OSX/libsecurity_codesigning/lib/policydb.h

   1 /*
   2  * Copyright (c) 2011-2013 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23 #ifndef _H_POLICYDB
  24 #define _H_POLICYDB
  25
  26 #include "SecAssessment.h"
  27 #include <security_utilities/globalizer.h>
  28 #include <security_utilities/hashing.h>
  29 #include <security_utilities/sqlite++.h>
  30 #include <CoreFoundation/CoreFoundation.h>
  31
  32 namespace Security {
  33 namespace CodeSigning {
  34
  35
  36 namespace SQLite = SQLite3;
  37
  38
  39 static const char defaultDatabase[] = "/var/db/SystemPolicy";
  40 static const char visibleSecurityFlagFile[] = "/var/db/.sp_visible"; /* old duchess/emir style configration */
  41 static const char prefsFile[] = "/var/db/SystemPolicy-prefs.plist";
  42 static const char lastRejectFile[] = "/var/db/.LastGKReject";
  43 static const char lastApprovedFile[] = "/var/db/.LastGKApp";
  44 static const char rearmTimerFile[] = "/var/db/.GKRearmTimer";
  45
  46 static const char gkeAuthFile[] = "/var/db/gke.auth";
  47 static const char gkeSigsFile[] = "/var/db/gke.sigs";
  48 static const unsigned int gkeCheckInterval = 60;        // seconds
  49
  50
  51 //
  52 // We use Julian dates in the database, because SQLite understands them well and they convert easily to/from CFAbsoluteTime
  53 //
  54 static const double never = 5000000;    // canonical "never" julian date (an arbitrary point in the year 8977)
  55 static const double julianBase = 2451910.5;     // julian date of CFAbsoluteTime epoch
  56
  57 static inline double dateToJulian(CFDateRef time)
  58 { return CFDateGetAbsoluteTime(time) / 86400.0 + julianBase; }
  59
  60 static inline CFDateRef julianToDate(double julian)
  61 { return CFDateCreate(NULL, (julian - julianBase) * 86400); }
  62
  63
  64 typedef SHA1::SDigest ObjectHash;
  65
  66
  67 typedef uint AuthorityType;
  68 enum {
  69         kAuthorityInvalid = 0,                          // not a valid authority type
  70         kAuthorityExecute = 1,                          // authorizes launch and execution
  71         kAuthorityInstall = 2,                          // authorizes installation
  72         kAuthorityOpenDoc = 3,                          // authorizes opening of documents
  73 };
  74
  75
  76 //
  77 // Defined flags for authority flags column
  78 //
  79 enum {
  80         kAuthorityFlagVirtual = 0x0001, // virtual rule (anchoring object records)
  81         kAuthorityFlagDefault = 0x0002, // rule is part of the original default set
  82         kAuthorityFlagInhibitCache = 0x0004, // never cache outcome of this rule
  83         kAuthorityFlagWhitelist = 0x1000,       // whitelist override
  84         kAuthorityFlagWhitelistV2 = 0x2000, // apply "deep" signature to this record
  85         kAuthorityFlagWhitelistSHA256 = 0x4000, // use SHA256 signature
  86 };
  87
  88
  89 //
  90 // Mapping/translation to/from API space
  91 //
  92 AuthorityType typeFor(CFDictionaryRef context, AuthorityType type = kAuthorityInvalid);
  93 CFStringRef typeNameFor(AuthorityType type)
  94     CF_RETURNS_RETAINED;
  95
  96
  97 //
  98 // An open policy database.
  99 // Usually read-only, but can be opened for write by privileged callers.
 100 // This is a translucent wrapper around SQLite::Database; the caller
 101 // is expected to work with statement rows.
 102 //
 103 class PolicyDatabase : public SQLite::Database {
 104 public:
 105         PolicyDatabase(const char *path = NULL, int flags = SQLITE_OPEN_READONLY);
 106         virtual ~PolicyDatabase();
 107
 108 public:
 109         bool checkCache(CFURLRef path, AuthorityType type, SecAssessmentFlags flags, CFMutableDictionaryRef result);
 110
 111 public:
 112         void purgeAuthority();
 113         void purgeObjects();
 114         void purgeObjects(double priority);//
 115
 116         void upgradeDatabase();
 117         std::string featureLevel(const char *feature);
 118         bool hasFeature(const char *feature) { return !featureLevel(feature).empty(); }
 119         void addFeature(const char *feature, const char *value, const char *remarks);
 120         void simpleFeature(const char *feature, const char *sql);
 121         void simpleFeature(const char *feature, void (^perform)());
 122
 123         void installExplicitSet(const char *auth, const char *sigs);
 124
 125 private:
 126         time_t mLastExplicitCheck;
 127 };
 128
 129
 130 //
 131 // Check the system-wide overriding flag file
 132 //
 133 bool overrideAssessment(SecAssessmentFlags flags = 0);
 134 void setAssessment(bool masterSwitch);
 135
 136
 137 //
 138 // Reset or query the automatic rearm timer
 139 //
 140 void resetRearmTimer(const char *event);
 141 bool queryRearmTimer(CFTimeInterval &delta);
 142
 143 } // end namespace CodeSigning
 144 } // end namespace Security
 145
 146 #endif //_H_POLICYDB