OSX/libsecurity_codesigning/lib/csprocess.cpp

   1 /*
   2  * Copyright (c) 2006,2011,2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // csprocess - UNIX process implementation of the Code Signing Host Interface
  26 //
  27 #include "csprocess.h"
  28 #include "cskernel.h"
  29 #include <securityd_client/ssclient.h>
  30 #include <System/sys/codesign.h>
  31
  32 namespace Security {
  33 namespace CodeSigning {
  34
  35
  36 //
  37 // Construct a running process representation
  38 //
  39 ProcessCode::ProcessCode(pid_t pid, const audit_token_t* token, PidDiskRep *pidDiskRep /*= NULL */)
  40         : GenericCode(KernelCode::active()), mPid(pid), mPidBased(pidDiskRep)
  41 {
  42         if (token)
  43                 mAudit = new audit_token_t(*token);
  44         else
  45                 mAudit = NULL;
  46 }
  47
  48
  49 mach_port_t ProcessCode::getHostingPort()
  50 {
  51         return SecurityServer::ClientSession().hostingPort(pid());
  52 }
  53
  54
  55 int ProcessCode::csops(unsigned int ops, void *addr, size_t size)
  56 {
  57         // pass pid and audit token both if we have it, or just the pid if we don't
  58         if (mAudit)
  59                 return ::csops_audittoken(mPid, ops, addr, size, mAudit);
  60         else
  61                 return ::csops(mPid, ops, addr, size);
  62 }
  63
  64
  65 /*
  66  *
  67  */
  68
  69 ProcessDynamicCode::ProcessDynamicCode(ProcessCode *guest)
  70         : SecStaticCode(guest->pidBased()), mGuest(guest)
  71 {
  72 }
  73
  74 CFDataRef ProcessDynamicCode::component(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)
  75 {
  76         if (slot == cdInfoSlot && !mGuest->pidBased()->supportInfoPlist())
  77                 return NULL;
  78         else if (slot == cdResourceDirSlot)
  79                 return NULL;
  80         return SecStaticCode::component(slot, fail);
  81 }
  82
  83 CFDictionaryRef ProcessDynamicCode::infoDictionary()
  84 {
  85         if (mGuest->pidBased()->supportInfoPlist())
  86                 return SecStaticCode::infoDictionary();
  87         if (!mEmptyInfoDict) {
  88                 mEmptyInfoDict.take(makeCFDictionary(0));
  89         }
  90         return mEmptyInfoDict;
  91 }
  92
  93 void ProcessDynamicCode::validateComponent(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)
  94 {
  95         if (slot == cdInfoSlot && !mGuest->pidBased()->supportInfoPlist())
  96                 return;
  97         else if (slot == cdResourceDirSlot)
  98                 return;
  99         SecStaticCode::validateComponent(slot, fail);
 100 }
 101
 102
 103
 104 } // CodeSigning
 105 } // Security