lib/SecStaticCode.cpp

   1 /*
   2  * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // SecStaticCode - API frame for SecStaticCode objects
  26 //
  27 #include "cs.h"
  28 #include "StaticCode.h"
  29 #include <fcntl.h>
  30
  31 using namespace CodeSigning;
  32
  33
  34 //
  35 // CF-standard type code function
  36 //
  37 CFTypeID SecStaticCodeGetTypeID(void)
  38 {
  39         BEGIN_CSAPI
  40         return gCFObjects().StaticCode.typeID;
  41     END_CSAPI1(_kCFRuntimeNotATypeID)
  42 }
  43
  44
  45 //
  46 // Create an StaticCode directly from disk path.
  47 //
  48 OSStatus SecStaticCodeCreateWithPath(CFURLRef path, SecCSFlags flags, SecStaticCodeRef *staticCodeRef)
  49 {
  50         BEGIN_CSAPI
  51
  52         checkFlags(flags);
  53         Required(staticCodeRef) = (new SecStaticCode(DiskRep::bestGuess(cfString(path).c_str())))->handle();
  54
  55         END_CSAPI
  56 }
  57
  58
  59 //
  60 // Check static validity of a StaticCode
  61 //
  62 OSStatus SecStaticCodeCheckValidity(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
  63         SecRequirementRef requirementRef)
  64 {
  65         return SecStaticCodeCheckValidityWithErrors(staticCodeRef, flags, requirementRef, NULL);
  66 }
  67
  68 OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
  69         SecRequirementRef requirementRef, CFErrorRef *errors)
  70 {
  71         BEGIN_CSAPI
  72
  73         checkFlags(flags,
  74                   kSecCSCheckAllArchitectures
  75                 | kSecCSDoNotValidateExecutable
  76                 | kSecCSDoNotValidateResources
  77                 | kSecCSConsiderExpiration);
  78
  79         SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(staticCodeRef);
  80         code->validateDirectory();
  81         if (!(flags & kSecCSDoNotValidateExecutable))
  82                 code->validateExecutable();
  83         if (!(flags & kSecCSDoNotValidateResources))
  84                 code->validateResources();
  85         if (const SecRequirement *req = SecRequirement::optional(requirementRef))
  86                 code->validateRequirements(req->requirement(), errSecCSReqFailed);
  87
  88         END_CSAPI_ERRORS
  89 }
  90
  91
  92 //
  93 // ====================================================================================
  94 //
  95 // The following API functions are called SecCode* but accept both SecCodeRef and
  96 // SecStaticCodeRef arguments, operating on the implied SecStaticCodeRef as appropriate.
  97 // Hence they're here, rather than in SecCode.cpp.
  98 //
  99
 100
 101 //
 102 // Retrieve location information for an StaticCode.
 103 //
 104 OSStatus SecCodeCopyPath(SecStaticCodeRef staticCodeRef, SecCSFlags flags, CFURLRef *path)
 105 {
 106         BEGIN_CSAPI
 107
 108         checkFlags(flags);
 109         SecPointer<SecStaticCode> staticCode = SecStaticCode::requiredStatic(staticCodeRef);
 110         Required(path) = staticCode->canonicalPath();
 111
 112         END_CSAPI
 113 }
 114
 115
 116 //
 117 // Fetch or make up a designated requirement
 118 //
 119 OSStatus SecCodeCopyDesignatedRequirement(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
 120         SecRequirementRef *requirementRef)
 121 {
 122         BEGIN_CSAPI
 123
 124         checkFlags(flags);
 125         const Requirement *req =
 126                 SecStaticCode::requiredStatic(staticCodeRef)->designatedRequirement();
 127         Required(requirementRef) = (new SecRequirement(req))->handle();
 128
 129         END_CSAPI
 130 }
 131
 132
 133 //
 134 // Record for future use a detached code signature.
 135 //
 136 OSStatus SecCodeSetDetachedSignature(SecStaticCodeRef codeRef, CFDataRef signature,
 137         SecCSFlags flags)
 138 {
 139         BEGIN_CSAPI
 140
 141         checkFlags(flags);
 142         SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
 143
 144         code->detachedSignature(signature);
 145         code->resetValidity();
 146
 147         END_CSAPI
 148 }
 149
 150
 151 //
 152 // Attach a code signature to a kernel memory mapping for page-in validation.
 153 //
 154 OSStatus SecCodeMapMemory(SecStaticCodeRef codeRef, SecCSFlags flags)
 155 {
 156         BEGIN_CSAPI
 157
 158         checkFlags(flags);
 159         SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
 160         if (const CodeDirectory *cd = code->codeDirectory(false)) {
 161                 fsignatures args = { code->diskRep()->signingBase(), (void *)cd, cd->length() };
 162                 UnixError::check(::fcntl(code->diskRep()->fd(), F_ADDSIGS, &args));
 163         } else
 164                 MacOSError::throwMe(errSecCSUnsigned);
 165
 166         END_CSAPI
 167 }