]> git.saurik.com Git - apple/libsecurity_codesigning.git/blob - lib/SecAssessment.cpp
projects / apple / libsecurity_codesigning.git / blob
? search:


fbecc413a049cf2edc5adee7e6d01fd99abf600e
[apple/libsecurity_codesigning.git] / lib / SecAssessment.cpp
1 /*
2 * Copyright (c) 2011 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #include "cs.h"
24 #include "SecAssessment.h"
25 #include "policydb.h"
26 #include "policyengine.h"
27 #include "xpcengine.h"
28 #include "csutilities.h"
29 #include <CoreFoundation/CFRuntime.h>
30 #include <security_utilities/globalizer.h>
31 #include <security_utilities/unix++.h>
32 #include <security_utilities/cfmunge.h>
33 #include <notify.h>
34
35 using namespace CodeSigning;
36
37
38 //
39 // CF Objects
40 //
41 struct _SecAssessment : private CFRuntimeBase {
42 public:
43 _SecAssessment(CFURLRef p, CFDictionaryRef r) : path(p), result(r) { }
44
45 CFCopyRef<CFURLRef> path;
46 CFRef<CFDictionaryRef> result;
47
48 public:
49 static _SecAssessment &ref(SecAssessmentRef r)
50 { return *(_SecAssessment *)r; }
51
52 // CF Boiler-plate
53 void *operator new (size_t size)
54 {
55 return (void *)_CFRuntimeCreateInstance(NULL, SecAssessmentGetTypeID(),
56 sizeof(_SecAssessment) - sizeof(CFRuntimeBase), NULL);
57 }
58
59 static void finalize(CFTypeRef obj)
60 { ((_SecAssessment *)obj)->~_SecAssessment(); }
61 };
62
63 typedef _SecAssessment SecAssessment;
64
65
66 static const CFRuntimeClass assessmentClass = {
67 0, // version
68 "SecAssessment", // name
69 NULL, // init
70 NULL, // copy
71 SecAssessment::finalize, // finalize
72 NULL, // equal
73 NULL, // hash
74 NULL, // formatting
75 NULL // debug string
76 };
77
78
79 static dispatch_once_t assessmentOnce;
80 CFTypeID assessmentType = _kCFRuntimeNotATypeID;
81
82 CFTypeID SecAssessmentGetTypeID()
83 {
84
85 dispatch_once(&assessmentOnce, ^void() {
86 if ((assessmentType = _CFRuntimeRegisterClass(&assessmentClass)) == _kCFRuntimeNotATypeID)
87 abort();
88 });
89 return assessmentType;
90 }
91
92
93 //
94 // Common dictionary constants
95 //
96 const CFStringRef kSecAssessmentContextKeyOperation = CFSTR("operation");
97 const CFStringRef kSecAssessmentOperationTypeExecute = CFSTR("operation:execute");
98 const CFStringRef kSecAssessmentOperationTypeInstall = CFSTR("operation:install");
99 const CFStringRef kSecAssessmentOperationTypeOpenDocument = CFSTR("operation:lsopen");
100
101
102 //
103 // Read-only in-process access to the policy database
104 //
105 class ReadPolicy : public PolicyDatabase {
106 public:
107 ReadPolicy() : PolicyDatabase(defaultDatabase) { }
108 };
109 ModuleNexus<ReadPolicy> gDatabase;
110
111
112 //
113 // An on-demand instance of the policy engine
114 //
115 ModuleNexus<PolicyEngine> gEngine;
116
117
118 //
119 // Policy evaluation ("assessment") operations
120 //
121 const CFStringRef kSecAssessmentAssessmentVerdict = CFSTR("assessment:verdict");
122 const CFStringRef kSecAssessmentAssessmentOriginator = CFSTR("assessment:originator");
123 const CFStringRef kSecAssessmentAssessmentAuthority = CFSTR("assessment:authority");
124 const CFStringRef kSecAssessmentAssessmentSource = CFSTR("assessment:authority:source");
125 const CFStringRef kSecAssessmentAssessmentAuthorityRow = CFSTR("assessment:authority:row");
126 const CFStringRef kSecAssessmentAssessmentAuthorityOverride = CFSTR("assessment:authority:override");
127 const CFStringRef kSecAssessmentAssessmentFromCache = CFSTR("assessment:authority:cached");
128
129 const CFStringRef kSecAssessmentContextKeyCertificates = CFSTR("context:certificates"); // obsolete
130
131 SecAssessmentRef SecAssessmentCreate(CFURLRef path,
132 SecAssessmentFlags flags,
133 CFDictionaryRef context,
134 CFErrorRef *errors)
135 {
136 BEGIN_CSAPI
137 SYSPOLICY_ASSESS_API(cfString(path).c_str(), flags);
138
139 if (flags & kSecAssessmentFlagAsynchronous)
140 MacOSError::throwMe(errSecCSUnimplemented);
141
142 AuthorityType type = typeFor(context, kAuthorityExecute);
143 CFRef<CFMutableDictionaryRef> result = makeCFMutableDictionary();
144
145 try {
146 // check the object cache first unless caller denied that or we need extended processing
147 if (!(flags & (kSecAssessmentFlagRequestOrigin | kSecAssessmentFlagIgnoreCache))) {
148 if (gDatabase().checkCache(path, type, result))
149 return new SecAssessment(path, result.yield());
150 }
151
152 if (flags & kSecAssessmentFlagDirect) {
153 // ask the engine right here to do its thing
154 SYSPOLICY_ASSESS_LOCAL();
155 gEngine().evaluate(path, type, flags, context, result);
156 } else {
157 // relay the question to our daemon for consideration
158 SYSPOLICY_ASSESS_REMOTE();
159 xpcEngineAssess(path, flags, context, result);
160 }
161 } catch (CommonError &error) {
162 switch (error.osStatus()) {
163 case CSSMERR_TP_CERT_REVOKED:
164 throw;
165 default:
166 if (!overrideAssessment())
167 throw; // let it go as an error
168 break;
169 }
170 // record the error we would have returned
171 cfadd(result, "{%O=#F,'assessment:error'=%d}}", kSecAssessmentAssessmentVerdict, error.osStatus());
172 } catch (...) {
173 // catch stray errors not conforming to the CommonError scheme
174 if (!overrideAssessment())
175 throw; // let it go as an error
176 cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict);
177 }
178 return new SecAssessment(path, result.yield());
179
180 END_CSAPI_ERRORS1(NULL)
181 }
182
183
184 static void traceResult(SecAssessment &assessment, CFDictionaryRef result)
185 {
186 if (CFDictionaryGetValue(result, CFSTR("assessment:remote")))
187 return; // just traced in syspolicyd
188
189 CFRef<CFURLRef> url = CFURLCopyAbsoluteURL(assessment.path);
190 string sanitized = cfString(url);
191 string::size_type rslash = sanitized.rfind('/');
192 if (rslash != string::npos)
193 sanitized = sanitized.substr(rslash+1);
194 string::size_type dot = sanitized.rfind('.');
195 if (dot != string::npos)
196 sanitized = sanitized.substr(dot+1);
197 else
198 sanitized = "(none)";
199
200 string identifier = "UNBUNDLED";
201 if (CFRef<CFBundleRef> bundle = CFBundleCreate(NULL, assessment.path))
202 if (CFStringRef ident = CFBundleGetIdentifier(bundle))
203 identifier = cfString(ident);
204
205 string authority = "UNSPECIFIED";
206 bool overridden = false;
207 if (CFDictionaryRef authdict = CFDictionaryRef(CFDictionaryGetValue(result, kSecAssessmentAssessmentAuthority))) {
208 if (CFStringRef auth = CFStringRef(CFDictionaryGetValue(authdict, kSecAssessmentAssessmentSource)))
209 authority = cfString(auth);
210 else
211 authority = "no authority";
212 if (CFDictionaryGetValue(authdict, kSecAssessmentAssessmentAuthorityOverride))
213 overridden = true;
214 }
215
216 MessageTrace trace("com.apple.security.assessment.outcome", NULL);
217 trace.add("signature2", "bundle:%s", identifier.c_str());
218 if (CFDictionaryGetValue(result, kSecAssessmentAssessmentVerdict) == kCFBooleanFalse) {
219 trace.add("signature", "denied:%s", authority.c_str());
220 trace.add("signature3", sanitized.c_str());
221 trace.send("assessment denied for %s", sanitized.c_str());
222 } else if (overridden) {
223 trace.add("signature", "override:%s", authority.c_str());
224 trace.add("signature3", sanitized.c_str());
225 trace.send("assessment denied for %s but overridden", sanitized.c_str());
226 } else {
227 trace.add("signature", "granted:%s", authority.c_str());
228 trace.add("signature3", sanitized.c_str());
229 trace.send("assessment granted for %s by %s", sanitized.c_str(), authority.c_str());
230 }
231 }
232
233
234 //
235 // At present, CopyResult simply retrieves the result already formed by Create.
236 // In the future, this will be more lazy.
237 //
238 CFDictionaryRef SecAssessmentCopyResult(SecAssessmentRef assessmentRef,
239 SecAssessmentFlags flags,
240 CFErrorRef *errors)
241 {
242 BEGIN_CSAPI
243
244 SecAssessment &assessment = SecAssessment::ref(assessmentRef);
245 CFCopyRef<CFDictionaryRef> result = assessment.result;
246 if (!(flags & kSecAssessmentFlagEnforce) && overrideAssessment()) {
247 // turn rejections into approvals, but note that we did that
248 if (CFDictionaryGetValue(result, kSecAssessmentAssessmentVerdict) == kCFBooleanFalse) {
249 CFRef<CFMutableDictionaryRef> adulterated = makeCFMutableDictionary(result.get());
250 CFDictionarySetValue(adulterated, kSecAssessmentAssessmentVerdict, kCFBooleanTrue);
251 if (CFDictionaryRef authority = CFDictionaryRef(CFDictionaryGetValue(adulterated, kSecAssessmentAssessmentAuthority))) {
252 CFRef<CFMutableDictionaryRef> authority2 = makeCFMutableDictionary(authority);
253 CFDictionarySetValue(authority2, kSecAssessmentAssessmentAuthorityOverride, CFSTR("security disabled"));
254 CFDictionarySetValue(adulterated, kSecAssessmentAssessmentAuthority, authority2);
255 } else {
256 cfadd(adulterated, "{%O={%O='security disabled'}}",
257 kSecAssessmentAssessmentAuthority, kSecAssessmentAssessmentAuthorityOverride);
258 }
259 result = adulterated.get();
260 }
261 }
262 traceResult(assessment, result);
263 return result.yield();
264
265 END_CSAPI_ERRORS1(NULL)
266 }
267
268
269 //
270 // Policy editing operations.
271 // These all make permanent changes to the system-wide authority records.
272 //
273 const CFStringRef kSecAssessmentContextKeyUpdate = CFSTR("update");
274 const CFStringRef kSecAssessmentUpdateOperationAdd = CFSTR("update:add");
275 const CFStringRef kSecAssessmentUpdateOperationRemove = CFSTR("update:remove");
276 const CFStringRef kSecAssessmentUpdateOperationEnable = CFSTR("update:enable");
277 const CFStringRef kSecAssessmentUpdateOperationDisable = CFSTR("update:disable");
278
279 const CFStringRef kSecAssessmentUpdateKeyAuthorization = CFSTR("update:authorization");
280 const CFStringRef kSecAssessmentUpdateKeyPriority = CFSTR("update:priority");
281 const CFStringRef kSecAssessmentUpdateKeyLabel = CFSTR("update:label");
282 const CFStringRef kSecAssessmentUpdateKeyExpires = CFSTR("update:expires");
283 const CFStringRef kSecAssessmentUpdateKeyAllow = CFSTR("update:allow");
284 const CFStringRef kSecAssessmentUpdateKeyRemarks = CFSTR("update:remarks");
285
286 Boolean SecAssessmentUpdate(CFTypeRef target,
287 SecAssessmentFlags flags,
288 CFDictionaryRef context,
289 CFErrorRef *errors)
290 {
291 BEGIN_CSAPI
292
293 CFDictionary ctx(context, errSecCSInvalidAttributeValues);
294
295 if (flags & kSecAssessmentFlagDirect) {
296 // ask the engine right here to do its thing
297 return gEngine().update(target, flags, ctx);
298 } else {
299 // relay the question to our daemon for consideration
300 return xpcEngineUpdate(target, flags, ctx);
301 }
302
303 END_CSAPI_ERRORS1(false)
304 }
305
306
307 //
308 // The fcntl of System Policies.
309 // For those very special requests.
310 //
311 Boolean SecAssessmentControl(CFStringRef control, void *arguments, CFErrorRef *errors)
312 {
313 BEGIN_CSAPI
314
315 if (CFEqual(control, CFSTR("ui-enable"))) {
316 { UnixPlusPlus::AutoFileDesc flagFile(visibleSecurityFlagFile, O_CREAT | O_WRONLY, 0644); }
317 notify_post(kNotifySecAssessmentMasterSwitch);
318 MessageTrace trace("com.apple.security.assessment.state", "enable");
319 trace.send("enable assessment outcomes");
320 return true;
321 } else if (CFEqual(control, CFSTR("ui-disable"))) {
322 if (::remove(visibleSecurityFlagFile) == 0 || errno == ENOENT) {
323 notify_post(kNotifySecAssessmentMasterSwitch);
324 MessageTrace trace("com.apple.security.assessment.state", "disable");
325 trace.send("disable assessment outcomes");
326 return true;
327 }
328 UnixError::throwMe();
329 } else if (CFEqual(control, CFSTR("ui-status"))) {
330 CFBooleanRef &result = *(CFBooleanRef*)(arguments);
331 if (overrideAssessment())
332 result = kCFBooleanFalse;
333 else
334 result = kCFBooleanTrue;
335 return true;
336 } else if (CFEqual(control, CFSTR("ui-enable-devid"))) {
337 CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
338 return gEngine().enable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx);
339 } else if (CFEqual(control, CFSTR("ui-disable-devid"))) {
340 CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
341 return gEngine().disable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx);
342 } else if (CFEqual(control, CFSTR("ui-get-devid"))) {
343 CFBooleanRef &result = *(CFBooleanRef*)(arguments);
344 if (gEngine().value<int>("SELECT disabled FROM authority WHERE label = 'Developer ID';", true))
345 result = kCFBooleanFalse;
346 else
347 result = kCFBooleanTrue;
348 return true;
349 } else
350 MacOSError::throwMe(errSecCSInvalidAttributeValues);
351
352 END_CSAPI_ERRORS1(false)
353 }
mirror of libsecurity_codesigning