[apple/security.git] / libsecurity_codesigning / lib / SecAssessment.cpp

/*
 * Copyright (c) 2011 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
#include "cs.h"
#include "SecAssessment.h"
#include "policydb.h"
#include "policyengine.h"
#include "xpcengine.h"
#include "csutilities.h"
#include <CoreFoundation/CFRuntime.h>
#include <security_utilities/globalizer.h>
#include <security_utilities/unix++.h>
#include <security_utilities/cfmunge.h>
#include <notify.h>

using namespace CodeSigning;


//
// CF Objects
//
struct _SecAssessment : private CFRuntimeBase {
public:
	_SecAssessment(CFURLRef p, CFDictionaryRef r) : path(p), result(r) { }
	
	CFCopyRef<CFURLRef> path;
	CFRef<CFDictionaryRef> result;

public:
	static _SecAssessment &ref(SecAssessmentRef r)
		{ return *(_SecAssessment *)r; }

	// CF Boiler-plate
	void *operator new (size_t size)
	{
		return (void *)_CFRuntimeCreateInstance(NULL, SecAssessmentGetTypeID(),
			sizeof(_SecAssessment) - sizeof(CFRuntimeBase), NULL);
	}
	
	static void finalize(CFTypeRef obj)
	{ ((_SecAssessment *)obj)->~_SecAssessment(); }
};

typedef _SecAssessment SecAssessment;


static const CFRuntimeClass assessmentClass = {
	0,								// version
	"SecAssessment",				// name
	NULL,							// init
	NULL,							// copy
	SecAssessment::finalize,		// finalize
	NULL,							// equal
	NULL,							// hash
	NULL,							// formatting
	NULL							// debug string
};


static dispatch_once_t assessmentOnce;
CFTypeID assessmentType = _kCFRuntimeNotATypeID;
	
CFTypeID SecAssessmentGetTypeID()
{
	
	dispatch_once(&assessmentOnce, ^void() {
		if ((assessmentType = _CFRuntimeRegisterClass(&assessmentClass)) == _kCFRuntimeNotATypeID)
			abort();
	});
	return assessmentType;
}


//
// Common dictionary constants
//
CFStringRef kSecAssessmentContextKeyOperation = CFSTR("operation");
CFStringRef kSecAssessmentOperationTypeExecute = CFSTR("operation:execute");
CFStringRef kSecAssessmentOperationTypeInstall = CFSTR("operation:install");
CFStringRef kSecAssessmentOperationTypeOpenDocument = CFSTR("operation:lsopen");


//
// Read-only in-process access to the policy database
//
class ReadPolicy : public PolicyDatabase {
public:
	ReadPolicy() : PolicyDatabase(defaultDatabase) { }
};
ModuleNexus<ReadPolicy> gDatabase;


//
// An on-demand instance of the policy engine
//
ModuleNexus<PolicyEngine> gEngine;


//
// Policy evaluation ("assessment") operations
//
CFStringRef kSecAssessmentAssessmentVerdict = CFSTR("assessment:verdict");
CFStringRef kSecAssessmentAssessmentOriginator = CFSTR("assessment:originator");
CFStringRef kSecAssessmentAssessmentAuthority = CFSTR("assessment:authority");
CFStringRef kSecAssessmentAssessmentSource = CFSTR("assessment:authority:source");
CFStringRef kSecAssessmentAssessmentAuthorityRow = CFSTR("assessment:authority:row");
CFStringRef kSecAssessmentAssessmentAuthorityOverride = CFSTR("assessment:authority:override");
CFStringRef kSecAssessmentAssessmentFromCache = CFSTR("assessment:authority:cached");

CFStringRef kDisabledOverride = CFSTR("security disabled");

CFStringRef kSecAssessmentContextKeyCertificates = CFSTR("context:certificates");	// obsolete

SecAssessmentRef SecAssessmentCreate(CFURLRef path,
	SecAssessmentFlags flags,
	CFDictionaryRef context,
	CFErrorRef *errors)
{
	BEGIN_CSAPI
	
	if (flags & kSecAssessmentFlagAsynchronous)
		MacOSError::throwMe(errSecCSUnimplemented);
	
	AuthorityType type = typeFor(context, kAuthorityExecute);
	CFRef<CFMutableDictionaryRef> result = makeCFMutableDictionary();

	SYSPOLICY_ASSESS_API(cfString(path).c_str(), int(type), flags);

	try {
		// check the object cache first unless caller denied that or we need extended processing
		if (!(flags & (kSecAssessmentFlagRequestOrigin | kSecAssessmentFlagIgnoreCache))) {
			if (gDatabase().checkCache(path, type, result))
				return new SecAssessment(path, result.yield());
		}
		
		if (flags & kSecAssessmentFlagDirect) {
			// ask the engine right here to do its thing
			SYSPOLICY_ASSESS_LOCAL();
			gEngine().evaluate(path, type, flags, context, result);
		} else {
			// relay the question to our daemon for consideration
			SYSPOLICY_ASSESS_REMOTE();
			xpcEngineAssess(path, flags, context, result);
		}
	} catch (CommonError &error) {
		switch (error.osStatus()) {
		case CSSMERR_TP_CERT_REVOKED:
			throw;
		default:
			if (!overrideAssessment())
				throw;		// let it go as an error
			break;
		}
		// record the error we would have returned
		cfadd(result, "{%O=#F,'assessment:error'=%d}}", kSecAssessmentAssessmentVerdict, error.osStatus());
	} catch (...) {
		// catch stray errors not conforming to the CommonError scheme
		if (!overrideAssessment())
			throw;		// let it go as an error
		cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict);
	}
	return new SecAssessment(path, result.yield());

	END_CSAPI_ERRORS1(NULL)
}


static void traceResult(SecAssessment &assessment, CFDictionaryRef result)
{
	if (CFDictionaryGetValue(result, CFSTR("assessment:remote")))
		return;		// just traced in syspolicyd

	CFRef<CFURLRef> url = CFURLCopyAbsoluteURL(assessment.path);
	string sanitized = cfString(url);
	string::size_type rslash = sanitized.rfind('/');
	if (rslash != string::npos)
		sanitized = sanitized.substr(rslash+1);
	string::size_type dot = sanitized.rfind('.');
	if (dot != string::npos)
		sanitized = sanitized.substr(dot+1);
	else
		sanitized = "(none)";

	string identifier = "UNBUNDLED";
	if (CFRef<CFBundleRef> bundle = CFBundleCreate(NULL, assessment.path))
		if (CFStringRef ident = CFBundleGetIdentifier(bundle))
			identifier = cfString(ident);
	
	string authority = "UNSPECIFIED";
	bool overridden = false;
	if (CFDictionaryRef authdict = CFDictionaryRef(CFDictionaryGetValue(result, kSecAssessmentAssessmentAuthority))) {
		if (CFStringRef auth = CFStringRef(CFDictionaryGetValue(authdict, kSecAssessmentAssessmentSource)))
			authority = cfString(auth);
		else
			authority = "no authority";
		if (CFTypeRef override = CFDictionaryGetValue(authdict, kSecAssessmentAssessmentAuthorityOverride))
			if (CFEqual(override, kDisabledOverride))
				overridden = true;
	}
	
	MessageTrace trace("com.apple.security.assessment.outcome", NULL);
	trace.add("signature2", "bundle:%s", identifier.c_str());
	if (CFDictionaryGetValue(result, kSecAssessmentAssessmentVerdict) == kCFBooleanFalse) {
		trace.add("signature", "denied:%s", authority.c_str());
		trace.add("signature3", sanitized.c_str());
		trace.send("assessment denied for %s", sanitized.c_str());
	} else if (overridden) {
		trace.add("signature", "override:%s", authority.c_str());
		trace.add("signature3", sanitized.c_str());
		trace.send("assessment denied for %s but overridden", sanitized.c_str());
	} else {
		trace.add("signature", "granted:%s", authority.c_str());
		trace.add("signature3", sanitized.c_str());
		trace.send("assessment granted for %s by %s", sanitized.c_str(), authority.c_str());
	}
}


//
// At present, CopyResult simply retrieves the result already formed by Create.
// In the future, this will be more lazy.
//
CFDictionaryRef SecAssessmentCopyResult(SecAssessmentRef assessmentRef,
	SecAssessmentFlags flags,
	CFErrorRef *errors)
{
	BEGIN_CSAPI

	SecAssessment &assessment = SecAssessment::ref(assessmentRef);
	CFCopyRef<CFDictionaryRef> result = assessment.result;
	if (!(flags & kSecAssessmentFlagEnforce) && overrideAssessment()) {
		// turn rejections into approvals, but note that we did that
		if (CFDictionaryGetValue(result, kSecAssessmentAssessmentVerdict) == kCFBooleanFalse) {
			CFRef<CFMutableDictionaryRef> adulterated = makeCFMutableDictionary(result.get());
			CFDictionarySetValue(adulterated, kSecAssessmentAssessmentVerdict, kCFBooleanTrue);
			if (CFDictionaryRef authority = CFDictionaryRef(CFDictionaryGetValue(adulterated, kSecAssessmentAssessmentAuthority))) {
				CFRef<CFMutableDictionaryRef> authority2 = makeCFMutableDictionary(authority);
				CFDictionarySetValue(authority2, kSecAssessmentAssessmentAuthorityOverride, kDisabledOverride);
				CFDictionarySetValue(adulterated, kSecAssessmentAssessmentAuthority, authority2);
			} else {
				cfadd(adulterated, "{%O={%O=%O}}",
					kSecAssessmentAssessmentAuthority, kSecAssessmentAssessmentAuthorityOverride, kDisabledOverride);
			}
			result = adulterated.get();
		}
	}
	traceResult(assessment, result);
	return result.yield();

	END_CSAPI_ERRORS1(NULL)
}


//
// Policy editing operations.
// These all make permanent changes to the system-wide authority records.
//
CFStringRef kSecAssessmentContextKeyUpdate = CFSTR("update");
CFStringRef kSecAssessmentUpdateOperationAdd = CFSTR("update:add");
CFStringRef kSecAssessmentUpdateOperationRemove = CFSTR("update:remove");
CFStringRef kSecAssessmentUpdateOperationEnable = CFSTR("update:enable");
CFStringRef kSecAssessmentUpdateOperationDisable = CFSTR("update:disable");
CFStringRef kSecAssessmentUpdateOperationFind = CFSTR("update:find");

CFStringRef kSecAssessmentUpdateKeyAuthorization = CFSTR("update:authorization");
CFStringRef kSecAssessmentUpdateKeyPriority = CFSTR("update:priority");
CFStringRef kSecAssessmentUpdateKeyLabel = CFSTR("update:label");
CFStringRef kSecAssessmentUpdateKeyExpires = CFSTR("update:expires");
CFStringRef kSecAssessmentUpdateKeyAllow = CFSTR("update:allow");
CFStringRef kSecAssessmentUpdateKeyRemarks = CFSTR("update:remarks");

CFStringRef kSecAssessmentUpdateKeyRow = CFSTR("update:row");
CFStringRef kSecAssessmentUpdateKeyCount = CFSTR("update:count");
CFStringRef kSecAssessmentUpdateKeyFound = CFSTR("update:found");

CFStringRef kSecAssessmentRuleKeyID = CFSTR("rule:id");
CFStringRef kSecAssessmentRuleKeyPriority = CFSTR("rule:priority");
CFStringRef kSecAssessmentRuleKeyAllow = CFSTR("rule:allow");
CFStringRef kSecAssessmentRuleKeyLabel = CFSTR("rule:label");
CFStringRef kSecAssessmentRuleKeyRemarks = CFSTR("rule:remarks");
CFStringRef kSecAssessmentRuleKeyRequirement = CFSTR("rule:requirement");
CFStringRef kSecAssessmentRuleKeyType = CFSTR("rule:type");
CFStringRef kSecAssessmentRuleKeyExpires = CFSTR("rule:expires");
CFStringRef kSecAssessmentRuleKeyDisabled = CFSTR("rule:disabled");
CFStringRef kSecAssessmentRuleKeyBookmark = CFSTR("rule:bookmark");


Boolean SecAssessmentUpdate(CFTypeRef target,
	SecAssessmentFlags flags,
	CFDictionaryRef context,
	CFErrorRef *errors)
{
	if (CFDictionaryRef outcome = SecAssessmentCopyUpdate(target, flags, context, errors)) {
		CFRelease(outcome);
		return true;
	} else {
		return false;
	}
}

CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
	SecAssessmentFlags flags,
	CFDictionaryRef context,
	CFErrorRef *errors)
{
	BEGIN_CSAPI

	CFDictionary ctx(context, errSecCSInvalidAttributeValues);

	if (flags & kSecAssessmentFlagDirect) {
		// ask the engine right here to do its thing
		return gEngine().update(target, flags, ctx);
	} else {
		// relay the question to our daemon for consideration
		return xpcEngineUpdate(target, flags, ctx);
	}

	END_CSAPI_ERRORS1(false)
}


//
// The fcntl of System Policies.
// For those very special requests.
//
Boolean SecAssessmentControl(CFStringRef control, void *arguments, CFErrorRef *errors)
{
	BEGIN_CSAPI
	
	if (CFEqual(control, CFSTR("ui-enable"))) {
		setAssessment(true);
		MessageTrace trace("com.apple.security.assessment.state", "enable");
		trace.send("enable assessment outcomes");
		return true;
	} else if (CFEqual(control, CFSTR("ui-disable"))) {
		setAssessment(false);
		MessageTrace trace("com.apple.security.assessment.state", "disable");
		trace.send("disable assessment outcomes");
		return true;
	} else if (CFEqual(control, CFSTR("ui-status"))) {
		CFBooleanRef &result = *(CFBooleanRef*)(arguments);
		if (overrideAssessment())
			result = kCFBooleanFalse;
		else
			result = kCFBooleanTrue;
		return true;
	} else if (CFEqual(control, CFSTR("ui-enable-devid"))) {
		CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
		if (CFDictionaryRef result = gEngine().enable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx))
			CFRelease(result);
		return true;
	} else if (CFEqual(control, CFSTR("ui-disable-devid"))) {
		CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
		if (CFDictionaryRef result = gEngine().disable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx))
			CFRelease(result);
		return true;
	} else if (CFEqual(control, CFSTR("ui-get-devid"))) {
		CFBooleanRef &result = *(CFBooleanRef*)(arguments);
		if (gEngine().value<int>("SELECT disabled FROM authority WHERE label = 'Developer ID';", true))
			result = kCFBooleanFalse;
		else
			result = kCFBooleanTrue;
		return true;
	} else
		MacOSError::throwMe(errSecCSInvalidAttributeValues);

	END_CSAPI_ERRORS1(false)
}
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2011 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23	#include "cs.h"
	24	#include "SecAssessment.h"
	25	#include "policydb.h"
	26	#include "policyengine.h"
	27	#include "xpcengine.h"
	28	#include "csutilities.h"
	29	#include <CoreFoundation/CFRuntime.h>
	30	#include <security_utilities/globalizer.h>
	31	#include <security_utilities/unix++.h>
	32	#include <security_utilities/cfmunge.h>
	33	#include <notify.h>
	34
	35	using namespace CodeSigning;
	36
	37
	38	//
	39	// CF Objects
	40	//
	41	struct _SecAssessment : private CFRuntimeBase {
	42	public:
	43	_SecAssessment(CFURLRef p, CFDictionaryRef r) : path(p), result(r) { }
	44
	45	CFCopyRef<CFURLRef> path;
	46	CFRef<CFDictionaryRef> result;
	47
	48	public:
	49	static _SecAssessment &ref(SecAssessmentRef r)
	50	{ return (_SecAssessment )r; }
	51
	52	// CF Boiler-plate
	53	void *operator new (size_t size)
	54	{
	55	return (void *)_CFRuntimeCreateInstance(NULL, SecAssessmentGetTypeID(),
	56	sizeof(_SecAssessment) - sizeof(CFRuntimeBase), NULL);
	57	}
	58
	59	static void finalize(CFTypeRef obj)
	60	{ ((_SecAssessment *)obj)->~_SecAssessment(); }
	61	};
	62
	63	typedef _SecAssessment SecAssessment;
	64
65
66	static const CFRuntimeClass assessmentClass = {
67	0, // version
68	"SecAssessment", // name
69	NULL, // init
70	NULL, // copy
71	SecAssessment::finalize, // finalize
72	NULL, // equal
73	NULL, // hash
74	NULL, // formatting
75	NULL // debug string
76	};
77
78
79	static dispatch_once_t assessmentOnce;
80	CFTypeID assessmentType = _kCFRuntimeNotATypeID;
81
82	CFTypeID SecAssessmentGetTypeID()
83	{
84
85	dispatch_once(&assessmentOnce, ^void() {
86	if ((assessmentType = _CFRuntimeRegisterClass(&assessmentClass)) == _kCFRuntimeNotATypeID)
87	abort();
88	});
89	return assessmentType;
90	}
91
92
93	//
94	// Common dictionary constants
95	//
96	CFStringRef kSecAssessmentContextKeyOperation = CFSTR("operation");
97	CFStringRef kSecAssessmentOperationTypeExecute = CFSTR("operation:execute");
98	CFStringRef kSecAssessmentOperationTypeInstall = CFSTR("operation:install");
99	CFStringRef kSecAssessmentOperationTypeOpenDocument = CFSTR("operation:lsopen");
100
101
102	//
103	// Read-only in-process access to the policy database
104	//
105	class ReadPolicy : public PolicyDatabase {
106	public:
107	ReadPolicy() : PolicyDatabase(defaultDatabase) { }
108	};
109	ModuleNexus<ReadPolicy> gDatabase;
110
111
112	//
113	// An on-demand instance of the policy engine
114	//
115	ModuleNexus<PolicyEngine> gEngine;
116
117
118	//
119	// Policy evaluation ("assessment") operations
120	//
121	CFStringRef kSecAssessmentAssessmentVerdict = CFSTR("assessment:verdict");
122	CFStringRef kSecAssessmentAssessmentOriginator = CFSTR("assessment:originator");
123	CFStringRef kSecAssessmentAssessmentAuthority = CFSTR("assessment:authority");
124	CFStringRef kSecAssessmentAssessmentSource = CFSTR("assessment:authority:source");
125	CFStringRef kSecAssessmentAssessmentAuthorityRow = CFSTR("assessment:authority:row");
126	CFStringRef kSecAssessmentAssessmentAuthorityOverride = CFSTR("assessment:authority:override");
127	CFStringRef kSecAssessmentAssessmentFromCache = CFSTR("assessment:authority:cached");
128
129	CFStringRef kDisabledOverride = CFSTR("security disabled");
130
131	CFStringRef kSecAssessmentContextKeyCertificates = CFSTR("context:certificates"); // obsolete
132
133	SecAssessmentRef SecAssessmentCreate(CFURLRef path,
134	SecAssessmentFlags flags,
135	CFDictionaryRef context,
136	CFErrorRef *errors)
137	{
138	BEGIN_CSAPI
139
140	if (flags & kSecAssessmentFlagAsynchronous)
141	MacOSError::throwMe(errSecCSUnimplemented);
142
143	AuthorityType type = typeFor(context, kAuthorityExecute);
144	CFRef<CFMutableDictionaryRef> result = makeCFMutableDictionary();
145
146	SYSPOLICY_ASSESS_API(cfString(path).c_str(), int(type), flags);
147
148	try {
149	// check the object cache first unless caller denied that or we need extended processing
150	if (!(flags & (kSecAssessmentFlagRequestOrigin \| kSecAssessmentFlagIgnoreCache))) {
151	if (gDatabase().checkCache(path, type, result))
152	return new SecAssessment(path, result.yield());
153	}
154
155	if (flags & kSecAssessmentFlagDirect) {
156	// ask the engine right here to do its thing
157	SYSPOLICY_ASSESS_LOCAL();
158	gEngine().evaluate(path, type, flags, context, result);
159	} else {
160	// relay the question to our daemon for consideration
161	SYSPOLICY_ASSESS_REMOTE();
162	xpcEngineAssess(path, flags, context, result);
163	}
164	} catch (CommonError &error) {
165	switch (error.osStatus()) {
166	case CSSMERR_TP_CERT_REVOKED:
167	throw;
168	default:
169	if (!overrideAssessment())
170	throw; // let it go as an error
171	break;
172	}
173	// record the error we would have returned
174	cfadd(result, "{%O=#F,'assessment:error'=%d}}", kSecAssessmentAssessmentVerdict, error.osStatus());
175	} catch (...) {
176	// catch stray errors not conforming to the CommonError scheme
177	if (!overrideAssessment())
178	throw; // let it go as an error
179	cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict);
180	}
181	return new SecAssessment(path, result.yield());
182
183	END_CSAPI_ERRORS1(NULL)
184	}
185
186
187	static void traceResult(SecAssessment &assessment, CFDictionaryRef result)
188	{
189	if (CFDictionaryGetValue(result, CFSTR("assessment:remote")))
190	return; // just traced in syspolicyd
191
192	CFRef<CFURLRef> url = CFURLCopyAbsoluteURL(assessment.path);
193	string sanitized = cfString(url);
194	string::size_type rslash = sanitized.rfind('/');
195	if (rslash != string::npos)
196	sanitized = sanitized.substr(rslash+1);
197	string::size_type dot = sanitized.rfind('.');
198	if (dot != string::npos)
199	sanitized = sanitized.substr(dot+1);
200	else
201	sanitized = "(none)";
202
203	string identifier = "UNBUNDLED";
204	if (CFRef<CFBundleRef> bundle = CFBundleCreate(NULL, assessment.path))
205	if (CFStringRef ident = CFBundleGetIdentifier(bundle))
206	identifier = cfString(ident);
207
208	string authority = "UNSPECIFIED";
209	bool overridden = false;
210	if (CFDictionaryRef authdict = CFDictionaryRef(CFDictionaryGetValue(result, kSecAssessmentAssessmentAuthority))) {
211	if (CFStringRef auth = CFStringRef(CFDictionaryGetValue(authdict, kSecAssessmentAssessmentSource)))
212	authority = cfString(auth);
213	else
214	authority = "no authority";
215	if (CFTypeRef override = CFDictionaryGetValue(authdict, kSecAssessmentAssessmentAuthorityOverride))
216	if (CFEqual(override, kDisabledOverride))
217	overridden = true;
218	}
219
220	MessageTrace trace("com.apple.security.assessment.outcome", NULL);
221	trace.add("signature2", "bundle:%s", identifier.c_str());
222	if (CFDictionaryGetValue(result, kSecAssessmentAssessmentVerdict) == kCFBooleanFalse) {
223	trace.add("signature", "denied:%s", authority.c_str());
224	trace.add("signature3", sanitized.c_str());
225	trace.send("assessment denied for %s", sanitized.c_str());
226	} else if (overridden) {
227	trace.add("signature", "override:%s", authority.c_str());
228	trace.add("signature3", sanitized.c_str());
229	trace.send("assessment denied for %s but overridden", sanitized.c_str());
230	} else {
231	trace.add("signature", "granted:%s", authority.c_str());
232	trace.add("signature3", sanitized.c_str());
233	trace.send("assessment granted for %s by %s", sanitized.c_str(), authority.c_str());
234	}
235	}
236
237
238	//
239	// At present, CopyResult simply retrieves the result already formed by Create.
240	// In the future, this will be more lazy.
241	//
242	CFDictionaryRef SecAssessmentCopyResult(SecAssessmentRef assessmentRef,
243	SecAssessmentFlags flags,
244	CFErrorRef *errors)
245	{
246	BEGIN_CSAPI
247
248	SecAssessment &assessment = SecAssessment::ref(assessmentRef);
249	CFCopyRef<CFDictionaryRef> result = assessment.result;
250	if (!(flags & kSecAssessmentFlagEnforce) && overrideAssessment()) {
251	// turn rejections into approvals, but note that we did that
252	if (CFDictionaryGetValue(result, kSecAssessmentAssessmentVerdict) == kCFBooleanFalse) {
253	CFRef<CFMutableDictionaryRef> adulterated = makeCFMutableDictionary(result.get());
254	CFDictionarySetValue(adulterated, kSecAssessmentAssessmentVerdict, kCFBooleanTrue);
255	if (CFDictionaryRef authority = CFDictionaryRef(CFDictionaryGetValue(adulterated, kSecAssessmentAssessmentAuthority))) {
256	CFRef<CFMutableDictionaryRef> authority2 = makeCFMutableDictionary(authority);
257	CFDictionarySetValue(authority2, kSecAssessmentAssessmentAuthorityOverride, kDisabledOverride);
258	CFDictionarySetValue(adulterated, kSecAssessmentAssessmentAuthority, authority2);
259	} else {
260	cfadd(adulterated, "{%O={%O=%O}}",
261	kSecAssessmentAssessmentAuthority, kSecAssessmentAssessmentAuthorityOverride, kDisabledOverride);
262	}
263	result = adulterated.get();
264	}
265	}
266	traceResult(assessment, result);
267	return result.yield();
268
269	END_CSAPI_ERRORS1(NULL)
270	}
271
272
273	//
274	// Policy editing operations.
275	// These all make permanent changes to the system-wide authority records.
276	//
277	CFStringRef kSecAssessmentContextKeyUpdate = CFSTR("update");
278	CFStringRef kSecAssessmentUpdateOperationAdd = CFSTR("update:add");
279	CFStringRef kSecAssessmentUpdateOperationRemove = CFSTR("update:remove");
280	CFStringRef kSecAssessmentUpdateOperationEnable = CFSTR("update:enable");
281	CFStringRef kSecAssessmentUpdateOperationDisable = CFSTR("update:disable");
282	CFStringRef kSecAssessmentUpdateOperationFind = CFSTR("update:find");
283
284	CFStringRef kSecAssessmentUpdateKeyAuthorization = CFSTR("update:authorization");
285	CFStringRef kSecAssessmentUpdateKeyPriority = CFSTR("update:priority");
286	CFStringRef kSecAssessmentUpdateKeyLabel = CFSTR("update:label");
287	CFStringRef kSecAssessmentUpdateKeyExpires = CFSTR("update:expires");
288	CFStringRef kSecAssessmentUpdateKeyAllow = CFSTR("update:allow");
289	CFStringRef kSecAssessmentUpdateKeyRemarks = CFSTR("update:remarks");
290
291	CFStringRef kSecAssessmentUpdateKeyRow = CFSTR("update:row");
292	CFStringRef kSecAssessmentUpdateKeyCount = CFSTR("update:count");
293	CFStringRef kSecAssessmentUpdateKeyFound = CFSTR("update:found");
294
295	CFStringRef kSecAssessmentRuleKeyID = CFSTR("rule:id");
296	CFStringRef kSecAssessmentRuleKeyPriority = CFSTR("rule:priority");
297	CFStringRef kSecAssessmentRuleKeyAllow = CFSTR("rule:allow");
298	CFStringRef kSecAssessmentRuleKeyLabel = CFSTR("rule:label");
299	CFStringRef kSecAssessmentRuleKeyRemarks = CFSTR("rule:remarks");
300	CFStringRef kSecAssessmentRuleKeyRequirement = CFSTR("rule:requirement");
301	CFStringRef kSecAssessmentRuleKeyType = CFSTR("rule:type");
302	CFStringRef kSecAssessmentRuleKeyExpires = CFSTR("rule:expires");
303	CFStringRef kSecAssessmentRuleKeyDisabled = CFSTR("rule:disabled");
304	CFStringRef kSecAssessmentRuleKeyBookmark = CFSTR("rule:bookmark");
305
306
307	Boolean SecAssessmentUpdate(CFTypeRef target,
308	SecAssessmentFlags flags,
309	CFDictionaryRef context,
310	CFErrorRef *errors)
311	{
312	if (CFDictionaryRef outcome = SecAssessmentCopyUpdate(target, flags, context, errors)) {
313	CFRelease(outcome);
314	return true;
315	} else {
316	return false;
317	}
318	}
319
320	CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
321	SecAssessmentFlags flags,
322	CFDictionaryRef context,
323	CFErrorRef *errors)
324	{
325	BEGIN_CSAPI
326
327	CFDictionary ctx(context, errSecCSInvalidAttributeValues);
328
329	if (flags & kSecAssessmentFlagDirect) {
330	// ask the engine right here to do its thing
331	return gEngine().update(target, flags, ctx);
332	} else {
333	// relay the question to our daemon for consideration
334	return xpcEngineUpdate(target, flags, ctx);
335	}
336
337	END_CSAPI_ERRORS1(false)
338	}
339
340
341	//
342	// The fcntl of System Policies.
343	// For those very special requests.
344	//
345	Boolean SecAssessmentControl(CFStringRef control, void arguments, CFErrorRef errors)
346	{
347	BEGIN_CSAPI
348
349	if (CFEqual(control, CFSTR("ui-enable"))) {
350	setAssessment(true);
351	MessageTrace trace("com.apple.security.assessment.state", "enable");
352	trace.send("enable assessment outcomes");
353	return true;
354	} else if (CFEqual(control, CFSTR("ui-disable"))) {
355	setAssessment(false);
356	MessageTrace trace("com.apple.security.assessment.state", "disable");
357	trace.send("disable assessment outcomes");
358	return true;
359	} else if (CFEqual(control, CFSTR("ui-status"))) {
360	CFBooleanRef &result = (CFBooleanRef)(arguments);
361	if (overrideAssessment())
362	result = kCFBooleanFalse;
363	else
364	result = kCFBooleanTrue;
365	return true;
366	} else if (CFEqual(control, CFSTR("ui-enable-devid"))) {
367	CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
368	if (CFDictionaryRef result = gEngine().enable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx))
369	CFRelease(result);
370	return true;
371	} else if (CFEqual(control, CFSTR("ui-disable-devid"))) {
372	CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
373	if (CFDictionaryRef result = gEngine().disable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx))
374	CFRelease(result);
375	return true;
376	} else if (CFEqual(control, CFSTR("ui-get-devid"))) {
377	CFBooleanRef &result = (CFBooleanRef)(arguments);
378	if (gEngine().value<int>("SELECT disabled FROM authority WHERE label = 'Developer ID';", true))
379	result = kCFBooleanFalse;
380	else
381	result = kCFBooleanTrue;
382	return true;
383	} else
384	MacOSError::throwMe(errSecCSInvalidAttributeValues);
385
386	END_CSAPI_ERRORS1(false)
387	}