/Versions/"
62 + ((ctx && ctx->version) ? ctx->version : "Current")
63 + "/.";
64 if (::access(version.c_str(), F_OK) == 0) { // versioned bundle
65 if (CFBundleRef versionBundle = CFBundleCreate(NULL, CFTempURL(version)))
66 mBundle.take(versionBundle); // replace top bundle ref
67 else
68 MacOSError::throwMe(errSecCSStaticCodeNotFound);
69 } else {
70 if (ctx && ctx->version) // explicitly specified
71 MacOSError::throwMe(errSecCSStaticCodeNotFound);
72 }
73
74 // conventional executable bundle: CFBundle identifies an executable for us
75 if (mMainExecutableURL.take(CFBundleCopyExecutableURL(mBundle))) {
76 // conventional executable bundle
77 mExecRep = DiskRep::bestFileGuess(this->mainExecutablePath(), ctx);
78 mFormat = string("bundle with ") + mExecRep->format();
79 return;
80 }
81
82 CFDictionaryRef infoDict = CFBundleGetInfoDictionary(mBundle);
83 assert(infoDict); // CFBundle will always make one up for us
84
85 if (CFTypeRef main = CFDictionaryGetValue(infoDict, CFSTR("MainHTML"))) {
86 // widget
87 if (CFGetTypeID(main) != CFStringGetTypeID())
88 MacOSError::throwMe(errSecCSBadBundleFormat);
89 mMainExecutableURL = makeCFURL(cfString(CFStringRef(main)), false, CFRef<CFURLRef>(CFBundleCopySupportFilesDirectoryURL(mBundle)));
90 if (!mMainExecutableURL)
91 MacOSError::throwMe(errSecCSBadBundleFormat);
92 mExecRep = new FileDiskRep(this->mainExecutablePath().c_str());
93 mFormat = "widget bundle";
94 return;
95 }
96
97 // generic bundle case - impose our own "minimal signable bundle" standard
98
99 // we MUST have an actual Info.plist in here
100 CFRef<CFURLRef> infoURL = _CFBundleCopyInfoPlistURL(mBundle);
101 if (!infoURL)
102 MacOSError::throwMe(errSecCSBadBundleFormat);
103
104
105 // focus on the Info.plist (which we know exists) as the nominal "main executable" file
106 if ((mMainExecutableURL = _CFBundleCopyInfoPlistURL(mBundle))) {
107 mExecRep = new FileDiskRep(this->mainExecutablePath().c_str());
108 mFormat = "bundle";
109 return;
110 }
111
112 // this bundle cannot be signed
113 MacOSError::throwMe(errSecCSBadBundleFormat);
114 }
115
116
117 //
118 // Create a path to a bundle signing resource, by name.
119 // If the BUNDLEDISKREP_DIRECTORY directory exists in the bundle's support directory, files
120 // will be read and written there. Otherwise, they go directly into the support directory.
121 //
122 string BundleDiskRep::metaPath(const char *name)
123 {
124 if (mMetaPath.empty()) {
125 string support = cfString(CFBundleCopySupportFilesDirectoryURL(mBundle), true);
126 mMetaPath = support + "/" BUNDLEDISKREP_DIRECTORY;
127 if (::access(mMetaPath.c_str(), F_OK) == 0) {
128 mMetaExists = true;
129 } else {
130 mMetaPath = support;
131 mMetaExists = false;
132 }
133 }
134 return mMetaPath + "/" + name;
135 }
136
137
138 //
139 // Try to create the meta-file directory in our bundle.
140 // Does nothing if the directory already exists.
141 // Throws if an error occurs.
142 //
143 void BundleDiskRep::createMeta()
144 {
145 string meta = metaPath(BUNDLEDISKREP_DIRECTORY);
146 if (!mMetaExists) {
147 if (::mkdir(meta.c_str(), 0755) == 0) {
148 copyfile(cfString(canonicalPath(), true).c_str(), meta.c_str(), NULL, COPYFILE_SECURITY);
149 mMetaPath = meta;
150 mMetaExists = true;
151 } else if (errno != EEXIST)
152 UnixError::throwMe();
153 }
154 }
155
156
157 //
158 // Load and return a component, by slot number.
159 // Info.plist components come from the bundle, always (we don't look
160 // for Mach-O embedded versions).
161 // Everything else comes from the embedded blobs of a Mach-O image, or from
162 // files located in the Contents directory of the bundle.
163 //
164 CFDataRef BundleDiskRep::component(CodeDirectory::SpecialSlot slot)
165 {
166 switch (slot) {
167 // the Info.plist comes from the magic CFBundle-indicated place and ONLY from there
168 case cdInfoSlot:
169 if (CFRef<CFURLRef> info = _CFBundleCopyInfoPlistURL(mBundle))
170 return cfLoadFile(info);
171 else
172 return NULL;
173 // by default, we take components from the executable image or files
174 default:
175 if (CFDataRef data = mExecRep->component(slot))
176 return data;
177 // falling through
178 // but the following always come from files
179 case cdResourceDirSlot:
180 if (const char *name = CodeDirectory::canonicalSlotName(slot))
181 return metaData(name);
182 else
183 return NULL;
184 }
185 }
186
187
188 //
189 // The binary identifier is taken directly from the main executable.
190 //
191 CFDataRef BundleDiskRep::identification()
192 {
193 return mExecRep->identification();
194 }
195
196
197 //
198 // Various aspects of our DiskRep personality.
199 //
200 CFURLRef BundleDiskRep::canonicalPath()
201 {
202 return CFBundleCopyBundleURL(mBundle);
203 }
204
205 string BundleDiskRep::mainExecutablePath()
206 {
207 return cfString(mMainExecutableURL);
208 }
209
210 string BundleDiskRep::resourcesRootPath()
211 {
212 return cfString(CFBundleCopySupportFilesDirectoryURL(mBundle), true);
213 }
214
215 void BundleDiskRep::adjustResources(ResourceBuilder &builder)
216 {
217 // exclude entire contents of meta directory
218 builder.addExclusion("^" BUNDLEDISKREP_DIRECTORY "/");
219
220 // exclude the store manifest directory
221 builder.addExclusion("^" STORE_RECEIPT_DIRECTORY "/");
222
223 // exclude the main executable file
224 string resources = resourcesRootPath();
225 string executable = mainExecutablePath();
226 if (!executable.compare(0, resources.length(), resources, 0, resources.length())) // is prefix
227 builder.addExclusion(string("^")
228 + ResourceBuilder::escapeRE(executable.substr(resources.length() + 1)) + "$");
229 }
230
231
232
233 Universal *BundleDiskRep::mainExecutableImage()
234 {
235 return mExecRep->mainExecutableImage();
236 }
237
238 size_t BundleDiskRep::signingBase()
239 {
240 return mExecRep->signingBase();
241 }
242
243 size_t BundleDiskRep::signingLimit()
244 {
245 return mExecRep->signingLimit();
246 }
247
248 string BundleDiskRep::format()
249 {
250 return mFormat;
251 }
252
253 CFArrayRef BundleDiskRep::modifiedFiles()
254 {
255 CFMutableArrayRef files = CFArrayCreateMutableCopy(NULL, 0, mExecRep->modifiedFiles());
256 checkModifiedFile(files, cdCodeDirectorySlot);
257 checkModifiedFile(files, cdSignatureSlot);
258 checkModifiedFile(files, cdResourceDirSlot);
259 checkModifiedFile(files, cdEntitlementSlot);
260 return files;
261 }
262
263 void BundleDiskRep::checkModifiedFile(CFMutableArrayRef files, CodeDirectory::SpecialSlot slot)
264 {
265 if (CFDataRef data = mExecRep->component(slot)) // provided by executable file
266 CFRelease(data);
267 else if (const char *resourceName = CodeDirectory::canonicalSlotName(slot)) {
268 string file = metaPath(resourceName);
269 if (::access(file.c_str(), F_OK) == 0)
270 CFArrayAppendValue(files, CFTempURL(file));
271 }
272 }
273
274 FileDesc &BundleDiskRep::fd()
275 {
276 return mExecRep->fd();
277 }
278
279 void BundleDiskRep::flush()
280 {
281 mExecRep->flush();
282 }
283
284
285 //
286 // Defaults for signing operations
287 //
288 string BundleDiskRep::recommendedIdentifier(const SigningContext &)
289 {
290 if (CFStringRef identifier = CFBundleGetIdentifier(mBundle))
291 return cfString(identifier);
292 if (CFDictionaryRef infoDict = CFBundleGetInfoDictionary(mBundle))
293 if (CFStringRef identifier = CFStringRef(CFDictionaryGetValue(infoDict, kCFBundleNameKey)))
294 return cfString(identifier);
295
296 // fall back to using the canonical path
297 return canonicalIdentifier(cfString(this->canonicalPath()));
298 }
299
300 CFDictionaryRef BundleDiskRep::defaultResourceRules(const SigningContext &)
301 {
302 // consider the bundle's structure
303 string rbase = this->resourcesRootPath();
304 if (rbase.substr(rbase.length()-2, 2) == "/.") // produced by versioned bundle implicit "Current" case
305 rbase = rbase.substr(0, rbase.length()-2); // ... so take it off for this
306 string resources = cfString(CFBundleCopyResourcesDirectoryURL(mBundle), true);
307 if (resources == rbase)
308 resources = "";
309 else if (resources.compare(0, rbase.length(), rbase, 0, rbase.length()) != 0) // Resources not in resource root
310 MacOSError::throwMe(errSecCSBadBundleFormat);
311 else
312 resources = resources.substr(rbase.length() + 1) + "/"; // differential path segment
313
314 return cfmake<CFDictionaryRef>("{rules={"
315 "'^version.plist$' = #T"
316 "%s = #T"
317 "%s = {optional=#T, weight=1000}"
318 "%s = {omit=#T, weight=1100}"
319 "}}",
320 (string("^") + resources).c_str(),
321 (string("^") + resources + ".*\\.lproj/").c_str(),
322 (string("^") + resources + ".*\\.lproj/locversion.plist$").c_str()
323 );
324 }
325
326 const Requirements *BundleDiskRep::defaultRequirements(const Architecture *arch, const SigningContext &ctx)
327 {
328 return mExecRep->defaultRequirements(arch, ctx);
329 }
330
331 size_t BundleDiskRep::pageSize(const SigningContext &ctx)
332 {
333 return mExecRep->pageSize(ctx);
334 }
335
336
337 //
338 // Writers
339 //
340 DiskRep::Writer *BundleDiskRep::writer()
341 {
342 return new Writer(this);
343 }
344
345 BundleDiskRep::Writer::Writer(BundleDiskRep *r)
346 : rep(r), mMadeMetaDirectory(false)
347 {
348 execWriter = rep->mExecRep->writer();
349 }
350
351
352 //
353 // Write a component.
354 // Note that this isn't concerned with Mach-O writing; this is handled at
355 // a much higher level. If we're called, we write to a file in the Bundle's meta directory.
356 //
357 void BundleDiskRep::Writer::component(CodeDirectory::SpecialSlot slot, CFDataRef data)
358 {
359 switch (slot) {
360 default:
361 if (!execWriter->attribute(writerLastResort)) // willing to take the data...
362 return execWriter->component(slot, data); // ... so hand it through
363 // execWriter doesn't want the data; store it as a resource file (below)
364 case cdResourceDirSlot:
365 // the resource directory always goes into a bundle file
366 if (const char *name = CodeDirectory::canonicalSlotName(slot)) {
367 rep->createMeta();
368 string path = rep->metaPath(name);
369 AutoFileDesc fd(path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
370 fd.writeAll(CFDataGetBytePtr(data), CFDataGetLength(data));
371 } else
372 MacOSError::throwMe(errSecCSBadBundleFormat);
373 }
374 }
375
376
377 //
378 // Remove all signature data
379 //
380 void BundleDiskRep::Writer::remove()
381 {
382 // remove signature from the executable
383 execWriter->remove();
384
385 // remove signature files from bundle
386 for (CodeDirectory::SpecialSlot slot = 0; slot < cdSlotCount; slot++)
387 remove(slot);
388 remove(cdSignatureSlot);
389 }
390
391 void BundleDiskRep::Writer::remove(CodeDirectory::SpecialSlot slot)
392 {
393 if (const char *name = CodeDirectory::canonicalSlotName(slot))
394 if (::unlink(rep->metaPath(name).c_str()))
395 switch (errno) {
396 case ENOENT: // not found - that's okay
397 break;
398 default:
399 UnixError::throwMe();
400 }
401 }
402
403
404 void BundleDiskRep::Writer::flush()
405 {
406 execWriter->flush();
407 }
408
409
410 } // end namespace CodeSigning
411 } // end namespace Security
mirror of libsecurity_codesigning