[apple/security.git] / libsecurity_codesigning / lib / diskrep.h

/*
 * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// diskrep - disk representations of code
//
#ifndef _H_DISKREP
#define _H_DISKREP

#include "cs.h"
#include "codedirectory.h"
#include "cdbuilder.h"
#include "requirement.h"
#include "resources.h"
#include <security_utilities/macho++.h>		// for class Architecture
#include <security_utilities/refcount.h>
#include <security_utilities/superblob.h>
#include <CoreFoundation/CFData.h>

namespace Security {
namespace CodeSigning {

class ResourceBuilder;


//
// DiskRep is an abstract interface to code somewhere located by
// a file system path. It presents the ability to read and write
// Code Signing-related information about such code without exposing
// the details of the storage locations or formats.
//
class DiskRep : public RefCount {
public:
	class SigningContext;
	
public:
	DiskRep();
	virtual ~DiskRep();
	virtual DiskRep *base();
	virtual CFDataRef component(CodeDirectory::SpecialSlot slot) = 0; // fetch component
	virtual CFDataRef identification() = 0;					// binary lookup identifier
	virtual std::string mainExecutablePath() = 0;			// path to main executable
	virtual CFURLRef canonicalPath() = 0;					// path to whole code
	virtual std::string resourcesRootPath();				// resource directory if any [none]
	virtual void adjustResources(ResourceBuilder &builder);	// adjust resource rule set [no change]
	virtual Universal *mainExecutableImage();				// Mach-O image if Mach-O based [null]
	virtual size_t signingBase();							// start offset of signed area in main executable [zero]
	virtual size_t signingLimit() = 0;						// size of signed area in main executable
	virtual std::string format() = 0;						// human-readable type string
	virtual CFArrayRef modifiedFiles();						// list of files modified by signing [main execcutable only]
	virtual UnixPlusPlus::FileDesc &fd() = 0;				// a cached file descriptor for main executable file
	virtual void flush();									// flush caches (refetch as needed)

	// default values for signing operations
	virtual std::string recommendedIdentifier(const SigningContext &ctx) = 0; // default identifier
	virtual CFDictionaryRef defaultResourceRules(const SigningContext &ctx); // default resource rules [none]
	virtual const Requirements *defaultRequirements(const Architecture *arch,
		const SigningContext &ctx);							// default internal requirements [none]
	virtual size_t pageSize(const SigningContext &ctx);		// default main executable page size [infinite, i.e. no paging]
	
	bool mainExecutableIsMachO() { return mainExecutableImage() != NULL; }
	
	// shorthands
	CFDataRef codeDirectory()	{ return component(cdCodeDirectorySlot); }
	CFDataRef signature()		{ return component(cdSignatureSlot); }

public:
	class Writer;
	virtual Writer *writer();								// Writer factory

public:
	// optional information that might be used to create a suitable DiskRep. All optional
	struct Context {
		Context() : arch(Architecture::none), version(NULL), offset(0), fileOnly(false), inMemory(NULL) { }
		Architecture arch;			// explicit architecture (choose amongst universal variants)
		const char *version;		// bundle version (string)
		off_t offset;				// explicit file offset
		bool fileOnly;				// only consider single-file representations (no bundles etc.)
		const void *inMemory;		// consider using in-memory copy at this address
	};

	static DiskRep *bestGuess(const char *path, const Context *ctx = NULL); // canonical heuristic, any path
	static DiskRep *bestFileGuess(const char *path, const Context *ctx = NULL); // ctx (if any) + fileOnly
	static DiskRep *bestGuess(const char *path, size_t archOffset); // Mach-O at given file offset only

	// versions using std::string paths (merely a convenience)
	static DiskRep *bestGuess(const std::string &path, const Context *ctx = NULL)
		{ return bestGuess(path.c_str(), ctx); }
	static DiskRep *bestGuess(const std::string &path, size_t archOffset) { return bestGuess(path.c_str(), archOffset); }
	static DiskRep *bestFileGuess(const std::string &path, const Context *ctx = NULL) { return bestFileGuess(path.c_str(), ctx); }

public:
	// see DiskRep::Writer docs for why this is here
	class SigningContext {
	protected:
		SigningContext() { }

	public:
		virtual std::string sdkPath(const std::string &path) const = 0;
		virtual bool isAdhoc() const = 0;
		virtual SecCSFlags signingFlags() const = 0;
	};

protected:
	// canonically derive a suggested signing identifier from some string
	static std::string canonicalIdentifier(const std::string &name);
	
public:
	static const size_t segmentedPageSize = 4096;	// default page size for system-paged signatures
	static const size_t monolithicPageSize = 0;		// default page size for non-Mach-O executables
};


//
// Write-access objects.
// At this layer they are quite abstract, carrying just the functionality needed
// for the signing machinery to place data wherever it should go. Each DiskRep subclass
// that supports writing signing data to a place inside the code needs to implement
// a subclass of Writer and return an instance in the DiskRep::writer() method when asked.
//
// The Writer class is subclassed interestingly by the Mach-O multi-architecture signing code,
// which is handled as a special case. This means that not all Writer subclass objects were made
// by DiskRep::writer, and it is unwise to assume so.
//
// Note that the methods that provide defaults for signing operations are in DiskRep rather
// than here. That's because writers abstract data *sending*, and are virtual on management
// of stored data, while DiskRep is virtual on the existing code object, which is where
// we get our defaults from.
//
class DiskRep::Writer : public RefCount {
public:
	Writer(uint32_t attrs = 0);
	virtual ~Writer();
	virtual void component(CodeDirectory::SpecialSlot slot, CFDataRef data) = 0;
	virtual uint32_t attributes() const;
	virtual void addDiscretionary(CodeDirectory::Builder &builder);
	virtual void remove();
	virtual void flush();

	bool attribute(uint32_t attr) const		{ return mAttributes & attr; }
	
	void signature(CFDataRef data)			{ component(cdSignatureSlot, data); }
	void codeDirectory(const CodeDirectory *cd)
		{ component(cdCodeDirectorySlot, CFTempData(cd->data(), cd->length())); }
	
private:
	Architecture mArch;
	uint32_t mAttributes;
};

//
// Writer attributes. Defaults should be off-bits.
//
enum {
	writerLastResort = 0x0001,			// prefers not to store attributes itself
	writerNoGlobal = 0x0002,			// has only per-architecture storage
};


//
// A prefix DiskRep that filters (only) signature-dependent behavior and passes
// all code-dependent behavior off to an underlying (different) DiskRep.
// FilterRep subclasses are typically "stacked" on top of their base DiskRep, and
// then used in their place.
//
class FilterRep : public DiskRep {
public:
	FilterRep(DiskRep *orig) : mOriginal(orig) { }
	
	DiskRep *base()							{ return mOriginal; }
	
	// things that look at signature components are filtered
	CFDataRef component(CodeDirectory::SpecialSlot slot) = 0;

	// the rest of the virtual behavior devolves on the original DiskRep
	CFDataRef identification()				{ return mOriginal->identification(); }
	std::string mainExecutablePath()		{ return mOriginal->mainExecutablePath(); }
	CFURLRef canonicalPath()				{ return mOriginal->canonicalPath(); }
	std::string resourcesRootPath()			{ return mOriginal->resourcesRootPath(); }
	void adjustResources(ResourceBuilder &builder) { return mOriginal->adjustResources(builder); }
	Universal *mainExecutableImage()		{ return mOriginal->mainExecutableImage(); }
	size_t signingBase()					{ return mOriginal->signingBase(); }
	size_t signingLimit()					{ return mOriginal->signingLimit(); }
	std::string format()					{ return mOriginal->format(); }
	CFArrayRef modifiedFiles()				{ return mOriginal->modifiedFiles(); }
	UnixPlusPlus::FileDesc &fd()			{ return mOriginal->fd(); }
	void flush()							{ return mOriginal->flush(); }
	
	std::string recommendedIdentifier(const SigningContext &ctx)
		{ return mOriginal->recommendedIdentifier(ctx); }
	CFDictionaryRef defaultResourceRules(const SigningContext &ctx)
		{ return mOriginal->defaultResourceRules(ctx); }

private:
	RefPointer<DiskRep> mOriginal;			// underlying representation
};


} // end namespace CodeSigning
} // end namespace Security

#endif // !_H_DISKREP
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// diskrep - disk representations of code
	26	//
	27	#ifndef _H_DISKREP
	28	#define _H_DISKREP
	29
	30	#include "cs.h"
	31	#include "codedirectory.h"
	32	#include "cdbuilder.h"
	33	#include "requirement.h"
	34	#include "resources.h"
	35	#include <security_utilities/macho++.h> // for class Architecture
	36	#include <security_utilities/refcount.h>
	37	#include <security_utilities/superblob.h>
	38	#include <CoreFoundation/CFData.h>
	39
	40	namespace Security {
	41	namespace CodeSigning {
	42
427c49bc A	43	class ResourceBuilder;
427c49bc A	44
b1ab9ed8 A	45
	46	//
	47	// DiskRep is an abstract interface to code somewhere located by
	48	// a file system path. It presents the ability to read and write
	49	// Code Signing-related information about such code without exposing
	50	// the details of the storage locations or formats.
	51	//
	52	class DiskRep : public RefCount {
	53	public:
	54	class SigningContext;
	55
	56	public:
	57	DiskRep();
	58	virtual ~DiskRep();
	59	virtual DiskRep *base();
	60	virtual CFDataRef component(CodeDirectory::SpecialSlot slot) = 0; // fetch component
	61	virtual CFDataRef identification() = 0; // binary lookup identifier
	62	virtual std::string mainExecutablePath() = 0; // path to main executable
	63	virtual CFURLRef canonicalPath() = 0; // path to whole code
	64	virtual std::string resourcesRootPath(); // resource directory if any [none]
	65	virtual void adjustResources(ResourceBuilder &builder); // adjust resource rule set [no change]
	66	virtual Universal *mainExecutableImage(); // Mach-O image if Mach-O based [null]
	67	virtual size_t signingBase(); // start offset of signed area in main executable [zero]
	68	virtual size_t signingLimit() = 0; // size of signed area in main executable
	69	virtual std::string format() = 0; // human-readable type string
	70	virtual CFArrayRef modifiedFiles(); // list of files modified by signing [main execcutable only]
	71	virtual UnixPlusPlus::FileDesc &fd() = 0; // a cached file descriptor for main executable file
	72	virtual void flush(); // flush caches (refetch as needed)
	73
	74	// default values for signing operations
	75	virtual std::string recommendedIdentifier(const SigningContext &ctx) = 0; // default identifier
	76	virtual CFDictionaryRef defaultResourceRules(const SigningContext &ctx); // default resource rules [none]
	77	virtual const Requirements defaultRequirements(const Architecture arch,
	78	const SigningContext &ctx); // default internal requirements [none]
	79	virtual size_t pageSize(const SigningContext &ctx); // default main executable page size [infinite, i.e. no paging]
	80
	81	bool mainExecutableIsMachO() { return mainExecutableImage() != NULL; }
	82
	83	// shorthands
	84	CFDataRef codeDirectory() { return component(cdCodeDirectorySlot); }
	85	CFDataRef signature() { return component(cdSignatureSlot); }
	86
	87	public:
	88	class Writer;
	89	virtual Writer *writer(); // Writer factory
	90
	91	public:
	92	// optional information that might be used to create a suitable DiskRep. All optional
	93	struct Context {
	94	Context() : arch(Architecture::none), version(NULL), offset(0), fileOnly(false), inMemory(NULL) { }
	95	Architecture arch; // explicit architecture (choose amongst universal variants)
	96	const char *version; // bundle version (string)
	97	off_t offset; // explicit file offset
	98	bool fileOnly; // only consider single-file representations (no bundles etc.)
	99	const void *inMemory; // consider using in-memory copy at this address
	100	};
	101
	102	static DiskRep bestGuess(const char path, const Context *ctx = NULL); // canonical heuristic, any path
	103	static DiskRep bestFileGuess(const char path, const Context *ctx = NULL); // ctx (if any) + fileOnly
	104	static DiskRep bestGuess(const char path, size_t archOffset); // Mach-O at given file offset only
	105
	106	// versions using std::string paths (merely a convenience)
	107	static DiskRep bestGuess(const std::string &path, const Context ctx = NULL)
	108	{ return bestGuess(path.c_str(), ctx); }
109	static DiskRep *bestGuess(const std::string &path, size_t archOffset) { return bestGuess(path.c_str(), archOffset); }
110	static DiskRep bestFileGuess(const std::string &path, const Context ctx = NULL) { return bestFileGuess(path.c_str(), ctx); }
111
112	public:
113	// see DiskRep::Writer docs for why this is here
114	class SigningContext {
115	protected:
116	SigningContext() { }
117
118	public:
119	virtual std::string sdkPath(const std::string &path) const = 0;
120	virtual bool isAdhoc() const = 0;
427c49bc	121	virtual SecCSFlags signingFlags() const = 0;
b1ab9ed8 A	122	};
	123
	124	protected:
	125	// canonically derive a suggested signing identifier from some string
	126	static std::string canonicalIdentifier(const std::string &name);
	127
	128	public:
	129	static const size_t segmentedPageSize = 4096; // default page size for system-paged signatures
	130	static const size_t monolithicPageSize = 0; // default page size for non-Mach-O executables
	131	};
	132
	133
	134	//
	135	// Write-access objects.
	136	// At this layer they are quite abstract, carrying just the functionality needed
	137	// for the signing machinery to place data wherever it should go. Each DiskRep subclass
	138	// that supports writing signing data to a place inside the code needs to implement
	139	// a subclass of Writer and return an instance in the DiskRep::writer() method when asked.
	140	//
	141	// The Writer class is subclassed interestingly by the Mach-O multi-architecture signing code,
	142	// which is handled as a special case. This means that not all Writer subclass objects were made
	143	// by DiskRep::writer, and it is unwise to assume so.
	144	//
	145	// Note that the methods that provide defaults for signing operations are in DiskRep rather
	146	// than here. That's because writers abstract data sending, and are virtual on management
	147	// of stored data, while DiskRep is virtual on the existing code object, which is where
	148	// we get our defaults from.
	149	//
	150	class DiskRep::Writer : public RefCount {
	151	public:
	152	Writer(uint32_t attrs = 0);
	153	virtual ~Writer();
	154	virtual void component(CodeDirectory::SpecialSlot slot, CFDataRef data) = 0;
	155	virtual uint32_t attributes() const;
	156	virtual void addDiscretionary(CodeDirectory::Builder &builder);
	157	virtual void remove();
	158	virtual void flush();
	159
	160	bool attribute(uint32_t attr) const { return mAttributes & attr; }
	161
	162	void signature(CFDataRef data) { component(cdSignatureSlot, data); }
	163	void codeDirectory(const CodeDirectory *cd)
	164	{ component(cdCodeDirectorySlot, CFTempData(cd->data(), cd->length())); }
	165
	166	private:
	167	Architecture mArch;
	168	uint32_t mAttributes;
	169	};
	170
	171	//
	172	// Writer attributes. Defaults should be off-bits.
	173	//
	174	enum {
	175	writerLastResort = 0x0001, // prefers not to store attributes itself
	176	writerNoGlobal = 0x0002, // has only per-architecture storage
	177	};
	178
	179
	180	//
	181	// A prefix DiskRep that filters (only) signature-dependent behavior and passes
	182	// all code-dependent behavior off to an underlying (different) DiskRep.
	183	// FilterRep subclasses are typically "stacked" on top of their base DiskRep, and
	184	// then used in their place.
	185	//
186	class FilterRep : public DiskRep {
187	public:
188	FilterRep(DiskRep *orig) : mOriginal(orig) { }
189
190	DiskRep *base() { return mOriginal; }
191
192	// things that look at signature components are filtered
193	CFDataRef component(CodeDirectory::SpecialSlot slot) = 0;
194
195	// the rest of the virtual behavior devolves on the original DiskRep
196	CFDataRef identification() { return mOriginal->identification(); }
197	std::string mainExecutablePath() { return mOriginal->mainExecutablePath(); }
198	CFURLRef canonicalPath() { return mOriginal->canonicalPath(); }
199	std::string resourcesRootPath() { return mOriginal->resourcesRootPath(); }
200	void adjustResources(ResourceBuilder &builder) { return mOriginal->adjustResources(builder); }
201	Universal *mainExecutableImage() { return mOriginal->mainExecutableImage(); }
202	size_t signingBase() { return mOriginal->signingBase(); }
203	size_t signingLimit() { return mOriginal->signingLimit(); }
204	std::string format() { return mOriginal->format(); }
205	CFArrayRef modifiedFiles() { return mOriginal->modifiedFiles(); }
206	UnixPlusPlus::FileDesc &fd() { return mOriginal->fd(); }
207	void flush() { return mOriginal->flush(); }
208
209	std::string recommendedIdentifier(const SigningContext &ctx)
210	{ return mOriginal->recommendedIdentifier(ctx); }
211	CFDictionaryRef defaultResourceRules(const SigningContext &ctx)
212	{ return mOriginal->defaultResourceRules(ctx); }
213
214	private:
215	RefPointer<DiskRep> mOriginal; // underlying representation
216	};
217
218
219	} // end namespace CodeSigning
220	} // end namespace Security
221
222	#endif // !_H_DISKREP