lib/xpcengine.cpp

   1 /*
   2  * Copyright (c) 2011 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23 #include "xpcengine.h"
  24 #include <xpc/connection.h>
  25 #include <syslog.h>
  26 #include <CoreFoundation/CoreFoundation.h>
  27 #include <security_utilities/cfutilities.h>
  28
  29
  30 namespace Security {
  31 namespace CodeSigning {
  32
  33 static const char serviceName[] = "com.apple.security.syspolicy";
  34
  35
  36 static dispatch_once_t dispatchInit;            // one-time init marker
  37 static xpc_connection_t service;                        // connection to spd
  38 static dispatch_queue_t queue;                          // dispatch queue for service
  39
  40 static void init()
  41 {
  42         dispatch_once(&dispatchInit, ^void(void) {
  43                 const char *name = serviceName;
  44                 if (const char *env = getenv("SYSPOLICYNAME"))
  45                         name = env;
  46                 queue = dispatch_queue_create("spd-client", 0);
  47                 service = xpc_connection_create_mach_service(name, queue, XPC_CONNECTION_MACH_SERVICE_PRIVILEGED);
  48                 xpc_connection_set_event_handler(service, ^(xpc_object_t ev) {
  49                 });
  50                 xpc_connection_resume(service);
  51         });
  52 }
  53
  54
  55 //
  56 // Your standard XPC client-side machinery
  57 //
  58 class Message {
  59 public:
  60         xpc_object_t obj;
  61
  62         Message(const char *function)
  63         {
  64                 init();
  65                 obj = xpc_dictionary_create(NULL, NULL, 0);
  66                 xpc_dictionary_set_string(obj, "function", function);
  67         }
  68         ~Message()
  69         {
  70                 if (obj)
  71                         xpc_release(obj);
  72         }
  73         operator xpc_object_t () { return obj; }
  74
  75         void send()
  76         {
  77                 xpc_object_t reply = xpc_connection_send_message_with_reply_sync(service, obj);
  78                 xpc_release(obj);
  79                 obj = NULL;
  80                 xpc_type_t type = xpc_get_type(reply);
  81                 if (type == XPC_TYPE_DICTIONARY) {
  82                         obj = reply;
  83                         if (int64_t error = xpc_dictionary_get_int64(obj, "error"))
  84                                 MacOSError::throwMe(error);
  85                 } else if (type == XPC_TYPE_ERROR) {
  86                         const char *s = xpc_copy_description(reply);
  87                         printf("Error returned: %s\n", s);
  88                         free((char*)s);
  89                         MacOSError::throwMe(errSecCSInternalError);
  90                 } else {
  91                         const char *s = xpc_copy_description(reply);
  92                         printf("Unexpected type of return object: %s\n", s);
  93                         free((char*)s);
  94                 }
  95         }
  96 };
  97
  98
  99
 100 static void copyCFDictionary(const void *key, const void *value, void *ctx)
 101 {
 102         CFMutableDictionaryRef target = CFMutableDictionaryRef(ctx);
 103         if (CFEqual(key, kSecAssessmentContextKeyCertificates))         // legacy; drop it
 104                 return;
 105         if (CFGetTypeID(value) == CFURLGetTypeID()) {
 106                 CFRef<CFStringRef> path = CFURLCopyFileSystemPath(CFURLRef(value), kCFURLPOSIXPathStyle);
 107                 CFDictionaryAddValue(target, key, path);
 108         } else {
 109                 CFDictionaryAddValue(target, key, value);
 110         }
 111 }
 112
 113 void xpcEngineAssess(CFURLRef path, uint flags, CFDictionaryRef context, CFMutableDictionaryRef result)
 114 {
 115         Message msg("assess");
 116         xpc_dictionary_set_string(msg, "path", cfString(path).c_str());
 117         xpc_dictionary_set_int64(msg, "flags", flags);
 118         CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary();
 119         if (context)
 120                 CFDictionaryApplyFunction(context, copyCFDictionary, ctx);
 121         CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx));
 122         xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData));
 123         msg.send();
 124         size_t resultLength;
 125         const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength);
 126         CFRef<CFDictionaryRef> resultDict = makeCFDictionaryFrom(resultData, resultLength);
 127         CFDictionaryApplyFunction(resultDict, copyCFDictionary, result);
 128         CFDictionaryAddValue(result, CFSTR("assessment:remote"), kCFBooleanTrue);
 129 }
 130
 131
 132 bool xpcEngineControl(const char *control)
 133 {
 134         Message msg("control");
 135         xpc_dictionary_set_string(msg, "control", control);
 136         msg.send();
 137         return true;
 138 }
 139
 140
 141 } // end namespace CodeSigning
 142 } // end namespace Security