]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/diskrep.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.70.7.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / diskrep.cpp
1 /*
2 * Copyright (c) 2006-2007,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // diskrep - disk representations of code
26 //
27 #include "diskrep.h"
28 #include <sys/stat.h>
29 #include <CoreFoundation/CFBundlePriv.h>
30
31 // specific disk representations created by the bestGuess() function
32 #include "filediskrep.h"
33 #include "bundlediskrep.h"
34 #include "slcrep.h"
35 #if TARGET_OS_OSX
36 #include "diskimagerep.h"
37 #endif
38
39 namespace Security {
40 namespace CodeSigning {
41
42 using namespace UnixPlusPlus;
43
44
45 //
46 // Abstract features
47 //
48 DiskRep::DiskRep()
49 {
50 }
51
52 DiskRep::~DiskRep()
53 {
54 CODESIGN_DISKREP_DESTROY(this);
55 }
56
57
58 //
59 // Normal DiskReps are their own base.
60 //
61 DiskRep *DiskRep::base()
62 {
63 return this;
64 }
65
66
67 //
68 // By default, DiskReps are read-only.
69 //
70 DiskRep::Writer *DiskRep::writer()
71 {
72 MacOSError::throwMe(errSecCSUnimplemented);
73 }
74
75
76 void DiskRep::Writer::addDiscretionary(CodeDirectory::Builder &)
77 {
78 // do nothing
79 }
80
81
82 //
83 // Given a file system path, come up with the most likely correct
84 // disk representation for what's there.
85 // This is, strictly speaking, a heuristic that could be fooled - there's
86 // no fool-proof rule for figuring this out. But we'd expect this to work
87 // fine in ordinary use. If you happen to know what you're looking at
88 // (say, a bundle), then just create the suitable subclass of DiskRep directly.
89 // That's quite legal.
90 // The optional context argument can provide additional information that guides the guess.
91 //
92 DiskRep *DiskRep::bestGuess(const char *path, const Context *ctx)
93 {
94 try {
95 if (!(ctx && ctx->fileOnly)) {
96 struct stat st;
97 if (::stat(path, &st))
98 UnixError::throwMe();
99
100 // if it's a directory, assume it's a bundle
101 if ((st.st_mode & S_IFMT) == S_IFDIR) // directory - assume bundle
102 return new BundleDiskRep(path, ctx);
103
104 // see if it's the main executable of a recognized bundle
105 if (CFRef<CFURLRef> pathURL = makeCFURL(path))
106 if (CFRef<CFBundleRef> bundle = _CFBundleCreateWithExecutableURLIfMightBeBundle(NULL, pathURL))
107 return new BundleDiskRep(bundle, ctx);
108 }
109
110 // try the various single-file representations
111 AutoFileDesc fd(path, O_RDONLY);
112 if (MachORep::candidate(fd))
113 return new MachORep(path, ctx);
114 #if TARGET_OS_OSX
115 if (DiskImageRep::candidate(fd))
116 return new DiskImageRep(path);
117 #endif
118 if (DYLDCacheRep::candidate(fd))
119 return new DYLDCacheRep(path);
120
121 // ultimate fallback - the generic file representation
122 return new FileDiskRep(path);
123
124 } catch (const CommonError &error) {
125 switch (error.unixError()) {
126 case ENOENT:
127 MacOSError::throwMe(errSecCSStaticCodeNotFound);
128 default:
129 throw;
130 }
131 }
132 }
133
134
135 DiskRep *DiskRep::bestFileGuess(const char *path, const Context *ctx)
136 {
137 Context dctx;
138 if (ctx)
139 dctx = *ctx;
140 dctx.fileOnly = true;
141 return bestGuess(path, &dctx);
142 }
143
144
145 //
146 // Given a main executable known to be a Mach-O binary, and an offset into
147 // the file of the actual architecture desired (of a Universal file),
148 // produce a suitable MachORep.
149 // This function does not consider non-MachO binaries. It does however handle
150 // bundles with Mach-O main executables correctly.
151 //
152 DiskRep *DiskRep::bestGuess(const char *path, size_t archOffset)
153 {
154 try {
155 // is it the main executable of a bundle?
156 if (CFRef<CFURLRef> pathURL = makeCFURL(path))
157 if (CFRef<CFBundleRef> bundle = _CFBundleCreateWithExecutableURLIfMightBeBundle(NULL, pathURL)) {
158 Context ctx; ctx.offset = archOffset;
159 return new BundleDiskRep(bundle, &ctx); // ask bundle to make bundle-with-MachO-at-offset
160 }
161 // else, must be a Mach-O binary
162 Context ctx; ctx.offset = archOffset;
163 return new MachORep(path, &ctx);
164 } catch (const CommonError &error) {
165 switch (error.unixError()) {
166 case ENOENT:
167 MacOSError::throwMe(errSecCSStaticCodeNotFound);
168 default:
169 throw;
170 }
171 }
172 }
173
174
175 //
176 // Default behaviors of DiskRep
177 //
178 string DiskRep::resourcesRootPath()
179 {
180 return ""; // has no resources directory
181 }
182
183 void DiskRep::adjustResources(ResourceBuilder &builder)
184 {
185 // do nothing
186 }
187
188 void DiskRep::prepareForSigning(SigningContext &state)
189 {
190 // do nothing
191 }
192
193 Universal *DiskRep::mainExecutableImage()
194 {
195 return NULL; // no Mach-O executable
196 }
197
198 size_t DiskRep::signingBase()
199 {
200 return 0; // whole file (start at beginning)
201 }
202
203 size_t DiskRep::execSegBase(const Architecture *)
204 {
205 return 0; // whole file (start at beginning)
206 }
207
208 CFArrayRef DiskRep::modifiedFiles()
209 {
210 // by default, claim (just) the main executable modified
211 CFRef<CFURLRef> mainURL = makeCFURL(mainExecutablePath());
212 return makeCFArray(1, mainURL.get());
213 }
214
215 void DiskRep::flush()
216 {
217 // nothing cached
218 }
219
220 CFDictionaryRef DiskRep::diskRepInformation()
221 {
222 return NULL;
223 }
224
225 CFDictionaryRef DiskRep::defaultResourceRules(const SigningContext &)
226 {
227 return NULL; // none
228 }
229
230 const Requirements *DiskRep::defaultRequirements(const Architecture *, const SigningContext &)
231 {
232 return NULL; // none
233 }
234
235 size_t DiskRep::pageSize(const SigningContext &)
236 {
237 return monolithicPageSize; // unpaged (monolithic)
238 }
239
240
241 void DiskRep::strictValidate(const CodeDirectory*, const ToleratedErrors& tolerated, SecCSFlags flags)
242 {
243 if (flags & kSecCSRestrictToAppLike)
244 if (tolerated.find(errSecCSNotAppLike) == tolerated.end())
245 MacOSError::throwMe(errSecCSNotAppLike);
246 }
247
248 CFArrayRef DiskRep::allowedResourceOmissions()
249 {
250 return NULL;
251 }
252
253
254 //
255 // Given some string (usually a pathname), derive a suggested signing identifier
256 // in a canonical way (so there's some consistency).
257 //
258 // This is a heuristic. First we lop off any leading directories and final (non-numeric)
259 // extension. Then we walk backwards, eliminating numeric extensions except the first one.
260 // Thus, libfrotz7.3.5.dylib becomes libfrotz7, mumble.77.plugin becomes mumble.77,
261 // and rumble.rb becomes rumble. This isn't perfect, but it ought to handle 98%+ of
262 // the common varieties out there. Specify an explicit identifier for the oddballs.
263 //
264 // This is called by the various recommendedIdentifier() methods, who are
265 // free to modify or override it.
266 //
267 // Note: We use strchr("...") instead of is*() here because we do not
268 // wish to be influenced by locale settings.
269 //
270 std::string DiskRep::canonicalIdentifier(const std::string &name)
271 {
272 string s = name;
273 string::size_type p;
274
275 // lop off any directory prefixes
276 if ((p = s.rfind('/')) != string::npos)
277 s = s.substr(p+1);
278
279 // remove any final extension (last dot) unless it's numeric
280 if ((p = s.rfind('.')) != string::npos && !strchr("0123456789", s[p+1]))
281 s = s.substr(0, p);
282
283 // eat numeric suffixes except the first one; roughly:
284 // foo.2.3.4 => foo.2, foo2.3 => foo2, foo.9 => foo.9, foo => foo
285 if (strchr("0123456789.", s[0])) // starts with digit or .
286 return s; // ... so don't mess with it
287 p = s.size()-1;
288 // foo3.5^, foo.3.5^, foo3^, foo.3^, foo^
289 while (strchr("0123456789.", s[p]))
290 p--;
291 // fo^o3.5, fo^o.3.5, fo^o3, fo^o.3, fo^o
292 p++;
293 // foo^3.5, foo^.3.5, foo^3, foo^.3, foo^
294 if (s[p] == '.')
295 p++;
296 // foo^3.5, foo.^3.5, foo^3, foo.^3, foo^
297 while (p < s.size() && strchr("0123456789", s[p]))
298 p++;
299 // foo3^.5, foo.3^.5, foo3^, foo.3^, foo^
300 return s.substr(0, p);
301 }
302
303
304 //
305 // Writers
306 //
307 DiskRep::Writer::Writer(uint32_t attrs)
308 : mArch(CPU_TYPE_ANY), mAttributes(attrs)
309 {
310 }
311
312 DiskRep::Writer::~Writer()
313 { /* virtual */ }
314
315 uint32_t DiskRep::Writer::attributes() const
316 { return mAttributes; }
317
318 void DiskRep::Writer::flush()
319 { /* do nothing */ }
320
321 void DiskRep::Writer::remove()
322 {
323 MacOSError::throwMe(errSecCSNotSupported);
324 }
325
326
327 } // end namespace CodeSigning
328 } // end namespace Security
mirror of Security