lib/cskernel.cpp

   1 /*
   2  * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // cskernel - Kernel implementation of the Code Signing Host Interface
  26 //
  27 #include "cskernel.h"
  28 #include "csprocess.h"
  29 #include "kerneldiskrep.h"
  30 #include <libproc.h>
  31 #include <sys/codesign.h>
  32 #include <sys/param.h>  // MAXPATHLEN
  33
  34 namespace Security {
  35 namespace CodeSigning {
  36
  37
  38 //
  39 // The running-kernel singletons
  40 //
  41 ModuleNexus<KernelCode::Globals> KernelCode::globals;
  42
  43 KernelCode::Globals::Globals()
  44 {
  45         code = new KernelCode;
  46         staticCode = new KernelStaticCode;
  47 }
  48
  49 KernelCode::KernelCode()
  50         : SecCode(NULL)
  51 {
  52 }
  53
  54 KernelStaticCode::KernelStaticCode()
  55         : SecStaticCode(new KernelDiskRep())
  56 {
  57 }
  58
  59
  60 //
  61 // We locate a guest (process) by invoking a kernel service.
  62 // The only attributes supported are ("pid", pid_t).
  63 // (We could also support task ports if we liked, but those can be translated
  64 // to pids by the caller without trouble.)
  65 //
  66 SecCode *KernelCode::locateGuest(CFDictionaryRef attributes)
  67 {
  68         if (CFTypeRef attr = CFDictionaryGetValue(attributes, kSecGuestAttributePid)) {
  69                 if (CFDictionaryGetCount(attributes) != 1)
  70                         MacOSError::throwMe(errSecCSUnsupportedGuestAttributes); // had more
  71                 if (CFGetTypeID(attr) == CFNumberGetTypeID())
  72                         return (new ProcessCode(cfNumber<pid_t>(CFNumberRef(attr))))->retain();
  73                 MacOSError::throwMe(errSecCSInvalidAttributeValues);
  74         } else
  75                 MacOSError::throwMe(errSecCSUnsupportedGuestAttributes);
  76 }
  77
  78
  79 //
  80 // We map guests to disk by calling a kernel service.
  81 //
  82 SecStaticCode *KernelCode::mapGuestToStatic(SecCode *iguest)
  83 {
  84         if (ProcessCode *guest = dynamic_cast<ProcessCode *>(iguest)) {
  85                 char path[2 * MAXPATHLEN];      // reasonable upper limit
  86                 if (::proc_pidpath(guest->pid(), path, sizeof(path)))
  87                         return (new ProcessStaticCode(DiskRep::bestGuess(path)))->retain();
  88                 else
  89                         UnixError::throwMe();
  90         }
  91         MacOSError::throwMe(errSecCSNoSuchCode);
  92 }
  93
  94
  95 //
  96 // We obtain the guest's status by asking the kernel
  97 //
  98 uint32_t KernelCode::getGuestStatus(SecCode *iguest)
  99 {
 100         if (ProcessCode *guest = dynamic_cast<ProcessCode *>(iguest)) {
 101                 uint32_t pFlags;
 102                 if (::csops(guest->pid(), CS_OPS_STATUS, &pFlags, 0) == -1) {
 103                         secdebug("kcode", "cannot get guest status of %p(%d) errno=%d",
 104                                 guest, guest->pid(), errno);
 105                         switch (errno) {
 106                         case ESRCH:
 107                                 MacOSError::throwMe(errSecCSNoSuchCode);
 108                         default:
 109                                 UnixError::throwMe();
 110                         }
 111                 }
 112                 secdebug("kcode", "guest %p(%d) kernel status 0x%x", guest, guest->pid(), pFlags);
 113
 114 #if defined(USERSPACE_VALIDATION)
 115                 // Former static substitute for dynamic kernel validation of executable pages.
 116                 // This is now done in the kernel's page-in path.
 117                 guest->staticCode()->validateExecutable();
 118 #endif //USERSPACE_VALIDATION
 119
 120                 return pFlags;
 121         } else
 122                 MacOSError::throwMe(errSecCSNoSuchCode);
 123 }
 124
 125
 126 //
 127 // The StaticCode for the running kernel is explicit.
 128 // We can't ask our own host for it, naturally.
 129 //
 130 SecStaticCode *KernelCode::getStaticCode()
 131 {
 132         return globals().staticCode->retain();
 133 }
 134
 135
 136 } // CodeSigning
 137 } // Security