OSX/libsecurity_codesigning/lib/dirscanner.h

   1 /*
   2  * Copyright (c) 2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #ifndef _H_DIRSCANNER
  25 #define _H_DIRSCANNER
  26
  27 #include "resources.h"
  28 #include <dirent.h>
  29 #include <fts.h>
  30 #include <security_utilities/cfutilities.h>
  31
  32 namespace Security {
  33 namespace CodeSigning {
  34
  35
  36 class DirScanner {
  37 public:
  38         DirScanner(const char *path);
  39         DirScanner(string path);
  40         ~DirScanner();
  41
  42         struct dirent *getNext();       // gets the next item out of this DirScanner
  43         bool initialized();                     // returns false if the constructor failed to initialize the dirent
  44
  45         void unlink(const struct dirent* ent, int flags);
  46         bool isRegularFile(dirent* dp);
  47
  48 private:
  49         string path;
  50         DIR *dp = NULL;
  51         struct dirent entBuffer;
  52         void initialize();
  53         bool init;
  54 };
  55
  56
  57 class DirValidator {
  58 public:
  59         DirValidator() : mRequireCount(0) { }
  60         ~DirValidator();
  61
  62         enum {
  63                 file = 0x01,
  64                 directory = 0x02,
  65                 symlink = 0x04,
  66                 noexec = 0x08,
  67                 required = 0x10,
  68                 descend = 0x20,
  69         };
  70
  71         typedef std::string (^TargetPatternBuilder)(const std::string &name, const std::string &target);
  72
  73 private:
  74         class Rule : public ResourceBuilder::Rule {
  75         public:
  76                 Rule(const std::string &pattern, uint32_t flags, TargetPatternBuilder targetBlock);
  77                 ~Rule();
  78
  79                 bool matchTarget(const char *path, const char *target) const;
  80
  81         private:
  82                 TargetPatternBuilder mTargetBlock;
  83         };
  84         void addRule(Rule *rule) { mRules.push_back(rule); }
  85
  86         class FTS {
  87         public:
  88                 FTS(const std::string &path, int options = FTS_PHYSICAL | FTS_COMFOLLOW | FTS_NOCHDIR);
  89                 ~FTS();
  90
  91                 operator ::FTS* () const { return mFTS; }
  92
  93         private:
  94                 ::FTS *mFTS;
  95         };
  96
  97 public:
  98         void allow(const std::string &namePattern, uint32_t flags, TargetPatternBuilder targetBlock = NULL)
  99         { addRule(new Rule(namePattern, flags, targetBlock)); }
 100         void require(const std::string &namePattern, uint32_t flags, TargetPatternBuilder targetBlock = NULL)
 101         { addRule(new Rule(namePattern, flags | required, targetBlock)); mRequireCount++; }
 102
 103         void allow(const std::string &namePattern, uint32_t flags, std::string targetPattern)
 104         { allow(namePattern, flags, ^ string (const std::string &name, const std::string &target) { return targetPattern; }); }
 105         void require(const std::string &namePattern, uint32_t flags, std::string targetPattern)
 106         { require(namePattern, flags, ^ string (const std::string &name, const std::string &target) { return targetPattern; }); }
 107
 108         void validate(const std::string &root, OSStatus error);
 109
 110 private:
 111         Rule * match(const char *relpath, uint32_t flags, bool executable, const char *target = NULL);
 112
 113 private:
 114         typedef std::vector<Rule *> Rules;
 115         Rules mRules;
 116         int mRequireCount;
 117 };
 118
 119
 120 } // end namespace CodeSigning
 121 } // end namespace Security
 122
 123 #endif // !_H_DIRSCANNER