projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| 29654253 A |
1 | /* |
| 2 | * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. | |
| 3 | * | |
| 4 | * The contents of this file constitute Original Code as defined in and are | |
| 5 | * subject to the Apple Public Source License Version 1.2 (the 'License'). | |
| 6 | * You may not use this file except in compliance with the License. Please obtain | |
| 7 | * a copy of the License at http://www.apple.com/publicsource and read it before | |
| 8 | * using this file. | |
| 9 | * | |
| 10 | * This Original Code and all software distributed under the License are | |
| 11 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS | |
| 12 | * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT | |
| 13 | * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR | |
| 14 | * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the | |
| 15 | * specific language governing rights and limitations under the License. | |
| 16 | */ | |
| 17 | ||
| df0e469f A |
18 | #include <Security/SecTrustedApplicationPriv.h> |
| 19 | #include <Security/TrustedApplication.h> | |
| 20 | #include <Security/ssclient.h> | |
| 29654253 A |
21 | |
| 22 | #include "SecBridge.h" | |
| 23 | ||
| 24 | ||
| 25 | CFTypeID | |
| 26 | SecTrustedApplicationGetTypeID(void) | |
| 27 | { | |
| 28 | BEGIN_SECAPI | |
| 29 | ||
| df0e469f | 30 | return gTypes().TrustedApplication.typeID; |
| 29654253 A |
31 | |
| 32 | END_SECAPI1(_kCFRuntimeNotATypeID) | |
| 33 | } | |
| 34 | ||
| 35 | ||
| 36 | OSStatus | |
| 37 | SecTrustedApplicationCreateFromPath(const char *path, SecTrustedApplicationRef *appRef) | |
| 38 | { | |
| 39 | BEGIN_SECAPI | |
| df0e469f | 40 | SecPointer<TrustedApplication> app = |
| 29654253 | 41 | path ? new TrustedApplication(path) : new TrustedApplication; |
| df0e469f | 42 | Required(appRef) = app->handle(); |
| 29654253 A |
43 | END_SECAPI |
| 44 | } | |
| 45 | ||
| 46 | /*! | |
| 47 | */ | |
| 48 | OSStatus SecTrustedApplicationCopyData(SecTrustedApplicationRef appRef, | |
| 49 | CFDataRef *dataRef) | |
| 50 | { | |
| 51 | BEGIN_SECAPI | |
| df0e469f | 52 | const CssmData &data = TrustedApplication::required(appRef)->data(); |
| 29654253 A |
53 | Required(dataRef) = CFDataCreate(NULL, (const UInt8 *)data.data(), data.length()); |
| 54 | END_SECAPI | |
| 55 | } | |
| 56 | ||
| 57 | OSStatus SecTrustedApplicationSetData(SecTrustedApplicationRef appRef, | |
| 58 | CFDataRef dataRef) | |
| 59 | { | |
| 60 | BEGIN_SECAPI | |
| df0e469f | 61 | TrustedApplication::required(appRef)->data(cfData(dataRef)); |
| 29654253 A |
62 | END_SECAPI |
| 63 | } | |
| 64 | ||
| df0e469f A |
65 | |
| 66 | OSStatus | |
| 67 | SecTrustedApplicationValidateWithPath(SecTrustedApplicationRef appRef, const char *path) | |
| 68 | { | |
| 69 | BEGIN_SECAPI | |
| 70 | TrustedApplication &app = *TrustedApplication::required(appRef); | |
| 71 | if (!app.sameSignature(path ? path : app.path())) | |
| 72 | return CSSMERR_CSP_VERIFY_FAILED; | |
| 73 | END_SECAPI | |
| 74 | } | |
| 75 | ||
| 76 | ||
| 77 | OSStatus | |
| 78 | SecTrustedApplicationMakeEquivalent(SecTrustedApplicationRef oldRef, | |
| 79 | SecTrustedApplicationRef newRef, UInt32 flags) | |
| 80 | { | |
| 81 | BEGIN_SECAPI | |
| 82 | if (flags & ~kSecApplicationValidFlags) | |
| 83 | return paramErr; | |
| 84 | SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); | |
| 85 | TrustedApplication *oldApp = TrustedApplication::required(oldRef); | |
| 86 | TrustedApplication *newApp = TrustedApplication::required(newRef); | |
| 87 | ss.addCodeEquivalence(oldApp->signature(), newApp->signature(), oldApp->path(), | |
| 88 | flags & kSecApplicationFlagSystemwide); | |
| 89 | END_SECAPI | |
| 90 | } | |
| 91 | ||
| 92 | OSStatus | |
| 93 | SecTrustedApplicationRemoveEquivalence(SecTrustedApplicationRef appRef, UInt32 flags) | |
| 94 | { | |
| 95 | BEGIN_SECAPI | |
| 96 | if (flags & ~kSecApplicationValidFlags) | |
| 97 | return paramErr; | |
| 98 | SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); | |
| 99 | TrustedApplication *app = TrustedApplication::required(appRef); | |
| 100 | ss.removeCodeEquivalence(app->signature(), app->path(), | |
| 101 | flags & kSecApplicationFlagSystemwide); | |
| 102 | END_SECAPI | |
| 103 | } | |
| 104 | ||
| 105 | ||
| 106 | /* | |
| 107 | * Check to see if an application at a given path is a candidate for | |
| 108 | * pre-emptive code equivalency establishment | |
| 109 | */ | |
| 110 | OSStatus | |
| 111 | SecTrustedApplicationIsUpdateCandidate(const char *installroot, const char *path) | |
| 112 | { | |
| 113 | BEGIN_SECAPI | |
| 114 | ||
| 115 | // strip installroot | |
| 116 | if (installroot) { | |
| 117 | size_t rootlen = strlen(installroot); | |
| 118 | if (!strncmp(installroot, path, rootlen)) | |
| 119 | path += rootlen - 1; // keep the slash | |
| 120 | } | |
| 121 | ||
| 122 | // look up in database | |
| 123 | static ModuleNexus<PathDatabase> paths; | |
| 124 | if (!paths()[path]) | |
| 125 | return CSSMERR_DL_RECORD_NOT_FOUND; // whatever | |
| 126 | END_SECAPI | |
| 127 | } | |
| 128 | ||
| 129 | ||
| 130 | /* | |
| 131 | * Point the system at another system root for equivalence use. | |
| 132 | * This is for system update installers (only)! | |
| 133 | */ | |
| 134 | OSStatus | |
| 135 | SecTrustedApplicationUseAlternateSystem(const char *systemRoot) | |
| 136 | { | |
| 137 | BEGIN_SECAPI | |
| 138 | Required(systemRoot); | |
| 139 | SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); | |
| 140 | ss.setAlternateSystemRoot(systemRoot); | |
| 141 | END_SECAPI | |
| 142 | } |