]> git.saurik.com Git - apple/security.git/blob - libsecurity_codesigning/lib/xpcengine.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55179.1.tar.gz
[apple/security.git] / libsecurity_codesigning / lib / xpcengine.cpp
1 /*
2 * Copyright (c) 2011 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #include "xpcengine.h"
24 #include <xpc/connection.h>
25 #include <syslog.h>
26 #include <CoreFoundation/CoreFoundation.h>
27 #include <security_utilities/cfutilities.h>
28
29
30 namespace Security {
31 namespace CodeSigning {
32
33 static const char serviceName[] = "com.apple.security.syspolicy";
34
35
36 static dispatch_once_t dispatchInit; // one-time init marker
37 static xpc_connection_t service; // connection to spd
38 static dispatch_queue_t queue; // dispatch queue for service
39
40 static void init()
41 {
42 dispatch_once(&dispatchInit, ^void(void) {
43 const char *name = serviceName;
44 if (const char *env = getenv("SYSPOLICYNAME"))
45 name = env;
46 queue = dispatch_queue_create("spd-client", 0);
47 service = xpc_connection_create_mach_service(name, queue, XPC_CONNECTION_MACH_SERVICE_PRIVILEGED);
48 xpc_connection_set_event_handler(service, ^(xpc_object_t ev) {
49 });
50 xpc_connection_resume(service);
51 });
52 }
53
54
55 //
56 // Your standard XPC client-side machinery
57 //
58 class Message {
59 public:
60 xpc_object_t obj;
61
62 Message(const char *function)
63 {
64 init();
65 obj = xpc_dictionary_create(NULL, NULL, 0);
66 xpc_dictionary_set_string(obj, "function", function);
67 }
68 ~Message()
69 {
70 if (obj)
71 xpc_release(obj);
72 }
73 operator xpc_object_t () { return obj; }
74
75 void send()
76 {
77 xpc_object_t reply = xpc_connection_send_message_with_reply_sync(service, obj);
78 xpc_release(obj);
79 obj = NULL;
80 xpc_type_t type = xpc_get_type(reply);
81 if (type == XPC_TYPE_DICTIONARY) {
82 obj = reply;
83 if (int64_t error = xpc_dictionary_get_int64(obj, "error"))
84 MacOSError::throwMe(error);
85 } else if (type == XPC_TYPE_ERROR) {
86 const char *s = xpc_copy_description(reply);
87 printf("Error returned: %s\n", s);
88 free((char*)s);
89 MacOSError::throwMe(errSecCSInternalError);
90 } else {
91 const char *s = xpc_copy_description(reply);
92 printf("Unexpected type of return object: %s\n", s);
93 free((char*)s);
94 }
95 }
96 };
97
98
99
100 static void copyCFDictionary(const void *key, const void *value, void *ctx)
101 {
102 CFMutableDictionaryRef target = CFMutableDictionaryRef(ctx);
103 if (CFEqual(key, kSecAssessmentContextKeyCertificates)) // obsolete
104 return;
105 if (CFGetTypeID(value) == CFURLGetTypeID()) {
106 CFRef<CFStringRef> path = CFURLCopyFileSystemPath(CFURLRef(value), kCFURLPOSIXPathStyle);
107 CFDictionaryAddValue(target, key, path);
108 } else {
109 CFDictionaryAddValue(target, key, value);
110 }
111 }
112
113 void xpcEngineAssess(CFURLRef path, uint flags, CFDictionaryRef context, CFMutableDictionaryRef result)
114 {
115 Message msg("assess");
116 xpc_dictionary_set_string(msg, "path", cfString(path).c_str());
117 xpc_dictionary_set_int64(msg, "flags", flags);
118 CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary();
119 if (context)
120 CFDictionaryApplyFunction(context, copyCFDictionary, ctx);
121 CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx));
122 xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData));
123
124 msg.send();
125
126 if (int64_t error = xpc_dictionary_get_int64(msg, "error"))
127 MacOSError::throwMe(error);
128
129 size_t resultLength;
130 const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength);
131 CFRef<CFDictionaryRef> resultDict = makeCFDictionaryFrom(resultData, resultLength);
132 CFDictionaryApplyFunction(resultDict, copyCFDictionary, result);
133 CFDictionaryAddValue(result, CFSTR("assessment:remote"), kCFBooleanTrue);
134 }
135
136
137 CFDictionaryRef xpcEngineUpdate(CFTypeRef target, uint flags, CFDictionaryRef context)
138 {
139 Message msg("update");
140 // target can be NULL, a CFURLRef, a SecRequirementRef, or a CFNumberRef
141 if (target) {
142 if (CFGetTypeID(target) == CFNumberGetTypeID())
143 xpc_dictionary_set_uint64(msg, "rule", cfNumber<int64_t>(CFNumberRef(target)));
144 else if (CFGetTypeID(target) == CFURLGetTypeID())
145 xpc_dictionary_set_string(msg, "url", cfString(CFURLRef(target)).c_str());
146 else if (CFGetTypeID(target) == SecRequirementGetTypeID()) {
147 CFRef<CFDataRef> data;
148 MacOSError::check(SecRequirementCopyData(SecRequirementRef(target), kSecCSDefaultFlags, &data.aref()));
149 xpc_dictionary_set_data(msg, "requirement", CFDataGetBytePtr(data), CFDataGetLength(data));
150 } else
151 MacOSError::throwMe(errSecCSInvalidObjectRef);
152 }
153 xpc_dictionary_set_int64(msg, "flags", flags);
154 CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary();
155 if (context)
156 CFDictionaryApplyFunction(context, copyCFDictionary, ctx);
157 AuthorizationRef localAuthorization = NULL;
158 if (CFDictionaryGetValue(ctx, kSecAssessmentUpdateKeyAuthorization) == NULL) { // no caller-provided authorization
159 MacOSError::check(AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &localAuthorization));
160 AuthorizationExternalForm extForm;
161 MacOSError::check(AuthorizationMakeExternalForm(localAuthorization, &extForm));
162 CFDictionaryAddValue(ctx, kSecAssessmentUpdateKeyAuthorization, CFTempData(&extForm, sizeof(extForm)));
163 }
164 CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx));
165 xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData));
166
167 msg.send();
168
169 if (localAuthorization)
170 AuthorizationFree(localAuthorization, kAuthorizationFlagDefaults);
171
172 if (int64_t error = xpc_dictionary_get_int64(msg, "error"))
173 MacOSError::throwMe(error);
174
175 size_t resultLength;
176 const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength);
177 return makeCFDictionaryFrom(resultData, resultLength);
178 }
179
180
181 bool xpcEngineControl(const char *control)
182 {
183 Message msg("control");
184 xpc_dictionary_set_string(msg, "control", control);
185 msg.send();
186 return true;
187 }
188
189
190 } // end namespace CodeSigning
191 } // end namespace Security
mirror of Security