]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/slcrep.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.260.20.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / slcrep.cpp
1 /*
2 * Copyright (c) 2009,2011-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // slcrep - DiskRep representing the Mac OS Shared Library Cache
26 //
27 #include "slcrep.h"
28
29
30 namespace Security {
31 namespace CodeSigning {
32
33 using namespace UnixPlusPlus;
34
35
36 //
37 // Object management.
38 // We open the file lazily, so nothing much happens on constructions.
39 // We can construct directly from a file path, or from an architecture
40 // (represented by Context), which will find the file in its usual
41 // location on disk.
42 //
43 DYLDCacheRep::DYLDCacheRep(const char *path)
44 : SingleDiskRep(path), mCache(path)
45 {
46 this->setup();
47 }
48
49 DYLDCacheRep::DYLDCacheRep(const Context *ctx)
50 : SingleDiskRep(DYLDCache::pathFor(((ctx && ctx->arch) ? ctx->arch : Architecture::local()))),
51 mCache(this->path())
52 {
53 this->setup();
54 }
55
56 void DYLDCacheRep::setup()
57 {
58 mSigningData = NULL;
59 if (mCache.totalSize() >= mCache.mapSize() + sizeof(BlobCore)) {
60 const EmbeddedSignatureBlob *blob = mCache.at<const EmbeddedSignatureBlob>((uint32_t)mCache.mapSize());
61 if (mCache.totalSize() >= mCache.mapSize() + blob->length()) // entire blob fits in file
62 mSigningData = blob;
63 }
64 CODESIGN_DISKREP_CREATE_SLC(this, (char*)this->mainExecutablePath().c_str());
65 }
66
67
68 //
69 // Sniffer function for "plausible shared library cache file".
70 //
71 bool DYLDCacheRep::candidate(FileDesc &fd)
72 {
73 return DYLDCache::validate(fd);
74 }
75
76
77 //
78 // Default to system page size for segmented (paged) signatures
79 //
80 size_t DYLDCacheRep::pageSize(const SigningContext &)
81 {
82 return segmentedPageSize;
83 }
84
85
86 //
87 // Signing limit is the start of the (trailing) signature
88 //
89 size_t DYLDCacheRep::signingLimit()
90 {
91 return mCache.mapSize();
92 }
93
94
95 //
96 // Retrieve a component from the executable.
97 // Our mCache has mapped the entire file, so we just fish the contents out of
98 // the mapped area as needed.
99 //
100 CFDataRef DYLDCacheRep::component(CodeDirectory::SpecialSlot slot)
101 {
102 return mSigningData ? mSigningData->component(slot) : NULL;
103 }
104
105
106 //
107 // Provide a (vaguely) human readable characterization of this code
108 //
109 string DYLDCacheRep::format()
110 {
111 if (const char *name = mCache.architecture().name()) {
112 char result[100];
113 snprintf(result, sizeof(result), "OS X Shared Library Cache (%s @ 0x%llx)",
114 name, mCache.baseAddress());
115 return result;
116 } else
117 return "OS X Shared Library Cache (unknown type)";
118 }
119
120
121 //
122 // DYLDCacheRep::Writers
123 //
124 DiskRep::Writer *DYLDCacheRep::writer()
125 {
126 return new Writer(this);
127 }
128
129
130 //
131 // Write a component.
132 //
133 void DYLDCacheRep::Writer::component(CodeDirectory::SpecialSlot slot, CFDataRef data)
134 {
135 EmbeddedSignatureBlob::Maker::component(slot, data);
136 }
137
138
139 //
140 // Append the superblob we built to the cache file.
141 //
142 void DYLDCacheRep::Writer::flush()
143 {
144 delete mSigningData; // ditch previous blob just in case
145 mSigningData = Maker::make(); // assemble new signature SuperBlob
146 fd().seek(rep->mCache.mapSize()); // end of impage proper
147 fd().writeAll(*mSigningData);
148 }
149
150
151 //
152 // The discretionary additions insert a Scatter vector describing the file's mapping table,
153 // and fills out the executable segment.
154 //
155 void DYLDCacheRep::Writer::addDiscretionary(CodeDirectory::Builder &builder)
156 {
157 bool execSegmentProcessed = false;
158
159 unsigned count = rep->mCache.mappingCount();
160 builder.scatter(count);
161 for (unsigned n = 0; n < count; n++) {
162 const DYLDCache::Mapping dmap = rep->mCache.mapping(n);
163 CodeDirectory::Scatter *scatter = builder.scatter() + n;
164 scatter->targetOffset = dmap.address();
165 scatter->base = (uint32_t)(dmap.offset() / segmentedPageSize);
166 assert(dmap.offset() % segmentedPageSize == 0);
167 scatter->count = (uint32_t)(dmap.size() / segmentedPageSize);
168 assert(dmap.size() % segmentedPageSize == 0);
169
170 if (dmap.maxProt() & VM_PROT_EXECUTE) {
171 if (execSegmentProcessed) {
172 CSError::throwMe(errSecMultipleExecSegments);
173 }
174
175 builder.execSeg(dmap.offset(), dmap.limit()-dmap.address(), 0);
176 }
177 }
178 }
179
180
181 } // end namespace CodeSigning
182 } // end namespace Security
mirror of Security