]> git.saurik.com Git - apple/libsecurity_codesigning.git/blob - lib/xpcengine.cpp
projects / apple / libsecurity_codesigning.git / blob
? search:


64fbcf9d8b2fe898eb185339d519e5fcae5b59f5
[apple/libsecurity_codesigning.git] / lib / xpcengine.cpp
1 /*
2 * Copyright (c) 2011 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #include "xpcengine.h"
24 #include <xpc/connection.h>
25 #include <syslog.h>
26 #include <CoreFoundation/CoreFoundation.h>
27 #include <security_utilities/cfutilities.h>
28 #include <Security/CodeSigning.h>
29
30
31 namespace Security {
32 namespace CodeSigning {
33
34 static const char serviceName[] = "com.apple.security.syspolicy";
35
36
37 static dispatch_once_t dispatchInit; // one-time init marker
38 static xpc_connection_t service; // connection to spd
39 static dispatch_queue_t queue; // dispatch queue for service
40
41 static void init()
42 {
43 dispatch_once(&dispatchInit, ^void(void) {
44 const char *name = serviceName;
45 if (const char *env = getenv("SYSPOLICYNAME"))
46 name = env;
47 queue = dispatch_queue_create("spd-client", 0);
48 service = xpc_connection_create_mach_service(name, queue, XPC_CONNECTION_MACH_SERVICE_PRIVILEGED);
49 xpc_connection_set_event_handler(service, ^(xpc_object_t ev) {
50 });
51 xpc_connection_resume(service);
52 });
53 }
54
55
56 //
57 // Your standard XPC client-side machinery
58 //
59 class Message {
60 public:
61 xpc_object_t obj;
62
63 Message(const char *function)
64 {
65 init();
66 obj = xpc_dictionary_create(NULL, NULL, 0);
67 xpc_dictionary_set_string(obj, "function", function);
68 }
69 ~Message()
70 {
71 if (obj)
72 xpc_release(obj);
73 }
74 operator xpc_object_t () { return obj; }
75
76 void send()
77 {
78 xpc_object_t reply = xpc_connection_send_message_with_reply_sync(service, obj);
79 xpc_release(obj);
80 obj = NULL;
81 xpc_type_t type = xpc_get_type(reply);
82 if (type == XPC_TYPE_DICTIONARY) {
83 obj = reply;
84 if (int64_t error = xpc_dictionary_get_int64(obj, "error"))
85 MacOSError::throwMe(error);
86 } else if (type == XPC_TYPE_ERROR) {
87 const char *s = xpc_copy_description(reply);
88 printf("Error returned: %s\n", s);
89 free((char*)s);
90 MacOSError::throwMe(errSecCSInternalError);
91 } else {
92 const char *s = xpc_copy_description(reply);
93 printf("Unexpected type of return object: %s\n", s);
94 free((char*)s);
95 }
96 }
97 };
98
99
100
101 static void copyCFDictionary(const void *key, const void *value, void *ctx)
102 {
103 CFMutableDictionaryRef target = CFMutableDictionaryRef(ctx);
104 if (CFEqual(key, kSecAssessmentContextKeyCertificates)) // obsolete
105 return;
106 if (CFGetTypeID(value) == CFURLGetTypeID()) {
107 CFRef<CFStringRef> path = CFURLCopyFileSystemPath(CFURLRef(value), kCFURLPOSIXPathStyle);
108 CFDictionaryAddValue(target, key, path);
109 } else {
110 CFDictionaryAddValue(target, key, value);
111 }
112 }
113
114 void xpcEngineAssess(CFURLRef path, uint flags, CFDictionaryRef context, CFMutableDictionaryRef result)
115 {
116 Message msg("assess");
117 xpc_dictionary_set_string(msg, "path", cfString(path).c_str());
118 xpc_dictionary_set_int64(msg, "flags", flags);
119 CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary();
120 if (context)
121 CFDictionaryApplyFunction(context, copyCFDictionary, ctx);
122 CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx));
123 xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData));
124
125 msg.send();
126
127 if (int64_t error = xpc_dictionary_get_int64(msg, "error"))
128 MacOSError::throwMe(error);
129
130 size_t resultLength;
131 const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength);
132 CFRef<CFDictionaryRef> resultDict = makeCFDictionaryFrom(resultData, resultLength);
133 CFDictionaryApplyFunction(resultDict, copyCFDictionary, result);
134 CFDictionaryAddValue(result, CFSTR("assessment:remote"), kCFBooleanTrue);
135 }
136
137
138 bool xpcEngineUpdate(CFTypeRef target, uint flags, CFDictionaryRef context)
139 {
140 Message msg("update");
141 // target can be NULL, a CFURLRef, a SecRequirementRef, or a CFNumberRef
142 if (target) {
143 if (CFGetTypeID(target) == CFNumberGetTypeID())
144 xpc_dictionary_set_uint64(msg, "rule", cfNumber<int64_t>(CFNumberRef(target)));
145 else if (CFGetTypeID(target) == CFURLGetTypeID())
146 xpc_dictionary_set_string(msg, "url", cfString(CFURLRef(target)).c_str());
147 else if (CFGetTypeID(target) == SecRequirementGetTypeID()) {
148 CFRef<CFDataRef> data;
149 MacOSError::check(SecRequirementCopyData(SecRequirementRef(target), kSecCSDefaultFlags, &data.aref()));
150 xpc_dictionary_set_data(msg, "requirement", CFDataGetBytePtr(data), CFDataGetLength(data));
151 } else
152 MacOSError::throwMe(errSecCSInvalidObjectRef);
153 }
154 xpc_dictionary_set_int64(msg, "flags", flags);
155 CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary();
156 if (context)
157 CFDictionaryApplyFunction(context, copyCFDictionary, ctx);
158 AuthorizationRef localAuthorization = NULL;
159 if (CFDictionaryGetValue(ctx, kSecAssessmentUpdateKeyAuthorization) == NULL) { // no caller-provided authorization
160 MacOSError::check(AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &localAuthorization));
161 AuthorizationExternalForm extForm;
162 MacOSError::check(AuthorizationMakeExternalForm(localAuthorization, &extForm));
163 CFDictionaryAddValue(ctx, kSecAssessmentUpdateKeyAuthorization, CFTempData(&extForm, sizeof(extForm)));
164 }
165 CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx));
166 xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData));
167
168 msg.send();
169
170 if (localAuthorization)
171 AuthorizationFree(localAuthorization, kAuthorizationFlagDefaults);
172
173 if (int64_t error = xpc_dictionary_get_int64(msg, "error"))
174 MacOSError::throwMe(error);
175
176 return true;
177 }
178
179
180 bool xpcEngineControl(const char *control)
181 {
182 Message msg("control");
183 xpc_dictionary_set_string(msg, "control", control);
184 msg.send();
185 return true;
186 }
187
188
189 } // end namespace CodeSigning
190 } // end namespace Security
mirror of libsecurity_codesigning