]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/CodeSigningHelper/main.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.51.3.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / CodeSigningHelper / main.cpp
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #include <Security/CodeSigning.h>
24 #include <Security/SecCodePriv.h>
25 #include <xpc/xpc.h>
26 #include <sandbox.h>
27 #include <security_utilities/cfutilities.h>
28 #include <security_utilities/cfmunge.h>
29 #include <security_utilities/logging.h>
30 #include "codedirectory.h"
31
32
33
34 static void
35 request(xpc_connection_t peer, xpc_object_t event)
36 {
37 OSStatus rc;
38
39 pid_t pid = (pid_t)xpc_dictionary_get_int64(event, "pid");
40 if (pid <= 0)
41 return;
42
43 xpc_object_t reply = xpc_dictionary_create_reply(event);
44 if (reply == NULL)
45 return;
46
47 CFTemp<CFDictionaryRef> attributes("{%O=%d}", kSecGuestAttributePid, pid);
48 CFRef<SecCodeRef> code;
49 if ((rc = SecCodeCopyGuestWithAttributes(NULL, attributes, kSecCSDefaultFlags, &code.aref())) == noErr) {
50
51 // path to base of client code
52 CFRef<CFURLRef> codePath;
53 if ((rc = SecCodeCopyPath(code, kSecCSDefaultFlags, &codePath.aref())) == noErr) {
54 CFRef<CFDataRef> data = CFURLCreateData(NULL, codePath, kCFStringEncodingUTF8, true);
55 xpc_dictionary_set_data(reply, "bundleURL", CFDataGetBytePtr(data), CFDataGetLength(data));
56 }
57
58 // if the caller wants the Info.plist, get it and verify the hash passed by the caller
59 size_t iphLength;
60 if (const void *iphash = xpc_dictionary_get_data(event, "infohash", &iphLength)) {
61 if (CFRef<CFDataRef> data = SecCodeCopyComponent(code, Security::CodeSigning::cdInfoSlot, CFTempData(iphash, iphLength))) {
62 xpc_dictionary_set_data(reply, "infoPlist", CFDataGetBytePtr(data), CFDataGetLength(data));
63 }
64 }
65 }
66 xpc_connection_send_message(peer, reply);
67 xpc_release(reply);
68 }
69
70
71 static void CodeSigningHelper_peer_event_handler(xpc_connection_t peer, xpc_object_t event)
72 {
73 xpc_type_t type = xpc_get_type(event);
74 if (type == XPC_TYPE_ERROR)
75 return;
76
77 assert(type == XPC_TYPE_DICTIONARY);
78
79 const char *cmd = xpc_dictionary_get_string(event, "command");
80 if (cmd == NULL) {
81 xpc_connection_cancel(peer);
82 } else if (strcmp(cmd, "fetchData") == 0)
83 request(peer, event);
84 else {
85 Syslog::error("peer sent invalid command %s", cmd);
86 xpc_connection_cancel(peer);
87 }
88 }
89
90
91 static void CodeSigningHelper_event_handler(xpc_connection_t peer)
92 {
93 xpc_connection_set_event_handler(peer, ^(xpc_object_t event) {
94 CodeSigningHelper_peer_event_handler(peer, event);
95 });
96 xpc_connection_resume(peer);
97 }
98
99 int main(int argc, const char *argv[])
100 {
101 char *error = NULL;
102 if (sandbox_init("com.apple.CodeSigningHelper", SANDBOX_NAMED, &error)) {
103 Syslog::error("failed to enter sandbox: %s", error);
104 exit(EXIT_FAILURE);
105 }
106 xpc_main(CodeSigningHelper_event_handler);
107 return 0;
108 }
mirror of Security