OSX/libsecurity_codesigning/lib/SecStaticCode.cpp

   1 /*
   2  * Copyright (c) 2006-2007,2011-2015 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // SecStaticCode - API frame for SecStaticCode objects
  26 //
  27 #include "cs.h"
  28 #include "StaticCode.h"
  29 #include <security_utilities/cfmunge.h>
  30 #include <security_utilities/logging.h>
  31 #include <fcntl.h>
  32 #include <dirent.h>
  33
  34 using namespace CodeSigning;
  35
  36
  37 //
  38 // CF-standard type code function
  39 //
  40 CFTypeID SecStaticCodeGetTypeID(void)
  41 {
  42         BEGIN_CSAPI
  43         return gCFObjects().StaticCode.typeID;
  44     END_CSAPI1(_kCFRuntimeNotATypeID)
  45 }
  46
  47
  48 //
  49 // Create an StaticCode directly from disk path.
  50 //
  51 OSStatus SecStaticCodeCreateWithPath(CFURLRef path, SecCSFlags flags, SecStaticCodeRef *staticCodeRef)
  52 {
  53         BEGIN_CSAPI
  54
  55         checkFlags(flags);
  56         CodeSigning::Required(staticCodeRef) = (new SecStaticCode(DiskRep::bestGuess(cfString(path).c_str())))->handle();
  57
  58         END_CSAPI
  59 }
  60
  61 const CFStringRef kSecCodeAttributeArchitecture =       CFSTR("architecture");
  62 const CFStringRef kSecCodeAttributeSubarchitecture =CFSTR("subarchitecture");
  63 const CFStringRef kSecCodeAttributeBundleVersion =      CFSTR("bundleversion");
  64 const CFStringRef kSecCodeAttributeUniversalFileOffset =        CFSTR("UniversalFileOffset");
  65
  66 OSStatus SecStaticCodeCreateWithPathAndAttributes(CFURLRef path, SecCSFlags flags, CFDictionaryRef attributes,
  67         SecStaticCodeRef *staticCodeRef)
  68 {
  69         BEGIN_CSAPI
  70
  71         checkFlags(flags);
  72         DiskRep::Context ctx;
  73         std::string version; // holds memory placed into ctx
  74         if (attributes) {
  75                 std::string archName;
  76                 int archNumber, subarchNumber, offset;
  77                 if (cfscan(attributes, "{%O=%d}", kSecCodeAttributeUniversalFileOffset, &offset)) {
  78                         ctx.offset = offset;
  79                 } else if (cfscan(attributes, "{%O=%s}", kSecCodeAttributeArchitecture, &archName)) {
  80                         ctx.arch = Architecture(archName.c_str());
  81                 } else if (cfscan(attributes, "{%O=%d,%O=%d}",
  82                                 kSecCodeAttributeArchitecture, &archNumber, kSecCodeAttributeSubarchitecture, &subarchNumber))
  83                         ctx.arch = Architecture(archNumber, subarchNumber);
  84                 else if (cfscan(attributes, "{%O=%d}", kSecCodeAttributeArchitecture, &archNumber))
  85                         ctx.arch = Architecture(archNumber);
  86                 if (cfscan(attributes, "{%O=%s}", kSecCodeAttributeBundleVersion, &version))
  87                         ctx.version = version.c_str();
  88         }
  89
  90         CodeSigning::Required(staticCodeRef) = (new SecStaticCode(DiskRep::bestGuess(cfString(path).c_str(), &ctx)))->handle();
  91
  92         END_CSAPI
  93 }
  94
  95
  96 //
  97 // Check static validity of a StaticCode
  98 //
  99 OSStatus SecStaticCodeCheckValidity(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
 100         SecRequirementRef requirementRef)
 101 {
 102         return SecStaticCodeCheckValidityWithErrors(staticCodeRef, flags, requirementRef, NULL);
 103 }
 104
 105 OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
 106         SecRequirementRef requirementRef, CFErrorRef *errors)
 107 {
 108         BEGIN_CSAPI
 109
 110         checkFlags(flags,
 111                   kSecCSReportProgress
 112                 | kSecCSCheckAllArchitectures
 113                 | kSecCSDoNotValidateExecutable
 114                 | kSecCSDoNotValidateResources
 115                 | kSecCSConsiderExpiration
 116                 | kSecCSEnforceRevocationChecks
 117                 | kSecCSNoNetworkAccess
 118                 | kSecCSCheckNestedCode
 119                 | kSecCSStrictValidate
 120                 | kSecCSRestrictSidebandData
 121                 | kSecCSCheckGatekeeperArchitectures
 122                 | kSecCSRestrictSymlinks
 123                 | kSecCSRestrictToAppLike
 124         | kSecCSUseSoftwareSigningCert
 125             | kSecCSValidatePEH
 126         );
 127
 128         if (errors)
 129                 flags |= kSecCSFullReport;      // internal-use flag
 130
 131         SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(staticCodeRef);
 132         code->setValidationFlags(flags);
 133         const SecRequirement *req = SecRequirement::optional(requirementRef);
 134         DTRACK(CODESIGN_EVAL_STATIC, code, (char*)code->mainExecutablePath().c_str());
 135         code->staticValidate(flags, req);
 136
 137 #if TARGET_OS_IPHONE
 138     // Everything checked out correctly but we need to make sure that when
 139     // we validated the code directory, we trusted the signer.  We defer this
 140     // until now because the caller may still trust the signer via a
 141     // provisioning profile so if we prematurely throw an error when validating
 142     // the directory, we potentially skip resource validation even though the
 143     // caller will go on to trust the signature
 144     // <rdar://problem/6075501> Applications that are validated against a provisioning profile do not have their resources checked
 145     if (code->trustedSigningCertChain() == false) {
 146         return CSError::cfError(errors, errSecCSSignatureUntrusted);
 147     }
 148 #endif
 149
 150
 151         END_CSAPI_ERRORS
 152 }
 153
 154
 155 //
 156 // ====================================================================================
 157 //
 158 // The following API functions are called SecCode* but accept both SecCodeRef and
 159 // SecStaticCodeRef arguments, operating on the implied SecStaticCodeRef as appropriate.
 160 // Hence they're here, rather than in SecCode.cpp.
 161 //
 162
 163
 164 //
 165 // Retrieve location information for an StaticCode.
 166 //
 167 OSStatus SecCodeCopyPath(SecStaticCodeRef staticCodeRef, SecCSFlags flags, CFURLRef *path)
 168 {
 169         BEGIN_CSAPI
 170
 171         checkFlags(flags);
 172         SecPointer<SecStaticCode> staticCode = SecStaticCode::requiredStatic(staticCodeRef);
 173         CodeSigning::Required(path) = staticCode->copyCanonicalPath();
 174
 175         END_CSAPI
 176 }
 177
 178
 179 //
 180 // Fetch or make up a designated requirement
 181 //
 182 OSStatus SecCodeCopyDesignatedRequirement(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
 183         SecRequirementRef *requirementRef)
 184 {
 185         BEGIN_CSAPI
 186
 187         checkFlags(flags);
 188         const Requirement *req =
 189                 SecStaticCode::requiredStatic(staticCodeRef)->designatedRequirement();
 190         CodeSigning::Required(requirementRef) = (new SecRequirement(req))->handle();
 191
 192         END_CSAPI
 193 }
 194
 195
 196 //
 197 // Fetch a particular internal requirement, if present
 198 //
 199 OSStatus SecCodeCopyInternalRequirement(SecStaticCodeRef staticCodeRef, SecRequirementType type,
 200         SecCSFlags flags, SecRequirementRef *requirementRef)
 201 {
 202         BEGIN_CSAPI
 203
 204         checkFlags(flags);
 205         const Requirement *req =
 206                 SecStaticCode::requiredStatic(staticCodeRef)->internalRequirement(type);
 207         CodeSigning::Required(requirementRef) = req ? (new SecRequirement(req))->handle() : NULL;
 208
 209         END_CSAPI
 210 }
 211
 212
 213 //
 214 // Record for future use a detached code signature.
 215 //
 216 OSStatus SecCodeSetDetachedSignature(SecStaticCodeRef codeRef, CFDataRef signature,
 217         SecCSFlags flags)
 218 {
 219         BEGIN_CSAPI
 220
 221         checkFlags(flags);
 222         SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
 223
 224         code->detachedSignature(signature); // ... and pass it to the code
 225         code->resetValidity();
 226
 227         END_CSAPI
 228 }
 229
 230
 231 //
 232 // Attach a code signature to a kernel memory mapping for page-in validation.
 233 //
 234 OSStatus SecCodeMapMemory(SecStaticCodeRef codeRef, SecCSFlags flags)
 235 {
 236         BEGIN_CSAPI
 237
 238         checkFlags(flags);
 239         SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
 240         if (const CodeDirectory *cd = code->codeDirectory(false)) {
 241                 fsignatures args = { static_cast<off_t>(code->diskRep()->signingBase()), (void *)cd, cd->length() };
 242                 UnixError::check(::fcntl(code->diskRep()->fd(), F_ADDSIGS, &args));
 243         } else
 244                 MacOSError::throwMe(errSecCSUnsigned);
 245
 246         END_CSAPI
 247 }
 248
 249
 250 //
 251 // Attach a callback block to a code object
 252 //
 253 OSStatus SecStaticCodeSetCallback(SecStaticCodeRef codeRef, SecCSFlags flags, SecCodeCallback *old, SecCodeCallback monitor)
 254 {
 255         BEGIN_CSAPI
 256
 257         checkFlags(flags);
 258         SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
 259         if (old)
 260                 *old = code->monitor();
 261         code->setMonitor(monitor);
 262
 263         END_CSAPI
 264 }
 265
 266
 267 OSStatus SecStaticCodeSetValidationConditions(SecStaticCodeRef codeRef, CFDictionaryRef conditions)
 268 {
 269         BEGIN_CSAPI
 270
 271         checkFlags(0);
 272         SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
 273         code->setValidationModifiers(conditions);
 274
 275         END_CSAPI
 276 }
 277
 278
 279 //
 280 // Set cancellation flag on a static code object.
 281 //
 282 OSStatus SecStaticCodeCancelValidation(SecStaticCodeRef codeRef, SecCSFlags flags)
 283 {
 284         BEGIN_CSAPI
 285
 286         checkFlags(0);
 287         SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
 288         code->cancelValidation();
 289
 290         END_CSAPI
 291 }
 292
 293
 294 //
 295 // Retrieve a component object for a special slot directly.
 296 //
 297 CFDataRef SecCodeCopyComponent(SecCodeRef codeRef, int slot, CFDataRef hash)
 298 {
 299         BEGIN_CSAPI
 300
 301         SecStaticCode* code = SecStaticCode::requiredStatic(codeRef);
 302         return code->copyComponent(slot, hash);
 303
 304         END_CSAPI1(NULL)
 305 }
 306
 307
 308 //
 309 // Validate a single plain file's resource seal against a memory copy.
 310 // This will fail for any other file type (symlink, directory, nested code, etc. etc.)
 311 //
 312 OSStatus SecCodeValidateFileResource(SecStaticCodeRef codeRef, CFStringRef relativePath, CFDataRef fileData, SecCSFlags flags)
 313 {
 314     BEGIN_CSAPI
 315
 316     checkFlags(0);
 317     if (fileData == NULL)
 318         MacOSError::throwMe(errSecCSObjectRequired);
 319     SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
 320     code->validatePlainMemoryResource(cfString(relativePath), fileData, flags);
 321
 322     END_CSAPI
 323
 324 }