Keychain/SecTrustedApplication.cpp

   1 /*
   2  * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18 #include <Security/SecTrustedApplicationPriv.h>
  19 #include <Security/TrustedApplication.h>
  20 #include <Security/ssclient.h>
  21
  22 #include "SecBridge.h"
  23
  24
  25 CFTypeID
  26 SecTrustedApplicationGetTypeID(void)
  27 {
  28         BEGIN_SECAPI
  29
  30         return gTypes().TrustedApplication.typeID;
  31
  32         END_SECAPI1(_kCFRuntimeNotATypeID)
  33 }
  34
  35
  36 OSStatus
  37 SecTrustedApplicationCreateFromPath(const char *path, SecTrustedApplicationRef *appRef)
  38 {
  39         BEGIN_SECAPI
  40         SecPointer<TrustedApplication> app =
  41                 path ? new TrustedApplication(path) : new TrustedApplication;
  42         Required(appRef) = app->handle();
  43         END_SECAPI
  44 }
  45
  46 /*!
  47  */
  48 OSStatus SecTrustedApplicationCopyData(SecTrustedApplicationRef appRef,
  49         CFDataRef *dataRef)
  50 {
  51         BEGIN_SECAPI
  52         const CssmData &data = TrustedApplication::required(appRef)->data();
  53         Required(dataRef) = CFDataCreate(NULL, (const UInt8 *)data.data(), data.length());
  54         END_SECAPI
  55 }
  56
  57 OSStatus SecTrustedApplicationSetData(SecTrustedApplicationRef appRef,
  58         CFDataRef dataRef)
  59 {
  60         BEGIN_SECAPI
  61         TrustedApplication::required(appRef)->data(cfData(dataRef));
  62         END_SECAPI
  63 }
  64
  65
  66 OSStatus
  67 SecTrustedApplicationValidateWithPath(SecTrustedApplicationRef appRef, const char *path)
  68 {
  69         BEGIN_SECAPI
  70         TrustedApplication &app = *TrustedApplication::required(appRef);
  71         if (!app.sameSignature(path ? path : app.path()))
  72                 return CSSMERR_CSP_VERIFY_FAILED;
  73         END_SECAPI
  74 }
  75
  76
  77 OSStatus
  78 SecTrustedApplicationMakeEquivalent(SecTrustedApplicationRef oldRef,
  79         SecTrustedApplicationRef newRef, UInt32 flags)
  80 {
  81         BEGIN_SECAPI
  82         if (flags & ~kSecApplicationValidFlags)
  83                 return paramErr;
  84         SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard());
  85         TrustedApplication *oldApp = TrustedApplication::required(oldRef);
  86         TrustedApplication *newApp = TrustedApplication::required(newRef);
  87         ss.addCodeEquivalence(oldApp->signature(), newApp->signature(), oldApp->path(),
  88                 flags & kSecApplicationFlagSystemwide);
  89         END_SECAPI
  90 }
  91
  92 OSStatus
  93 SecTrustedApplicationRemoveEquivalence(SecTrustedApplicationRef appRef, UInt32 flags)
  94 {
  95         BEGIN_SECAPI
  96         if (flags & ~kSecApplicationValidFlags)
  97                 return paramErr;
  98         SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard());
  99         TrustedApplication *app = TrustedApplication::required(appRef);
 100         ss.removeCodeEquivalence(app->signature(), app->path(),
 101                 flags & kSecApplicationFlagSystemwide);
 102         END_SECAPI
 103 }
 104
 105
 106 /*
 107  * Check to see if an application at a given path is a candidate for
 108  * pre-emptive code equivalency establishment
 109  */
 110 OSStatus
 111 SecTrustedApplicationIsUpdateCandidate(const char *installroot, const char *path)
 112 {
 113     BEGIN_SECAPI
 114
 115         // strip installroot
 116         if (installroot) {
 117                 size_t rootlen = strlen(installroot);
 118                 if (!strncmp(installroot, path, rootlen))
 119                         path += rootlen - 1;    // keep the slash
 120         }
 121
 122         // look up in database
 123         static ModuleNexus<PathDatabase> paths;
 124         if (!paths()[path])
 125                 return CSSMERR_DL_RECORD_NOT_FOUND;     // whatever
 126     END_SECAPI
 127 }
 128
 129
 130 /*
 131  * Point the system at another system root for equivalence use.
 132  * This is for system update installers (only)!
 133  */
 134 OSStatus
 135 SecTrustedApplicationUseAlternateSystem(const char *systemRoot)
 136 {
 137         BEGIN_SECAPI
 138         Required(systemRoot);
 139         SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard());
 140         ss.setAlternateSystemRoot(systemRoot);
 141         END_SECAPI
 142 }