]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/bundlediskrep.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.60.18.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / bundlediskrep.h
1 /*
2 * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // bundlediskrep - bundle directory disk representation
26 //
27 #ifndef _H_BUNDLEDISKREP
28 #define _H_BUNDLEDISKREP
29
30 #include "diskrep.h"
31 #include "machorep.h"
32
33 namespace Security {
34 namespace CodeSigning {
35
36
37 #define BUNDLEDISKREP_DIRECTORY "_CodeSignature"
38 #define CODERESOURCES_LINK "CodeResources"
39 #define STORE_RECEIPT_DIRECTORY "_MASReceipt"
40
41
42 //
43 // A BundleDiskRep represents a standard Mac OS X bundle on disk.
44 // The bundle is expected to have an Info.plist, and a "main executable file"
45 // of some sort (as indicated therein).
46 // The BundleDiskRep stores the necessary components in the main executable
47 // if it is in Mach-O format, or in files in a _CodeSignature directory if not.
48 // This DiskRep supports resource sealing.
49 //
50 class BundleDiskRep : public DiskRep {
51 public:
52 BundleDiskRep(const char *path, const Context *ctx = NULL);
53 BundleDiskRep(CFBundleRef ref, const Context *ctx = NULL);
54 ~BundleDiskRep();
55
56 CFDataRef component(CodeDirectory::SpecialSlot slot);
57 CFDataRef identification();
58 std::string mainExecutablePath();
59 CFURLRef copyCanonicalPath();
60 std::string resourcesRootPath();
61 std::string resourcesRelativePath();
62 void adjustResources(ResourceBuilder &builder);
63 Universal *mainExecutableImage();
64 void prepareForSigning(SigningContext &context);
65 size_t signingBase();
66 size_t signingLimit();
67 std::string format();
68 CFArrayRef modifiedFiles();
69 UnixPlusPlus::FileDesc &fd();
70 void flush();
71 CFDictionaryRef diskRepInformation();
72
73 std::string recommendedIdentifier(const SigningContext &ctx);
74 CFDictionaryRef defaultResourceRules(const SigningContext &ctx);
75 const Requirements *defaultRequirements(const Architecture *arch, const SigningContext &ctx);
76 size_t pageSize(const SigningContext &ctx);
77
78 void strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated, SecCSFlags flags);
79 CFArrayRef allowedResourceOmissions();
80
81 CFBundleRef bundle() const { return mBundle; }
82
83 public:
84 Writer *writer();
85 class Writer;
86 friend class Writer;
87
88 protected:
89 std::string metaPath(const char *name);
90 void createMeta(); // (try to) create the meta-file directory
91 CFDataRef metaData(const char *name);
92 CFDataRef metaData(CodeDirectory::SpecialSlot slot);
93
94 private:
95 void setup(const Context *ctx); // shared init
96 void checkModifiedFile(CFMutableArrayRef files, CodeDirectory::SpecialSlot slot);
97 CFDataRef loadRegularFile(CFURLRef url);
98 void recordStrictError(OSStatus error);
99 void validateMetaDirectory(const CodeDirectory* cd);
100 void validateFrameworkRoot(std::string root);
101 void checkPlainFile(UnixPlusPlus::FileDesc fd, const std::string& path);
102 void checkForks(UnixPlusPlus::FileDesc fd);
103 void checkMoved(CFURLRef oldPath, CFURLRef newPath);
104 void componentFromExec(bool fromExec);
105
106 private:
107 CFRef<CFBundleRef> mBundle;
108 std::string mMetaPath; // path to directory containing signing files
109 bool mMetaExists; // separate meta-file directory exists
110 CFRef<CFURLRef> mMainExecutableURL; // chosen main executable URL
111 bool mInstallerPackage; // is an installer (not executable) bundle
112 bool mAppLike; // is some form of app
113 string mFormat; // format description string
114 RefPointer<DiskRep> mExecRep; // DiskRep for main executable file
115 bool mComponentsFromExec; // components are drawn from main executable diskrep
116 bool mComponentsFromExecValid; // mComponentsFromExec is valid (tri-state)
117 std::set<CodeDirectory::SpecialSlot> mUsedComponents; // remember what components we've retrieved
118 std::set<OSStatus> mStrictErrors; // strict validation errors encountered
119 };
120
121
122 //
123 // Writers
124 //
125 //
126 class BundleDiskRep::Writer : public DiskRep::Writer {
127 friend class BundleDiskRep;
128 public:
129 Writer(BundleDiskRep *r);
130
131 void component(CodeDirectory::SpecialSlot slot, CFDataRef data);
132 void remove();
133 void flush();
134
135 protected:
136 DiskRep *execRep() { return rep->mExecRep; }
137 void remove(CodeDirectory::SpecialSlot slot);
138 void purgeMetaDirectory();
139
140 protected:
141 RefPointer<BundleDiskRep> rep;
142 RefPointer<DiskRep::Writer> execWriter;
143 bool mMadeMetaDirectory;
144 std::set<std::string> mWrittenFiles;
145 };
146
147
148 } // end namespace CodeSigning
149 } // end namespace Security
150
151 #endif // !_H_BUNDLEDISKREP
mirror of Security