SecurityTool/translocate.c

   1 /*
   2  * Copyright (c) 2016 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include <stdio.h>
  25 #include <dirent.h>
  26
  27 #include <CoreFoundation/CoreFoundation.h>
  28
  29 #include <Security/SecTranslocate.h>
  30
  31 #include "translocate.h"
  32
  33 static CFURLRef CFURLfromPath(const char * path, Boolean isDir)
  34 {
  35     return CFURLCreateFromFileSystemRepresentation(NULL, (UInt8*)path, strlen(path), isDir);
  36 }
  37
  38 static char * PathFromCFURL(CFURLRef url)
  39 {
  40     char* path = malloc(PATH_MAX);
  41
  42     if (!path)
  43     {
  44         goto done;
  45     }
  46
  47     if (!CFURLGetFileSystemRepresentation(url, true, (UInt8*)path, PATH_MAX))
  48     {
  49         free(path);
  50         path = NULL;
  51     }
  52
  53 done:
  54     return path;
  55 }
  56
  57 static Boolean PathIsDir(const char * path)
  58 {
  59     Boolean result = false;
  60
  61     if(!path)
  62     {
  63         goto done;
  64     }
  65
  66     DIR* d = opendir(path);
  67
  68     if(d)
  69     {
  70         result = true;
  71         closedir(d);
  72     }
  73
  74 done:
  75     return result;
  76 }
  77
  78 static void SafeCFRelease(CFTypeRef ref)
  79 {
  80     if (ref)
  81     {
  82         CFRelease(ref);
  83     }
  84 }
  85
  86 /* return 2 = bad args, anything else is ignored */
  87
  88 int translocate_create(int argc, char * const *argv)
  89 {
  90     int result = -1;
  91
  92     if (argc != 2)
  93     {
  94         return 2;
  95     }
  96
  97     CFURLRef inUrl = CFURLfromPath(argv[1], PathIsDir(argv[1]));
  98     CFURLRef outUrl = NULL;
  99     CFErrorRef error = NULL;
 100     char* outPath = NULL;
 101
 102     if(!inUrl)
 103     {
 104         printf("Error: failed to create url for: %s\n", argv[1]);
 105         goto done;
 106     }
 107
 108     outUrl = SecTranslocateCreateSecureDirectoryForURL(inUrl, NULL, &error);
 109
 110     if (!outUrl)
 111     {
 112         int err = (int)CFErrorGetCode(error);
 113         printf("Error: failed while trying to translocate %s (errno: %d, %s)\n", argv[1], err, strerror(err));
 114         goto done;
 115     }
 116
 117     outPath = PathFromCFURL(outUrl);
 118
 119     if( !outPath )
 120     {
 121         printf("Error: failed to convert out url to string for %s\n", argv[1]);
 122         goto done;
 123     }
 124
 125     printf("Translocation point: (note if this is what you passed in then that path should not be translocated)\n\t%s\n",outPath);
 126
 127     free(outPath);
 128     result = 0;
 129
 130 done:
 131     SafeCFRelease(inUrl);
 132     SafeCFRelease(outUrl);
 133     SafeCFRelease(error);
 134
 135     return result;
 136 }
 137
 138 int translocate_policy(int argc, char * const *argv)
 139 {
 140     int result = -1;
 141
 142     if (argc != 2)
 143     {
 144         return 2;
 145     }
 146
 147     CFURLRef inUrl = CFURLfromPath(argv[1], PathIsDir(argv[1]));
 148     bool should = false;
 149     CFErrorRef error = NULL;
 150
 151     if(!inUrl)
 152     {
 153         printf("Error: failed to create url for: %s\n", argv[1]);
 154         goto done;
 155     }
 156
 157     if (!SecTranslocateURLShouldRunTranslocated(inUrl, &should, &error))
 158     {
 159         int err = (int)CFErrorGetCode(error);
 160         printf("Error: failed while trying to check policy for %s (errno: %d, %s)\n", argv[1], err, strerror(err));
 161         goto done;
 162     }
 163
 164     printf("\t%s\n", should ? "Would translocate": "Would not translocate");
 165
 166     result = 0;
 167
 168 done:
 169     SafeCFRelease(inUrl);
 170     SafeCFRelease(error);
 171
 172     return result;
 173 }
 174
 175 int translocate_check(int argc, char * const *argv)
 176 {
 177     int result = -1;
 178
 179     if (argc != 2)
 180     {
 181         return 2;
 182     }
 183
 184     CFURLRef inUrl = CFURLfromPath(argv[1], PathIsDir(argv[1]));
 185     bool is = false;
 186     CFErrorRef error = NULL;
 187
 188     if(!inUrl)
 189     {
 190         printf("Error: failed to create url for: %s\n", argv[1]);
 191         goto done;
 192     }
 193
 194     if (!SecTranslocateIsTranslocatedURL(inUrl, &is, &error))
 195     {
 196         int err = (int)CFErrorGetCode(error);
 197         printf("Error: failed while trying to check status for %s (errno: %d, %s)\n", argv[1], err, strerror(err));
 198         goto done;
 199     }
 200
 201     printf("\t%s\n", is ? "TRANSLOCATED": "NOT TRANSLOCATED");
 202
 203     result = 0;
 204
 205 done:
 206     SafeCFRelease(inUrl);
 207     SafeCFRelease(error);
 208
 209     return result;
 210 }
 211
 212 int translocate_original_path(int argc, char * const * argv)
 213 {
 214     int result = -1;
 215
 216     if (argc != 2)
 217     {
 218         return 2;
 219     }
 220
 221     CFURLRef inUrl = CFURLfromPath(argv[1], PathIsDir(argv[1]));
 222     CFURLRef outUrl = NULL;
 223     CFErrorRef error = NULL;
 224     char* outPath = NULL;
 225
 226     if(!inUrl)
 227     {
 228         printf("Error: failed to create url for: %s\n", argv[1]);
 229         goto done;
 230     }
 231
 232     outUrl = SecTranslocateCreateOriginalPathForURL(inUrl, &error);
 233
 234     if (!outUrl)
 235     {
 236         int err = (int)CFErrorGetCode(error);
 237         printf("Error: failed while trying to find original path for %s (errno: %d, %s)\n", argv[1], err, strerror(err));
 238         goto done;
 239     }
 240
 241     outPath = PathFromCFURL(outUrl);
 242
 243     if( !outPath )
 244     {
 245         printf("Error: failed to convert out url to string for %s\n", argv[1]);
 246         goto done;
 247     }
 248
 249     printf("Original Path: (note if this is what you passed in then that path is not translocated)\n\t%s\n",outPath);
 250
 251     free(outPath);
 252     result = 0;
 253
 254 done:
 255     SafeCFRelease(inUrl);
 256     SafeCFRelease(outUrl);
 257     SafeCFRelease(error);
 258
 259     return result;
 260 }
 261