OSX/libsecurity_codesigning/lib/SecStaticCode.cpp

   1 /*
   2  * Copyright (c) 2006-2007,2011-2015 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // SecStaticCode - API frame for SecStaticCode objects
  26 //
  27 #include "cs.h"
  28 #include "StaticCode.h"
  29 #include <security_utilities/cfmunge.h>
  30 #include <security_utilities/logging.h>
  31 #include <fcntl.h>
  32 #include <dirent.h>
  33
  34 using namespace CodeSigning;
  35
  36
  37 //
  38 // CF-standard type code function
  39 //
  40 CFTypeID SecStaticCodeGetTypeID(void)
  41 {
  42         BEGIN_CSAPI
  43         return gCFObjects().StaticCode.typeID;
  44     END_CSAPI1(_kCFRuntimeNotATypeID)
  45 }
  46
  47
  48 //
  49 // Create an StaticCode directly from disk path.
  50 //
  51 OSStatus SecStaticCodeCreateWithPath(CFURLRef path, SecCSFlags flags, SecStaticCodeRef *staticCodeRef)
  52 {
  53         BEGIN_CSAPI
  54
  55         checkFlags(flags);
  56         CodeSigning::Required(staticCodeRef) = (new SecStaticCode(DiskRep::bestGuess(cfString(path).c_str())))->handle();
  57
  58         END_CSAPI
  59 }
  60
  61 const CFStringRef kSecCodeAttributeArchitecture =       CFSTR("architecture");
  62 const CFStringRef kSecCodeAttributeSubarchitecture =CFSTR("subarchitecture");
  63 const CFStringRef kSecCodeAttributeBundleVersion =      CFSTR("bundleversion");
  64 const CFStringRef kSecCodeAttributeUniversalFileOffset =        CFSTR("UniversalFileOffset");
  65
  66 OSStatus SecStaticCodeCreateWithPathAndAttributes(CFURLRef path, SecCSFlags flags, CFDictionaryRef attributes,
  67         SecStaticCodeRef *staticCodeRef)
  68 {
  69         BEGIN_CSAPI
  70
  71         checkFlags(flags);
  72         DiskRep::Context ctx;
  73         std::string version; // holds memory placed into ctx
  74         if (attributes) {
  75                 std::string archName;
  76                 int archNumber, subarchNumber, offset;
  77                 if (cfscan(attributes, "{%O=%d}", kSecCodeAttributeUniversalFileOffset, &offset)) {
  78                         ctx.offset = offset;
  79                 } else if (cfscan(attributes, "{%O=%s}", kSecCodeAttributeArchitecture, &archName)) {
  80                         ctx.arch = Architecture(archName.c_str());
  81                 } else if (cfscan(attributes, "{%O=%d,%O=%d}",
  82                                 kSecCodeAttributeArchitecture, &archNumber, kSecCodeAttributeSubarchitecture, &subarchNumber))
  83                         ctx.arch = Architecture(archNumber, subarchNumber);
  84                 else if (cfscan(attributes, "{%O=%d}", kSecCodeAttributeArchitecture, &archNumber))
  85                         ctx.arch = Architecture(archNumber);
  86                 if (cfscan(attributes, "{%O=%s}", kSecCodeAttributeBundleVersion, &version))
  87                         ctx.version = version.c_str();
  88         }
  89
  90         CodeSigning::Required(staticCodeRef) = (new SecStaticCode(DiskRep::bestGuess(cfString(path).c_str(), &ctx)))->handle();
  91
  92         END_CSAPI
  93 }
  94
  95
  96 //
  97 // Check static validity of a StaticCode
  98 //
  99 OSStatus SecStaticCodeCheckValidity(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
 100         SecRequirementRef requirementRef)
 101 {
 102         return SecStaticCodeCheckValidityWithErrors(staticCodeRef, flags, requirementRef, NULL);
 103 }
 104
 105 OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
 106         SecRequirementRef requirementRef, CFErrorRef *errors)
 107 {
 108         BEGIN_CSAPI
 109
 110         checkFlags(flags,
 111                   kSecCSReportProgress
 112                 | kSecCSCheckAllArchitectures
 113                 | kSecCSDoNotValidateExecutable
 114                 | kSecCSDoNotValidateResources
 115                 | kSecCSConsiderExpiration
 116                 | kSecCSEnforceRevocationChecks
 117                 | kSecCSNoNetworkAccess
 118                 | kSecCSCheckNestedCode
 119                 | kSecCSStrictValidate
 120                 | kSecCSRestrictSidebandData
 121                 | kSecCSCheckGatekeeperArchitectures
 122                 | kSecCSRestrictSymlinks
 123                 | kSecCSRestrictToAppLike
 124         | kSecCSUseSoftwareSigningCert
 125         );
 126
 127         if (errors)
 128                 flags |= kSecCSFullReport;      // internal-use flag
 129
 130         SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(staticCodeRef);
 131         code->setValidationFlags(flags);
 132         const SecRequirement *req = SecRequirement::optional(requirementRef);
 133         DTRACK(CODESIGN_EVAL_STATIC, code, (char*)code->mainExecutablePath().c_str());
 134         code->staticValidate(flags, req);
 135
 136 #if TARGET_OS_IPHONE
 137     // Everything checked out correctly but we need to make sure that when
 138     // we validated the code directory, we trusted the signer.  We defer this
 139     // until now because the caller may still trust the signer via a
 140     // provisioning profile so if we prematurely throw an error when validating
 141     // the directory, we potentially skip resource validation even though the
 142     // caller will go on to trust the signature
 143     // <rdar://problem/6075501> Applications that are validated against a provisioning profile do not have their resources checked
 144     if (code->trustedSigningCertChain() == false) {
 145         return CSError::cfError(errors, errSecCSSignatureUntrusted);
 146     }
 147 #endif
 148
 149
 150         END_CSAPI_ERRORS
 151 }
 152
 153
 154 //
 155 // ====================================================================================
 156 //
 157 // The following API functions are called SecCode* but accept both SecCodeRef and
 158 // SecStaticCodeRef arguments, operating on the implied SecStaticCodeRef as appropriate.
 159 // Hence they're here, rather than in SecCode.cpp.
 160 //
 161
 162
 163 //
 164 // Retrieve location information for an StaticCode.
 165 //
 166 OSStatus SecCodeCopyPath(SecStaticCodeRef staticCodeRef, SecCSFlags flags, CFURLRef *path)
 167 {
 168         BEGIN_CSAPI
 169
 170         checkFlags(flags);
 171         SecPointer<SecStaticCode> staticCode = SecStaticCode::requiredStatic(staticCodeRef);
 172         CodeSigning::Required(path) = staticCode->copyCanonicalPath();
 173
 174         END_CSAPI
 175 }
 176
 177
 178 //
 179 // Fetch or make up a designated requirement
 180 //
 181 OSStatus SecCodeCopyDesignatedRequirement(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
 182         SecRequirementRef *requirementRef)
 183 {
 184         BEGIN_CSAPI
 185
 186         checkFlags(flags);
 187         const Requirement *req =
 188                 SecStaticCode::requiredStatic(staticCodeRef)->designatedRequirement();
 189         CodeSigning::Required(requirementRef) = (new SecRequirement(req))->handle();
 190
 191         END_CSAPI
 192 }
 193
 194
 195 //
 196 // Fetch a particular internal requirement, if present
 197 //
 198 OSStatus SecCodeCopyInternalRequirement(SecStaticCodeRef staticCodeRef, SecRequirementType type,
 199         SecCSFlags flags, SecRequirementRef *requirementRef)
 200 {
 201         BEGIN_CSAPI
 202
 203         checkFlags(flags);
 204         const Requirement *req =
 205                 SecStaticCode::requiredStatic(staticCodeRef)->internalRequirement(type);
 206         CodeSigning::Required(requirementRef) = req ? (new SecRequirement(req))->handle() : NULL;
 207
 208         END_CSAPI
 209 }
 210
 211
 212 //
 213 // Record for future use a detached code signature.
 214 //
 215 OSStatus SecCodeSetDetachedSignature(SecStaticCodeRef codeRef, CFDataRef signature,
 216         SecCSFlags flags)
 217 {
 218         BEGIN_CSAPI
 219
 220         checkFlags(flags);
 221         SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
 222
 223         code->detachedSignature(signature); // ... and pass it to the code
 224         code->resetValidity();
 225
 226         END_CSAPI
 227 }
 228
 229
 230 //
 231 // Attach a code signature to a kernel memory mapping for page-in validation.
 232 //
 233 OSStatus SecCodeMapMemory(SecStaticCodeRef codeRef, SecCSFlags flags)
 234 {
 235         BEGIN_CSAPI
 236
 237         checkFlags(flags);
 238         SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
 239         if (const CodeDirectory *cd = code->codeDirectory(false)) {
 240                 fsignatures args = { static_cast<off_t>(code->diskRep()->signingBase()), (void *)cd, cd->length() };
 241                 UnixError::check(::fcntl(code->diskRep()->fd(), F_ADDSIGS, &args));
 242         } else
 243                 MacOSError::throwMe(errSecCSUnsigned);
 244
 245         END_CSAPI
 246 }
 247
 248
 249 //
 250 // Attach a callback block to a code object
 251 //
 252 OSStatus SecStaticCodeSetCallback(SecStaticCodeRef codeRef, SecCSFlags flags, SecCodeCallback *old, SecCodeCallback monitor)
 253 {
 254         BEGIN_CSAPI
 255
 256         checkFlags(flags);
 257         SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
 258         if (old)
 259                 *old = code->monitor();
 260         code->setMonitor(monitor);
 261
 262         END_CSAPI
 263 }
 264
 265
 266 OSStatus SecStaticCodeSetValidationConditions(SecStaticCodeRef codeRef, CFDictionaryRef conditions)
 267 {
 268         BEGIN_CSAPI
 269
 270         checkFlags(0);
 271         SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
 272         code->setValidationModifiers(conditions);
 273
 274         END_CSAPI
 275 }
 276
 277
 278 //
 279 // Set cancellation flag on a static code object.
 280 //
 281 OSStatus SecStaticCodeCancelValidation(SecStaticCodeRef codeRef, SecCSFlags flags)
 282 {
 283         BEGIN_CSAPI
 284
 285         checkFlags(0);
 286         SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
 287         code->cancelValidation();
 288
 289         END_CSAPI
 290 }
 291
 292
 293 //
 294 // Retrieve a component object for a special slot directly.
 295 //
 296 CFDataRef SecCodeCopyComponent(SecCodeRef codeRef, int slot, CFDataRef hash)
 297 {
 298         BEGIN_CSAPI
 299
 300         SecStaticCode* code = SecStaticCode::requiredStatic(codeRef);
 301         return code->copyComponent(slot, hash);
 302
 303         END_CSAPI1(NULL)
 304 }
 305
 306
 307 //
 308 // Validate a single plain file's resource seal against a memory copy.
 309 // This will fail for any other file type (symlink, directory, nested code, etc. etc.)
 310 //
 311 OSStatus SecCodeValidateFileResource(SecStaticCodeRef codeRef, CFStringRef relativePath, CFDataRef fileData, SecCSFlags flags)
 312 {
 313     BEGIN_CSAPI
 314
 315     checkFlags(0);
 316     if (fileData == NULL)
 317         MacOSError::throwMe(errSecCSObjectRequired);
 318     SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
 319     code->validatePlainMemoryResource(cfString(relativePath), fileData, flags);
 320
 321     END_CSAPI
 322
 323 }