]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/csprocess.cpp
Security-58286.230.21.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / csprocess.cpp
1 /*
2 * Copyright (c) 2006,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // csprocess - UNIX process implementation of the Code Signing Host Interface
26 //
27 #include "csprocess.h"
28 #include "cskernel.h"
29 #include <securityd_client/ssclient.h>
30 #include <System/sys/codesign.h>
31
32 namespace Security {
33 namespace CodeSigning {
34
35
36 //
37 // Construct a running process representation
38 //
39 ProcessCode::ProcessCode(pid_t pid, const audit_token_t* token, PidDiskRep *pidDiskRep /*= NULL */)
40 : GenericCode(KernelCode::active()), mPid(pid), mPidBased(pidDiskRep)
41 {
42 if (token)
43 mAudit = new audit_token_t(*token);
44 else
45 mAudit = NULL;
46 }
47
48
49 mach_port_t ProcessCode::getHostingPort()
50 {
51 return SecurityServer::ClientSession().hostingPort(pid());
52 }
53
54
55 int ProcessCode::csops(unsigned int ops, void *addr, size_t size)
56 {
57 // pass pid and audit token both if we have it, or just the pid if we don't
58 if (mAudit)
59 return ::csops_audittoken(mPid, ops, addr, size, mAudit);
60 else
61 return ::csops(mPid, ops, addr, size);
62 }
63
64
65 /*
66 *
67 */
68
69 ProcessDynamicCode::ProcessDynamicCode(ProcessCode *guest)
70 : SecStaticCode(guest->pidBased()), mGuest(guest)
71 {
72 }
73
74 CFDataRef ProcessDynamicCode::component(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)
75 {
76 if (slot == cdInfoSlot && !mGuest->pidBased()->supportInfoPlist())
77 return NULL;
78 else if (slot == cdResourceDirSlot)
79 return NULL;
80 return SecStaticCode::component(slot, fail);
81 }
82
83 CFDictionaryRef ProcessDynamicCode::infoDictionary()
84 {
85 if (mGuest->pidBased()->supportInfoPlist())
86 return SecStaticCode::infoDictionary();
87 if (!mEmptyInfoDict) {
88 mEmptyInfoDict.take(makeCFDictionary(0));
89 }
90 return mEmptyInfoDict;
91 }
92
93 void ProcessDynamicCode::validateComponent(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)
94 {
95 if (slot == cdInfoSlot && !mGuest->pidBased()->supportInfoPlist())
96 return;
97 else if (slot == cdResourceDirSlot)
98 return;
99 SecStaticCode::validateComponent(slot, fail);
100 }
101
102
103
104 } // CodeSigning
105 } // Security