]> git.saurik.com Git - apple/libsecurity_codesigning.git/blob - lib/StaticCode.cpp
projects / apple / libsecurity_codesigning.git / blob
? search:


cec0b2b58d5e416ef9c2645288bb19f4b9ad1daf
[apple/libsecurity_codesigning.git] / lib / StaticCode.cpp
1 /*
2 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // StaticCode - SecStaticCode API objects
26 //
27 #include "StaticCode.h"
28 #include "Code.h"
29 #include "reqmaker.h"
30 #include "reqdumper.h"
31 #include "sigblob.h"
32 #include "resources.h"
33 #include "renum.h"
34 #include "detachedrep.h"
35 #include "csdatabase.h"
36 #include "csutilities.h"
37 #include <CoreFoundation/CFURLAccess.h>
38 #include <Security/SecPolicyPriv.h>
39 #include <Security/SecTrustPriv.h>
40 #include <Security/SecCertificatePriv.h>
41 #include <Security/CMSPrivate.h>
42 #include <Security/SecCmsContentInfo.h>
43 #include <Security/SecCmsSignerInfo.h>
44 #include <Security/SecCmsSignedData.h>
45 #include <security_utilities/unix++.h>
46 #include <security_utilities/cfmunge.h>
47 #include <Security/CMSDecoder.h>
48
49
50 namespace Security {
51 namespace CodeSigning {
52
53 using namespace UnixPlusPlus;
54
55
56 //
57 // Construct a SecStaticCode object given a disk representation object
58 //
59 SecStaticCode::SecStaticCode(DiskRep *rep)
60 : mRep(rep),
61 mValidated(false), mExecutableValidated(false),
62 mDesignatedReq(NULL), mGotResourceBase(false), mEvalDetails(NULL)
63 {
64 CODESIGN_STATIC_CREATE(this, rep);
65 checkForSystemSignature();
66 }
67
68
69 //
70 // Clean up a SecStaticCode object
71 //
72 SecStaticCode::~SecStaticCode() throw()
73 try {
74 ::free(const_cast<Requirement *>(mDesignatedReq));
75 } catch (...) {
76 return;
77 }
78
79
80 //
81 // CF-level comparison of SecStaticCode objects compares CodeDirectory hashes if signed,
82 // and falls back on comparing canonical paths if (both are) not.
83 //
84 bool SecStaticCode::equal(SecCFObject &secOther)
85 {
86 SecStaticCode *other = static_cast<SecStaticCode *>(&secOther);
87 CFDataRef mine = this->cdHash();
88 CFDataRef his = other->cdHash();
89 if (mine || his)
90 return mine && his && CFEqual(mine, his);
91 else
92 return CFEqual(this->canonicalPath(), other->canonicalPath());
93 }
94
95 CFHashCode SecStaticCode::hash()
96 {
97 if (CFDataRef h = this->cdHash())
98 return CFHash(h);
99 else
100 return CFHash(this->canonicalPath());
101 }
102
103
104 //
105 // Attach a detached signature.
106 //
107 void SecStaticCode::detachedSignature(CFDataRef sigData)
108 {
109 if (sigData) {
110 mRep = new DetachedRep(sigData, mRep->base(), "explicit detached");
111 CODESIGN_STATIC_ATTACH_EXPLICIT(this, mRep);
112 } else {
113 mRep = mRep->base();
114 CODESIGN_STATIC_ATTACH_EXPLICIT(this, NULL);
115 }
116 }
117
118
119 //
120 // Consult the system detached signature database to see if it contains
121 // a detached signature for this StaticCode. If it does, fetch and attach it.
122 // We do this only if the code has no signature already attached.
123 //
124 void SecStaticCode::checkForSystemSignature()
125 {
126 if (!this->isSigned())
127 try {
128 if (RefPointer<DiskRep> dsig = signatureDatabase().findCode(mRep)) {
129 CODESIGN_STATIC_ATTACH_SYSTEM(this, dsig);
130 mRep = dsig;
131 }
132 } catch (...) {
133 }
134 }
135
136
137 //
138 // Return a descriptive string identifying the source of the code signature
139 //
140 string SecStaticCode::signatureSource()
141 {
142 if (!isSigned())
143 return "unsigned";
144 if (DetachedRep *rep = dynamic_cast<DetachedRep *>(mRep.get()))
145 return rep->source();
146 return "embedded";
147 }
148
149
150 //
151 // Do ::required, but convert incoming SecCodeRefs to their SecStaticCodeRefs
152 // (if possible).
153 //
154 SecStaticCode *SecStaticCode::requiredStatic(SecStaticCodeRef ref)
155 {
156 SecCFObject *object = SecCFObject::required(ref, errSecCSInvalidObjectRef);
157 if (SecStaticCode *scode = dynamic_cast<SecStaticCode *>(object))
158 return scode;
159 else if (SecCode *code = dynamic_cast<SecCode *>(object))
160 return code->staticCode();
161 else // neither (a SecSomethingElse)
162 MacOSError::throwMe(errSecCSInvalidObjectRef);
163 }
164
165 SecCode *SecStaticCode::optionalDynamic(SecStaticCodeRef ref)
166 {
167 SecCFObject *object = SecCFObject::required(ref, errSecCSInvalidObjectRef);
168 if (dynamic_cast<SecStaticCode *>(object))
169 return NULL;
170 else if (SecCode *code = dynamic_cast<SecCode *>(object))
171 return code;
172 else // neither (a SecSomethingElse)
173 MacOSError::throwMe(errSecCSInvalidObjectRef);
174 }
175
176
177 //
178 // Void all cached validity data.
179 //
180 // We also throw out cached components, because the new signature data may have
181 // a different idea of what components should be present. We could reconcile the
182 // cached data instead, if performance seems to be impacted.
183 //
184 void SecStaticCode::resetValidity()
185 {
186 CODESIGN_EVAL_STATIC_RESET(this);
187 mValidated = false;
188 mExecutableValidated = false;
189 mDir = NULL;
190 mSignature = NULL;
191 for (unsigned n = 0; n < cdSlotCount; n++)
192 mCache[n] = NULL;
193 mInfoDict = NULL;
194 mEntitlements = NULL;
195 mResourceDict = NULL;
196 mDesignatedReq = NULL;
197 mGotResourceBase = false;
198 mTrust = NULL;
199 mCertChain = NULL;
200 mEvalDetails = NULL;
201 mRep->flush();
202
203 // we may just have updated the system database, so check again
204 checkForSystemSignature();
205 }
206
207
208 //
209 // Retrieve a sealed component by special slot index.
210 // If the CodeDirectory has already been validated, validate against that.
211 // Otherwise, retrieve the component without validation (but cache it). Validation
212 // will go through the cache and validate all cached components.
213 //
214 CFDataRef SecStaticCode::component(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)
215 {
216 assert(slot <= cdSlotMax);
217
218 CFRef<CFDataRef> &cache = mCache[slot];
219 if (!cache) {
220 if (CFRef<CFDataRef> data = mRep->component(slot)) {
221 if (validated()) // if the directory has been validated...
222 if (!codeDirectory()->validateSlot(CFDataGetBytePtr(data), // ... and it's no good
223 CFDataGetLength(data), -slot))
224 MacOSError::throwMe(fail); // ... then bail
225 cache = data; // it's okay, cache it
226 } else { // absent, mark so
227 if (validated()) // if directory has been validated...
228 if (codeDirectory()->slotIsPresent(-slot)) // ... and the slot is NOT missing
229 MacOSError::throwMe(fail); // was supposed to be there
230 cache = CFDataRef(kCFNull); // white lie
231 }
232 }
233 return (cache == CFDataRef(kCFNull)) ? NULL : cache.get();
234 }
235
236
237 //
238 // Get the CodeDirectory.
239 // Throws (if check==true) or returns NULL (check==false) if there is none.
240 // Always throws if the CodeDirectory exists but is invalid.
241 // NEVER validates against the signature.
242 //
243 const CodeDirectory *SecStaticCode::codeDirectory(bool check /* = true */)
244 {
245 if (!mDir) {
246 if (mDir.take(mRep->codeDirectory())) {
247 const CodeDirectory *dir = reinterpret_cast<const CodeDirectory *>(CFDataGetBytePtr(mDir));
248 dir->checkIntegrity();
249 }
250 }
251 if (mDir)
252 return reinterpret_cast<const CodeDirectory *>(CFDataGetBytePtr(mDir));
253 if (check)
254 MacOSError::throwMe(errSecCSUnsigned);
255 return NULL;
256 }
257
258
259 //
260 // Get the hash of the CodeDirectory.
261 // Returns NULL if there is none.
262 //
263 CFDataRef SecStaticCode::cdHash()
264 {
265 if (!mCDHash) {
266 if (const CodeDirectory *cd = codeDirectory(false)) {
267 SHA1 hash;
268 hash(cd, cd->length());
269 SHA1::Digest digest;
270 hash.finish(digest);
271 mCDHash.take(makeCFData(digest, sizeof(digest)));
272 CODESIGN_STATIC_CDHASH(this, digest, sizeof(digest));
273 }
274 }
275 return mCDHash;
276 }
277
278
279 //
280 // Return the CMS signature blob; NULL if none found.
281 //
282 CFDataRef SecStaticCode::signature()
283 {
284 if (!mSignature)
285 mSignature.take(mRep->signature());
286 if (mSignature)
287 return mSignature;
288 MacOSError::throwMe(errSecCSUnsigned);
289 }
290
291
292 //
293 // Verify the signature on the CodeDirectory.
294 // If this succeeds (doesn't throw), the CodeDirectory is statically trustworthy.
295 // Any outcome (successful or not) is cached for the lifetime of the StaticCode.
296 //
297 void SecStaticCode::validateDirectory()
298 {
299 // echo previous outcome, if any
300 if (!validated())
301 try {
302 // perform validation (or die trying)
303 CODESIGN_EVAL_STATIC_DIRECTORY(this);
304 mValidationExpired = verifySignature();
305 component(cdInfoSlot, errSecCSInfoPlistFailed); // force load of Info Dictionary (if any)
306 CodeDirectory::SpecialSlot slot = codeDirectory()->nSpecialSlots;
307 if (slot > cdSlotMax) // might have more special slots than we know about...
308 slot = cdSlotMax; // ... but only process the ones we understand
309 for ( ; slot >= 1; --slot)
310 if (mCache[slot]) // if we already loaded that resource...
311 validateComponent(slot); // ... then check it now
312 mValidated = true; // we've done the deed...
313 mValidationResult = noErr; // ... and it was good
314 } catch (const CommonError &err) {
315 mValidated = true;
316 mValidationResult = err.osStatus();
317 throw;
318 } catch (...) {
319 secdebug("staticCode", "%p validation threw non-common exception", this);
320 mValidated = true;
321 mValidationResult = errSecCSInternalError;
322 throw;
323 }
324 assert(validated());
325 if (mValidationResult == noErr) {
326 if (mValidationExpired)
327 if ((apiFlags() & kSecCSConsiderExpiration)
328 || (codeDirectory()->flags & kSecCodeSignatureForceExpiration))
329 MacOSError::throwMe(CSSMERR_TP_CERT_EXPIRED);
330 } else
331 MacOSError::throwMe(mValidationResult);
332 }
333
334
335 //
336 // Get the (signed) signing date from the code signature.
337 // Sadly, we need to validate the signature to get the date (as a side benefit).
338 // This means that you can't get the signing time for invalidly signed code.
339 //
340 // We could run the decoder "almost to" verification to avoid this, but there seems
341 // little practical point to such a duplication of effort.
342 //
343 CFAbsoluteTime SecStaticCode::signingTime()
344 {
345 validateDirectory();
346 return mSigningTime;
347 }
348
349
350 //
351 // Verify the CMS signature on the CodeDirectory.
352 // This performs the cryptographic tango. It returns if the signature is valid,
353 // or throws if it is not. As a side effect, a successful return sets up the
354 // cached certificate chain for future use.
355 // Returns true if the signature is expired (the X.509 sense), false if it's not.
356 //
357 bool SecStaticCode::verifySignature()
358 {
359 // ad-hoc signed code is considered validly signed by definition
360 if (flag(kSecCodeSignatureAdhoc)) {
361 CODESIGN_EVAL_STATIC_SIGNATURE_ADHOC(this);
362 return false;
363 }
364
365 DTRACK(CODESIGN_EVAL_STATIC_SIGNATURE, this, (char*)this->mainExecutablePath().c_str());
366
367 // decode CMS and extract SecTrust for verification
368 CFRef<CMSDecoderRef> cms;
369 MacOSError::check(CMSDecoderCreate(&cms.aref())); // create decoder
370 CFDataRef sig = this->signature();
371 MacOSError::check(CMSDecoderUpdateMessage(cms, CFDataGetBytePtr(sig), CFDataGetLength(sig)));
372 this->codeDirectory(); // load CodeDirectory (sets mDir)
373 MacOSError::check(CMSDecoderSetDetachedContent(cms, mDir));
374 MacOSError::check(CMSDecoderFinalizeMessage(cms));
375 MacOSError::check(CMSDecoderSetSearchKeychain(cms, cfEmptyArray()));
376 CMSSignerStatus status;
377 MacOSError::check(CMSDecoderCopySignerStatus(cms, 0, verificationPolicy(),
378 false, &status, &mTrust.aref(), NULL));
379 if (status != kCMSSignerValid)
380 MacOSError::throwMe(errSecCSSignatureFailed);
381
382 // get signing date (we've got the decoder handle right here)
383 mSigningTime = 0; // "not present" marker (nobody could code sign on Jan 1, 2001 :-)
384 SecCmsMessageRef cmsg;
385 MacOSError::check(CMSDecoderGetCmsMessage(cms, &cmsg));
386 SecCmsSignedDataRef signedData = NULL;
387 int numContentInfos = SecCmsMessageContentLevelCount(cmsg);
388 for(int dex = 0; !signedData && dex < numContentInfos; dex++) {
389 SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
390 SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
391 switch(tag) {
392 case SEC_OID_PKCS7_SIGNED_DATA:
393 if (SecCmsSignedDataRef signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci)))
394 if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, 0))
395 SecCmsSignerInfoGetSigningTime(signerInfo, &mSigningTime);
396 break;
397 default:
398 break;
399 }
400 }
401
402 // set up the environment for SecTrust
403 MacOSError::check(SecTrustSetAnchorCertificates(mTrust, cfEmptyArray())); // no anchors
404 CSSM_APPLE_TP_ACTION_DATA actionData = {
405 CSSM_APPLE_TP_ACTION_VERSION, // version of data structure
406 CSSM_TP_ACTION_IMPLICIT_ANCHORS // action flags
407 };
408
409 for (;;) { // at most twice
410 MacOSError::check(SecTrustSetParameters(mTrust,
411 CSSM_TP_ACTION_DEFAULT, CFTempData(&actionData, sizeof(actionData))));
412
413 // evaluate trust and extract results
414 SecTrustResultType trustResult;
415 MacOSError::check(SecTrustEvaluate(mTrust, &trustResult));
416 MacOSError::check(SecTrustGetResult(mTrust, &trustResult, &mCertChain.aref(), &mEvalDetails));
417 CODESIGN_EVAL_STATIC_SIGNATURE_RESULT(this, trustResult, mCertChain ? CFArrayGetCount(mCertChain) : 0);
418 switch (trustResult) {
419 case kSecTrustResultProceed:
420 case kSecTrustResultConfirm:
421 case kSecTrustResultUnspecified:
422 break; // success
423 case kSecTrustResultDeny:
424 MacOSError::throwMe(CSSMERR_APPLETP_TRUST_SETTING_DENY); // user reject
425 case kSecTrustResultInvalid:
426 assert(false); // should never happen
427 MacOSError::throwMe(CSSMERR_TP_NOT_TRUSTED);
428 case kSecTrustResultRecoverableTrustFailure:
429 case kSecTrustResultFatalTrustFailure:
430 case kSecTrustResultOtherError:
431 {
432 OSStatus result;
433 MacOSError::check(SecTrustGetCssmResultCode(mTrust, &result));
434 if (((result == CSSMERR_TP_CERT_EXPIRED) || (result == CSSMERR_TP_CERT_NOT_VALID_YET))
435 && !(actionData.ActionFlags & CSSM_TP_ACTION_ALLOW_EXPIRED)) {
436 CODESIGN_EVAL_STATIC_SIGNATURE_EXPIRED(this);
437 actionData.ActionFlags |= CSSM_TP_ACTION_ALLOW_EXPIRED; // (this also allows postdated certs)
438 continue; // retry validation
439 }
440 MacOSError::throwMe(result);
441 }
442 }
443 return actionData.ActionFlags & CSSM_TP_ACTION_ALLOW_EXPIRED;
444 }
445 }
446
447
448 //
449 // Return the TP policy used for signature verification.
450 // This policy object is cached and reused.
451 //
452 SecPolicyRef SecStaticCode::verificationPolicy()
453 {
454 if (!mPolicy)
455 MacOSError::check(SecPolicyCopy(CSSM_CERT_X_509v3,
456 &CSSMOID_APPLE_TP_CODE_SIGNING, &mPolicy.aref()));
457 return mPolicy;
458 }
459
460
461 //
462 // Validate a particular sealed, cached resource against its (special) CodeDirectory slot.
463 // The resource must already have been placed in the cache.
464 // This does NOT perform basic validation.
465 //
466 void SecStaticCode::validateComponent(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)
467 {
468 assert(slot <= cdSlotMax);
469 CFDataRef data = mCache[slot];
470 assert(data); // must be cached
471 if (data == CFDataRef(kCFNull)) {
472 if (codeDirectory()->slotIsPresent(-slot)) // was supposed to be there...
473 MacOSError::throwMe(fail); // ... and is missing
474 } else {
475 if (!codeDirectory()->validateSlot(CFDataGetBytePtr(data), CFDataGetLength(data), -slot))
476 MacOSError::throwMe(fail);
477 }
478 }
479
480
481 //
482 // Perform static validation of the main executable.
483 // This reads the main executable from disk and validates it against the
484 // CodeDirectory code slot array.
485 // Note that this is NOT an in-memory validation, and is thus potentially
486 // subject to timing attacks.
487 //
488 void SecStaticCode::validateExecutable()
489 {
490 DTRACK(CODESIGN_EVAL_STATIC_EXECUTABLE, this,
491 (char*)this->mainExecutablePath().c_str(), codeDirectory()->nCodeSlots);
492 const CodeDirectory *cd = this->codeDirectory();
493 if (!cd)
494 MacOSError::throwMe(errSecCSUnsigned);
495 AutoFileDesc fd(mainExecutablePath(), O_RDONLY);
496 fd.fcntl(F_NOCACHE, true); // turn off page caching (one-pass)
497 if (Universal *fat = mRep->mainExecutableImage())
498 fd.seek(fat->archOffset());
499 size_t pageSize = cd->pageSize ? (1 << cd->pageSize) : 0;
500 size_t remaining = cd->codeLimit;
501 for (size_t slot = 0; slot < cd->nCodeSlots; ++slot) {
502 size_t size = min(remaining, pageSize);
503 if (!cd->validateSlot(fd, size, slot)) {
504 CODESIGN_EVAL_STATIC_EXECUTABLE_FAIL(this, slot);
505 mExecutableValidated = true; // we tried
506 mExecutableValid = false; // it failed
507 MacOSError::throwMe(errSecCSSignatureFailed);
508 }
509 remaining -= size;
510 }
511 mExecutableValidated = true; // we tried
512 mExecutableValid = true; // it worked
513 }
514
515
516 //
517 // Perform static validation of sealed resources.
518 //
519 // This performs a whole-code static resource scan and effectively
520 // computes a concordance between what's on disk and what's in the ResourceDirectory.
521 // Any unsanctioned difference causes an error.
522 //
523 void SecStaticCode::validateResources()
524 {
525 // sanity first
526 CFDictionaryRef sealedResources = resourceDictionary();
527 if (this->resourceBase()) // disk has resources
528 if (sealedResources)
529 /* go to work below */;
530 else
531 MacOSError::throwMe(errSecCSResourcesNotFound);
532 else // disk has no resources
533 if (sealedResources)
534 MacOSError::throwMe(errSecCSResourcesNotFound);
535 else
536 return; // no resources, not sealed - fine (no work)
537
538 // found resources, and they are sealed
539 CFDictionaryRef rules = cfget<CFDictionaryRef>(sealedResources, "rules");
540 CFDictionaryRef files = cfget<CFDictionaryRef>(sealedResources, "files");
541 DTRACK(CODESIGN_EVAL_STATIC_RESOURCES, this,
542 (char*)this->mainExecutablePath().c_str(), int(CFDictionaryGetCount(files)));
543
544 // make a shallow copy of the ResourceDirectory so we can "check off" what we find
545 CFRef<CFMutableDictionaryRef> resourceMap = makeCFMutableDictionary(files);
546
547 // scan through the resources on disk, checking each against the resourceDirectory
548 CollectingContext ctx(*this); // collect all failures in here
549 ResourceBuilder resources(cfString(this->resourceBase()), rules, codeDirectory()->hashType);
550 mRep->adjustResources(resources);
551 string path;
552 ResourceBuilder::Rule *rule;
553
554 while (resources.next(path, rule)) {
555 validateResource(path, ctx);
556 CFDictionaryRemoveValue(resourceMap, CFTempString(path));
557 }
558
559 if (CFDictionaryGetCount(resourceMap) > 0) {
560 secdebug("staticCode", "%p sealed resource(s) not found in code", this);
561 CFDictionaryApplyFunction(resourceMap, SecStaticCode::checkOptionalResource, &ctx);
562 }
563
564 // now check for any errors found in the reporting context
565 if (ctx)
566 ctx.throwMe();
567 }
568
569
570 void SecStaticCode::checkOptionalResource(CFTypeRef key, CFTypeRef value, void *context)
571 {
572 CollectingContext *ctx = static_cast<CollectingContext *>(context);
573 ResourceSeal seal(value);
574 if (!seal.optional())
575 if (key && CFGetTypeID(key) == CFStringGetTypeID()) {
576 ctx->reportProblem(errSecCSBadResource, kSecCFErrorResourceMissing,
577 CFTempURL(CFStringRef(key), false, ctx->code.resourceBase()));
578 } else
579 ctx->reportProblem(errSecCSBadResource, kSecCFErrorResourceSeal, key);
580 }
581
582
583 //
584 // Load, validate, cache, and return CFDictionary forms of sealed resources.
585 //
586 CFDictionaryRef SecStaticCode::infoDictionary()
587 {
588 if (!mInfoDict) {
589 mInfoDict.take(getDictionary(cdInfoSlot, errSecCSInfoPlistFailed));
590 secdebug("staticCode", "%p loaded InfoDict %p", this, mInfoDict.get());
591 }
592 return mInfoDict;
593 }
594
595 CFDictionaryRef SecStaticCode::entitlements()
596 {
597 if (!mEntitlements) {
598 validateDirectory();
599 if (CFDataRef entitlementData = component(cdEntitlementSlot)) {
600 validateComponent(cdEntitlementSlot);
601 const EntitlementBlob *blob = reinterpret_cast<const EntitlementBlob *>(CFDataGetBytePtr(entitlementData));
602 if (blob->validateBlob()) {
603 mEntitlements.take(blob->entitlements());
604 secdebug("staticCode", "%p loaded Entitlements %p", this, mEntitlements.get());
605 }
606 // we do not consider a different blob type to be an error. We think it's a new format we don't understand
607 }
608 }
609 return mEntitlements;
610 }
611
612 CFDictionaryRef SecStaticCode::resourceDictionary()
613 {
614 if (mResourceDict) // cached
615 return mResourceDict;
616 if (CFRef<CFDictionaryRef> dict = getDictionary(cdResourceDirSlot, errSecCSSignatureFailed))
617 if (cfscan(dict, "{rules=%Dn,files=%Dn}")) {
618 secdebug("staticCode", "%p loaded ResourceDict %p",
619 this, mResourceDict.get());
620 return mResourceDict = dict;
621 }
622 // bad format
623 return NULL;
624 }
625
626
627 //
628 // Load and cache the resource directory base.
629 // Note that the base is optional for each DiskRep.
630 //
631 CFURLRef SecStaticCode::resourceBase()
632 {
633 if (!mGotResourceBase) {
634 string base = mRep->resourcesRootPath();
635 if (!base.empty())
636 mResourceBase.take(makeCFURL(base, true));
637 mGotResourceBase = true;
638 }
639 return mResourceBase;
640 }
641
642
643 //
644 // Load a component, validate it, convert it to a CFDictionary, and return that.
645 // This will force load and validation, which means that it will perform basic
646 // validation if it hasn't been done yet.
647 //
648 CFDictionaryRef SecStaticCode::getDictionary(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)
649 {
650 validateDirectory();
651 if (CFDataRef infoData = component(slot, fail)) {
652 validateComponent(slot, fail);
653 if (CFDictionaryRef dict = makeCFDictionaryFrom(infoData))
654 return dict;
655 else
656 MacOSError::throwMe(errSecCSBadDictionaryFormat);
657 }
658 return NULL;
659 }
660
661
662 //
663 // Load, validate, and return a sealed resource.
664 // The resource data (loaded in to memory as a blob) is returned and becomes
665 // the responsibility of the caller; it is NOT cached by SecStaticCode.
666 //
667 // A resource that is not sealed will not be returned, and an error will be thrown.
668 // A missing resource will cause an error unless it's marked optional in the Directory.
669 // Under no circumstances will a corrupt resource be returned.
670 // NULL will only be returned for a resource that is neither sealed nor present
671 // (or that is sealed, absent, and marked optional).
672 // If the ResourceDictionary itself is not sealed, this function will always fail.
673 //
674 // There is currently no interface for partial retrieval of the resource data.
675 // (Since the ResourceDirectory does not currently support segmentation, all the
676 // data would have to be read anyway, but it could be read into a reusable buffer.)
677 //
678 CFDataRef SecStaticCode::resource(string path, ValidationContext &ctx)
679 {
680 if (CFDictionaryRef rdict = resourceDictionary()) {
681 if (CFTypeRef file = cfget(rdict, "files.%s", path.c_str())) {
682 ResourceSeal seal = file;
683 if (!resourceBase()) // no resources in DiskRep
684 MacOSError::throwMe(errSecCSResourcesNotFound);
685 CFRef<CFURLRef> fullpath = makeCFURL(path, false, resourceBase());
686 if (CFRef<CFDataRef> data = cfLoadFile(fullpath)) {
687 MakeHash<CodeDirectory> hasher(this->codeDirectory());
688 hasher->update(CFDataGetBytePtr(data), CFDataGetLength(data));
689 if (hasher->verify(seal.hash()))
690 return data.yield(); // good
691 else
692 ctx.reportProblem(errSecCSBadResource, kSecCFErrorResourceAltered, fullpath); // altered
693 } else {
694 if (!seal.optional())
695 ctx.reportProblem(errSecCSBadResource, kSecCFErrorResourceMissing, fullpath); // was sealed but is now missing
696 else
697 return NULL; // validly missing
698 }
699 } else
700 ctx.reportProblem(errSecCSBadResource, kSecCFErrorResourceAdded, CFTempURL(path, false, resourceBase()));
701 return NULL;
702 } else
703 MacOSError::throwMe(errSecCSResourcesNotSealed);
704 }
705
706 CFDataRef SecStaticCode::resource(string path)
707 {
708 ValidationContext ctx;
709 return resource(path, ctx);
710 }
711
712
713 void SecStaticCode::validateResource(string path, ValidationContext &ctx)
714 {
715 if (CFDictionaryRef rdict = resourceDictionary()) {
716 if (CFTypeRef file = cfget(rdict, "files.%s", path.c_str())) {
717 ResourceSeal seal = file;
718 if (!resourceBase()) // no resources in DiskRep
719 MacOSError::throwMe(errSecCSResourcesNotFound);
720 CFRef<CFURLRef> fullpath = makeCFURL(path, false, resourceBase());
721 AutoFileDesc fd(cfString(fullpath), O_RDONLY, FileDesc::modeMissingOk); // open optional filee
722 if (fd) {
723 MakeHash<CodeDirectory> hasher(this->codeDirectory());
724 hashFileData(fd, hasher.get());
725 if (hasher->verify(seal.hash()))
726 return; // verify good
727 else
728 ctx.reportProblem(errSecCSBadResource, kSecCFErrorResourceAltered, fullpath); // altered
729 } else {
730 if (!seal.optional())
731 ctx.reportProblem(errSecCSBadResource, kSecCFErrorResourceMissing, fullpath); // was sealed but is now missing
732 else
733 return; // validly missing
734 }
735 } else
736 ctx.reportProblem(errSecCSBadResource, kSecCFErrorResourceAdded, CFTempURL(path, false, resourceBase()));
737 } else
738 MacOSError::throwMe(errSecCSResourcesNotSealed);
739 }
740
741
742 //
743 // Test a CodeDirectory flag.
744 // Returns false if there is no CodeDirectory.
745 // May throw if the CodeDirectory is present but somehow invalid.
746 //
747 bool SecStaticCode::flag(uint32_t tested)
748 {
749 if (const CodeDirectory *cd = this->codeDirectory(false))
750 return cd->flags & tested;
751 else
752 return false;
753 }
754
755
756 //
757 // Retrieve the full SuperBlob containing all internal requirements.
758 //
759 const Requirements *SecStaticCode::internalRequirements()
760 {
761 if (CFDataRef req = component(cdRequirementsSlot))
762 return (const Requirements *)CFDataGetBytePtr(req);
763 else
764 return NULL;
765 }
766
767
768 //
769 // Retrieve a particular internal requirement by type.
770 //
771 const Requirement *SecStaticCode::internalRequirement(SecRequirementType type)
772 {
773 if (const Requirements *reqs = internalRequirements())
774 return reqs->find<Requirement>(type);
775 else
776 return NULL;
777 }
778
779
780 //
781 // Return the Designated Requirement. This can be either explicit in the
782 // Internal Requirements resource, or implicitly generated.
783 //
784 const Requirement *SecStaticCode::designatedRequirement()
785 {
786 if (const Requirement *req = internalRequirement(kSecDesignatedRequirementType)) {
787 return req; // explicit in signing data
788 } else {
789 if (!mDesignatedReq)
790 mDesignatedReq = defaultDesignatedRequirement();
791 return mDesignatedReq;
792 }
793 }
794
795
796 //
797 // Generate the default (implicit) Designated Requirement for this StaticCode.
798 // This is a heuristic of sorts, and may change over time (for the better, we hope).
799 //
800 // The current logic is this:
801 // * If the code is ad-hoc signed, use the CodeDirectory hash directory.
802 // * Otherwise, use the form anchor (anchor) and identifier (CodeDirectory identifier).
803 // ** If the root CA is Apple's, we use the "anchor apple" construct. Otherwise,
804 // we default to the leaf (directly signing) certificate.
805 //
806 const Requirement *SecStaticCode::defaultDesignatedRequirement()
807 {
808 validateDirectory(); // need the cert chain
809 Requirement::Maker maker;
810
811 // if this is an ad-hoc (unsigned) object, return a cdhash requirement
812 if (flag(kSecCodeSignatureAdhoc)) {
813 SHA1 hash;
814 hash(codeDirectory(), codeDirectory()->length());
815 SHA1::Digest digest;
816 hash.finish(digest);
817 maker.cdhash(digest);
818 } else {
819 // always require the identifier
820 maker.put(opAnd);
821 maker.ident(codeDirectory()->identifier());
822
823 SHA1::Digest anchorHash;
824 hashOfCertificate(cert(Requirement::anchorCert), anchorHash);
825 if (!memcmp(anchorHash, Requirement::appleAnchorHash(), SHA1::digestLength)
826 #if defined(TEST_APPLE_ANCHOR)
827 || !memcmp(anchorHash, Requirement::testAppleAnchorHash(), SHA1::digestLength)
828 #endif
829 )
830 defaultDesignatedAppleAnchor(maker);
831 else
832 defaultDesignatedNonAppleAnchor(maker);
833 }
834
835 return maker();
836 }
837
838 static const uint8_t adcSdkMarker[] = { APPLE_EXTENSION_OID, 2, 1 }; // iOS intermediate marker
839 static const CSSM_DATA adcSdkMarkerOID = { sizeof(adcSdkMarker), (uint8_t *)adcSdkMarker };
840
841 static const uint8_t caspianSdkMarker[] = { APPLE_EXTENSION_OID, 2, 6 }; // Caspian intermediate marker
842 static const CSSM_DATA caspianSdkMarkerOID = { sizeof(caspianSdkMarker), (uint8_t *)caspianSdkMarker };
843 static const uint8_t caspianLeafMarker[] = { APPLE_EXTENSION_OID, 1, 13 }; // Caspian leaf certificate marker
844 static const CSSM_DATA caspianLeafMarkerOID = { sizeof(caspianLeafMarker), (uint8_t *)caspianLeafMarker };
845
846 void SecStaticCode::defaultDesignatedAppleAnchor(Requirement::Maker &maker)
847 {
848 if (isAppleSDKSignature()) {
849 // get the Common Name DN element for the leaf
850 CFRef<CFStringRef> leafCN;
851 MacOSError::check(SecCertificateCopySubjectComponent(cert(Requirement::leafCert),
852 &CSSMOID_CommonName, &leafCN.aref()));
853
854 // apple anchor generic and ...
855 maker.put(opAnd);
856 maker.anchorGeneric(); // apple generic anchor and...
857 // ... leaf[subject.CN] = <leaf's subject> and ...
858 maker.put(opAnd);
859 maker.put(opCertField); // certificate
860 maker.put(0); // leaf
861 maker.put("subject.CN"); // [subject.CN]
862 maker.put(matchEqual); // =
863 maker.putData(leafCN); // <leaf CN>
864 // ... cert 1[field.<marker>] exists
865 maker.put(opCertGeneric); // certificate
866 maker.put(1); // 1
867 maker.putData(adcSdkMarkerOID.Data, adcSdkMarkerOID.Length); // [field.<marker>]
868 maker.put(matchExists); // exists
869 return;
870 }
871
872 if (isAppleCaspianSignature()) {
873 // get the Organizational Unit DN element for the leaf (it contains the TEAMID)
874 CFRef<CFStringRef> teamID;
875 MacOSError::check(SecCertificateCopySubjectComponent(cert(Requirement::leafCert),
876 &CSSMOID_OrganizationalUnitName, &teamID.aref()));
877
878 // apple anchor generic and ...
879 maker.put(opAnd);
880 maker.anchorGeneric(); // apple generic anchor and...
881
882 // ... certificate 1[intermediate marker oid] exists and ...
883 maker.put(opAnd);
884 maker.put(opCertGeneric); // certificate
885 maker.put(1); // 1
886 maker.putData(caspianSdkMarker, sizeof(caspianSdkMarker));
887 maker.put(matchExists); // exists
888
889 // ... certificate leaf[Caspian cert oid] exists and ...
890 maker.put(opAnd);
891 maker.put(opCertGeneric); // certificate
892 maker.put(0); // leaf
893 maker.putData(caspianLeafMarker, sizeof(caspianLeafMarker));
894 maker.put(matchExists); // exists
895
896 // ... leaf[subject.OU] = <leaf's subject>
897 maker.put(opCertField); // certificate
898 maker.put(0); // leaf
899 maker.put("subject.OU"); // [subject.OU]
900 maker.put(matchEqual); // =
901 maker.putData(teamID); // TEAMID
902 return;
903 }
904
905 // otherwise, claim this program for Apple Proper
906 maker.anchor();
907 }
908
909 bool SecStaticCode::isAppleSDKSignature()
910 {
911 if (CFArrayRef certChain = certificates()) // got cert chain
912 if (CFArrayGetCount(certChain) == 3) // leaf, one intermediate, anchor
913 if (SecCertificateRef intermediate = cert(1)) // get intermediate
914 if (certificateHasField(intermediate, CssmOid::overlay(adcSdkMarkerOID)))
915 return true;
916 return false;
917 }
918
919 bool SecStaticCode::isAppleCaspianSignature()
920 {
921 if (CFArrayRef certChain = certificates()) // got cert chain
922 if (CFArrayGetCount(certChain) == 3) // leaf, one intermediate, anchor
923 if (SecCertificateRef intermediate = cert(1)) // get intermediate
924 if (certificateHasField(intermediate, CssmOid::overlay(caspianSdkMarkerOID)))
925 return true;
926 return false;
927 }
928
929 void SecStaticCode::defaultDesignatedNonAppleAnchor(Requirement::Maker &maker)
930 {
931 // get the Organization DN element for the leaf
932 CFRef<CFStringRef> leafOrganization;
933 MacOSError::check(SecCertificateCopySubjectComponent(cert(Requirement::leafCert),
934 &CSSMOID_OrganizationName, &leafOrganization.aref()));
935
936 // now step up the cert chain looking for the first cert with a different one
937 int slot = Requirement::leafCert; // start at leaf
938 if (leafOrganization) {
939 while (SecCertificateRef ca = cert(slot+1)) { // NULL if you over-run the anchor slot
940 CFRef<CFStringRef> caOrganization;
941 MacOSError::check(SecCertificateCopySubjectComponent(ca, &CSSMOID_OrganizationName, &caOrganization.aref()));
942 if (!caOrganization || CFStringCompare(leafOrganization, caOrganization, 0) != kCFCompareEqualTo)
943 break;
944 slot++;
945 }
946 if (slot == CFArrayGetCount(mCertChain) - 1) // went all the way to the anchor...
947 slot = Requirement::anchorCert; // ... so say that
948 }
949
950 // nail the last cert with the leaf's Organization value
951 SHA1::Digest authorityHash;
952 hashOfCertificate(cert(slot), authorityHash);
953 maker.anchor(slot, authorityHash);
954 }
955
956
957 //
958 // Validate a SecStaticCode against the internal requirement of a particular type.
959 //
960 void SecStaticCode::validateRequirements(SecRequirementType type, SecStaticCode *target,
961 OSStatus nullError /* = noErr */)
962 {
963 DTRACK(CODESIGN_EVAL_STATIC_INTREQ, this, type, target, nullError);
964 if (const Requirement *req = internalRequirement(type))
965 target->validateRequirement(req, nullError ? nullError : errSecCSReqFailed);
966 else if (nullError)
967 MacOSError::throwMe(nullError);
968 else
969 /* accept it */;
970 }
971
972
973 //
974 // Validate this StaticCode against an external Requirement
975 //
976 bool SecStaticCode::satisfiesRequirement(const Requirement *req, OSStatus failure)
977 {
978 assert(req);
979 validateDirectory();
980 return req->validates(Requirement::Context(mCertChain, infoDictionary(), entitlements(), codeDirectory()), failure);
981 }
982
983 void SecStaticCode::validateRequirement(const Requirement *req, OSStatus failure)
984 {
985 if (!this->satisfiesRequirement(req, failure))
986 MacOSError::throwMe(failure);
987 }
988
989
990 //
991 // Retrieve one certificate from the cert chain.
992 // Positive and negative indices can be used:
993 // [ leaf, intermed-1, ..., intermed-n, anchor ]
994 // 0 1 ... -2 -1
995 // Returns NULL if unavailable for any reason.
996 //
997 SecCertificateRef SecStaticCode::cert(int ix)
998 {
999 validateDirectory(); // need cert chain
1000 if (mCertChain) {
1001 CFIndex length = CFArrayGetCount(mCertChain);
1002 if (ix < 0)
1003 ix += length;
1004 if (ix >= 0 && ix < length)
1005 return SecCertificateRef(CFArrayGetValueAtIndex(mCertChain, ix));
1006 }
1007 return NULL;
1008 }
1009
1010 CFArrayRef SecStaticCode::certificates()
1011 {
1012 validateDirectory(); // need cert chain
1013 return mCertChain;
1014 }
1015
1016
1017 //
1018 // Gather (mostly) API-official information about this StaticCode.
1019 //
1020 // This method lives in the twilight between the API and internal layers,
1021 // since it generates API objects (Sec*Refs) for return.
1022 //
1023 CFDictionaryRef SecStaticCode::signingInformation(SecCSFlags flags)
1024 {
1025 //
1026 // Start with the pieces that we return even for unsigned code.
1027 // This makes Sec[Static]CodeRefs useful as API-level replacements
1028 // of our internal OSXCode objects.
1029 //
1030 CFRef<CFMutableDictionaryRef> dict = makeCFMutableDictionary(1,
1031 kSecCodeInfoMainExecutable, CFTempURL(this->mainExecutablePath()).get()
1032 );
1033
1034 //
1035 // If we're not signed, this is all you get
1036 //
1037 if (!this->isSigned())
1038 return dict.yield();
1039
1040 //
1041 // Add the generic attributes that we always include
1042 //
1043 CFDictionaryAddValue(dict, kSecCodeInfoIdentifier, CFTempString(this->identifier()));
1044 CFDictionaryAddValue(dict, kSecCodeInfoFormat, CFTempString(this->format()));
1045 CFDictionaryAddValue(dict, kSecCodeInfoSource, CFTempString(this->signatureSource()));
1046 if (CFDictionaryRef info = this->infoDictionary())
1047 CFDictionaryAddValue(dict, kSecCodeInfoPList, info);
1048 CFDictionaryAddValue(dict, kSecCodeInfoUnique, this->cdHash());
1049 CFDictionaryAddValue(dict, kSecCodeInfoDigestAlgorithm, CFTempNumber(this->codeDirectory(false)->hashType));
1050
1051 //
1052 // kSecCSSigningInformation adds information about signing certificates and chains
1053 //
1054 if (flags & kSecCSSigningInformation) {
1055 if (CFArrayRef certs = this->certificates())
1056 CFDictionaryAddValue(dict, kSecCodeInfoCertificates, certs);
1057 if (CFDataRef sig = this->signature())
1058 CFDictionaryAddValue(dict, kSecCodeInfoCMS, sig);
1059 if (mTrust)
1060 CFDictionaryAddValue(dict, kSecCodeInfoTrust, mTrust);
1061 if (CFAbsoluteTime time = this->signingTime())
1062 if (CFRef<CFDateRef> date = CFDateCreate(NULL, time))
1063 CFDictionaryAddValue(dict, kSecCodeInfoTime, date);
1064 }
1065
1066 //
1067 // kSecCSRequirementInformation adds information on requirements
1068 //
1069 if (flags & kSecCSRequirementInformation) {
1070 if (const Requirements *reqs = this->internalRequirements()) {
1071 CFDictionaryAddValue(dict, kSecCodeInfoRequirements,
1072 CFTempString(Dumper::dump(reqs)));
1073 CFDictionaryAddValue(dict, kSecCodeInfoRequirementData, CFTempData(*reqs));
1074 }
1075
1076 const Requirement *dreq = this->designatedRequirement();
1077 CFRef<SecRequirementRef> dreqRef = (new SecRequirement(dreq))->handle();
1078 CFDictionaryAddValue(dict, kSecCodeInfoDesignatedRequirement, dreqRef);
1079 if (this->internalRequirement(kSecDesignatedRequirementType)) { // explicit
1080 CFRef<SecRequirementRef> ddreqRef = (new SecRequirement(this->defaultDesignatedRequirement(), true))->handle();
1081 CFDictionaryAddValue(dict, kSecCodeInfoImplicitDesignatedRequirement, ddreqRef);
1082 } else { // implicit
1083 CFDictionaryAddValue(dict, kSecCodeInfoImplicitDesignatedRequirement, dreqRef);
1084 }
1085
1086 if (CFDataRef ent = this->component(cdEntitlementSlot))
1087 CFDictionaryAddValue(dict, kSecCodeInfoEntitlements, ent);
1088 }
1089
1090 //
1091 // kSecCSInternalInformation adds internal information meant to be for Apple internal
1092 // use (SPI), and not guaranteed to be stable. Primarily, this is data we want
1093 // to reliably transmit through the API wall so that code outside the Security.framework
1094 // can use it without having to play nasty tricks to get it.
1095 //
1096 if (flags & kSecCSInternalInformation) {
1097 if (mDir)
1098 CFDictionaryAddValue(dict, kSecCodeInfoCodeDirectory, mDir);
1099 CFDictionaryAddValue(dict, kSecCodeInfoCodeOffset, CFTempNumber(mRep->signingBase()));
1100 if (CFDictionaryRef resources = resourceDictionary())
1101 CFDictionaryAddValue(dict, kSecCodeInfoResourceDirectory, resources);
1102 }
1103
1104
1105 //
1106 // kSecCSContentInformation adds more information about the physical layout
1107 // of the signed code. This is (only) useful for packaging or patching-oriented
1108 // applications.
1109 //
1110 if (flags & kSecCSContentInformation)
1111 if (CFRef<CFArrayRef> files = mRep->modifiedFiles())
1112 CFDictionaryAddValue(dict, kSecCodeInfoChangedFiles, files);
1113
1114 return dict.yield();
1115 }
1116
1117
1118 //
1119 // Resource validation contexts.
1120 // The default context simply throws a CSError, rudely terminating the operation.
1121 //
1122 SecStaticCode::ValidationContext::~ValidationContext()
1123 { /* virtual */ }
1124
1125 void SecStaticCode::ValidationContext::reportProblem(OSStatus rc, CFStringRef type, CFTypeRef value)
1126 {
1127 CSError::throwMe(rc, type, value);
1128 }
1129
1130 void SecStaticCode::CollectingContext::reportProblem(OSStatus rc, CFStringRef type, CFTypeRef value)
1131 {
1132 if (mStatus == noErr)
1133 mStatus = rc; // record first failure for eventual error return
1134 if (type) {
1135 if (!mCollection)
1136 mCollection.take(makeCFMutableDictionary());
1137 CFMutableArrayRef element = CFMutableArrayRef(CFDictionaryGetValue(mCollection, type));
1138 if (!element) {
1139 element = makeCFMutableArray(0);
1140 if (!element)
1141 CFError::throwMe();
1142 CFDictionaryAddValue(mCollection, type, element);
1143 CFRelease(element);
1144 }
1145 CFArrayAppendValue(element, value);
1146 }
1147 }
1148
1149 void SecStaticCode::CollectingContext::throwMe()
1150 {
1151 assert(mStatus != noErr);
1152 throw CSError(mStatus, mCollection.yield());
1153 }
1154
1155
1156 //
1157 // SecStaticCode::AllArchitectures produces SecStaticCode objects separately
1158 // for each architecture represented by a base object.
1159 //
1160 // Performance note: This is a simple, straight-forward implementation that
1161 // does not heroically try to share resources between the code objects produced.
1162 // In practice, this means we'll re-open files and re-read resource files.
1163 // In exchange, we enter all the code paths in the normal way, and do not have
1164 // special sharing paths to worry about.
1165 // If a performance tool brings you here because you have *proof* of a performance
1166 // problem, consider digging up MachO and Universal (for sharing file descriptors),
1167 // and SecStaticCode (for sharing resource iterators). That ought to cover most of
1168 // the big chunks. If you're just offended by the simplicity of this implementation,
1169 // go play somewhere else.
1170 //
1171 SecStaticCode::AllArchitectures::AllArchitectures(SecStaticCode *code)
1172 : mBase(code)
1173 {
1174 if (Universal *fat = code->diskRep()->mainExecutableImage()) {
1175 fat->architectures(mArchitectures);
1176 mCurrent = mArchitectures.begin();
1177 mState = fatBinary;
1178 } else {
1179 mState = firstNonFat;
1180 }
1181 }
1182
1183 SecStaticCode *SecStaticCode::AllArchitectures::operator () ()
1184 {
1185 switch (mState) {
1186 case firstNonFat:
1187 mState = atEnd;
1188 return mBase;
1189 case fatBinary:
1190 {
1191 if (mCurrent == mArchitectures.end())
1192 return NULL;
1193 Architecture arch = *mCurrent++;
1194 if (arch == mBase->diskRep()->mainExecutableImage()->bestNativeArch()) {
1195 return mBase;
1196 } else {
1197 DiskRep::Context ctx;
1198 ctx.arch = arch;
1199 return new SecStaticCode(DiskRep::bestGuess(mBase->mainExecutablePath(), &ctx));
1200 }
1201 }
1202 default:
1203 return NULL;
1204 }
1205 }
1206
1207
1208 } // end namespace CodeSigning
1209 } // end namespace Security
mirror of libsecurity_codesigning