lib/csgeneric.cpp

   1 /*
   2  * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // csgeneric - generic Code representative
  26 //
  27 #include "csgeneric.h"
  28 #include "cs.h"
  29 #include "StaticCode.h"
  30 #include <securityd_client/cshosting.h>
  31 #include <sys/param.h>
  32
  33 namespace Security {
  34 namespace CodeSigning {
  35
  36 using MachPlusPlus::Port;
  37
  38
  39 //
  40 // Common call-out code for cshosting RPC service
  41 //
  42 #define CALL(host, name, args...) \
  43         OSStatus result; \
  44         if (cshosting_client_ ## name (host, mig_get_reply_port(), &result, args)) \
  45                 MacOSError::throwMe(errSecCSNotAHost); \
  46         MacOSError::check(result);
  47
  48
  49 //
  50 // Construct a running process representation
  51 //
  52 GenericCode::GenericCode(SecCode *host, SecGuestRef guestRef)
  53         : SecCode(host), mGuestRef(guestRef)
  54 {
  55 }
  56
  57
  58 //
  59 // Identify a guest by attribute set, and return a new GenericCode representing it.
  60 // This uses cshosting RPCs to ask the host (or its proxy).
  61 //
  62 SecCode *GenericCode::locateGuest(CFDictionaryRef attributes)
  63 {
  64         if (Port host = hostingPort()) {
  65                 CFRef<CFDataRef> attrData;
  66                 void *attrPtr = NULL; size_t attrLength = 0;
  67                 if (attributes) {
  68                         attrData.take(CFPropertyListCreateXMLData(NULL, attributes));
  69                         attrPtr = (void *)CFDataGetBytePtr(attrData);
  70                         attrLength = CFDataGetLength(attrData);
  71                 }
  72                 GuestChain guestPath;
  73                 mach_msg_type_number_t guestPathLength;
  74                 mach_port_t subport;
  75                 CALL(host, findGuest, guestRef(), attrPtr, attrLength,
  76                         &guestPath, &guestPathLength, &subport);
  77                 secdebug("genericcode", "%p found guest chain length=%d",
  78                         this, guestPathLength);
  79                 SecPointer<SecCode> code = this;
  80                 for (unsigned n = 0; n < guestPathLength; n++)
  81                         code = new GenericCode(code, guestPath[n]);
  82                 return code.yield();
  83         } else
  84                 return NULL;            // not found, no error
  85 }
  86
  87
  88 //
  89 // Map a guest to its StaticCode.
  90 // This uses cshosting RPCs to ask the host (or its proxy).
  91 //
  92 SecStaticCode *GenericCode::mapGuestToStatic(SecCode *guest)
  93 {
  94         if (Port host = hostingPort()) {
  95                 char path[MAXPATHLEN];
  96                 CALL(host, guestPath, safe_cast<GenericCode *>(guest)->guestRef(), path);
  97                 return (new GenericStaticCode(DiskRep::bestGuess(path)))->retain();
  98         } else
  99                 MacOSError::throwMe(errSecCSNotAHost);
 100 }
 101
 102
 103 //
 104 // Get the Code Signing Status Word for a Code.
 105 // This uses cshosting RPCs to ask the host (or its proxy).
 106 //
 107 uint32_t GenericCode::getGuestStatus(SecCode *guest)
 108 {
 109         if (Port host = hostingPort()) {
 110                 uint32_t status;
 111                 CALL(host, guestStatus, safe_cast<GenericCode *>(guest)->guestRef(), &status);
 112                 return status;
 113         } else
 114                 MacOSError::throwMe(errSecCSNotAHost);
 115 }
 116
 117
 118 //
 119 // Return the Hosting Port for this Code.
 120 // May return MACH_PORT_NULL if the code is not a code host.
 121 // Throws if we can't get the hosting port for some reason (and can't positively
 122 // determine that there is none).
 123 //
 124 // Note that we do NOT cache negative outcomes. Being a host is a dynamic property,
 125 // and this Code may not have commenced hosting operations yet. For non- (or not-yet-)hosts
 126 // we simply return NULL.
 127 //
 128 Port GenericCode::hostingPort()
 129 {
 130         if (!mHostingPort) {
 131                 if (staticCode()->codeDirectory()->flags & kSecCodeSignatureHost)
 132                         mHostingPort = getHostingPort();
 133         }
 134         return mHostingPort;
 135 }
 136
 137
 138 //
 139 // A pure GenericHost has no idea where to get a hosting port from.
 140 // This method must be overridden to get one.
 141 // However, we do handle a contiguous chain of GenericCodes by deferring
 142 // to our next-higher host for it.
 143 //
 144 mach_port_t GenericCode::getHostingPort()
 145 {
 146         if (GenericCode *genericHost = dynamic_cast<GenericCode *>(host()))
 147                 return genericHost->getHostingPort();
 148         else
 149                 MacOSError::throwMe(errSecCSNotAHost);
 150 }
 151
 152
 153 } // CodeSigning
 154 } // Security