]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_manifest/lib/ManifestInternal.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.80.4.tar.gz
[apple/security.git] / OSX / libsecurity_manifest / lib / ManifestInternal.h
1 /*
2 * Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #ifndef _SECURITY_MANIFEST_H_
25 #define _SECURITY_MANIFEST_H_
26
27
28 #include <Security/Security.h>
29 #include <security_utilities/security_utilities.h>
30 #include <security_utilities/cfclass.h>
31 #include <security_cdsa_client/cspclient.h>
32 #include "SecManifest.h"
33 #include <vector>
34 #include <set>
35
36
37 // note: The error range for the file signing library is -22040 through -22079
38
39 class ManifestItem;
40
41 class CSSMInitializer
42 {
43 protected:
44 static ModuleNexus<CSSMInitializer> mInstance;
45
46 CssmClient::Module mModule;
47 CssmClient::CSP mCSP;
48
49 public:
50 CSSMInitializer ();
51 ~CSSMInitializer ();
52
53 static CssmClient::CSP* GetCSP ();
54 };
55
56
57
58 const int kSHA1DigestSize = 20;
59 typedef unsigned char SHA1Digest[kSHA1DigestSize];
60
61 typedef std::set<std::string> StringSet;
62
63 class ManifestItemList : private std::vector<ManifestItem*>
64 {
65 private:
66
67 friend class FileSystemItemList;
68
69 typedef std::vector<ManifestItem*> ParentClass;
70
71 void ConvertToStringSet (const char* path, CFArrayRef array, StringSet& stringSet);
72
73 protected:
74 void DecodeURL (CFURLRef url, char *pathBuffer, CFIndex maxBufLen);
75 void AddDataObject (CFDataRef data);
76
77 public:
78 ManifestItemList ();
79 ~ManifestItemList ();
80
81 void AddFileSystemObject (char* path, StringSet& exceptions, bool isRoot, bool hasAppleDoubleResourceFork);
82 void AddObject (CFTypeRef object, CFArrayRef exceptionList);
83
84 using ParentClass::push_back;
85 using ParentClass::size;
86 // using ParentClass::operator[];
87
88 ManifestItem* operator[] (int n) {return ParentClass::operator[] (n);}
89 };
90
91
92
93 class FileSystemItemList : public ManifestItemList
94 {
95 public:
96 void Compare (FileSystemItemList &itemList, bool compareOwnerAndGroup);
97 };
98
99
100
101 class RootItemList : public ManifestItemList
102 {
103 public:
104 void Compare (RootItemList& itemList, bool compareOwnerAndGroup);
105 };
106
107
108
109 class ManifestInternal
110 {
111 protected:
112 RootItemList mManifestItems;
113
114 public:
115 ManifestInternal ();
116
117 virtual ~ManifestInternal ();
118
119 ManifestItemList& GetItemList () {return mManifestItems;}
120
121 static void CompareManifests (ManifestInternal& m1, ManifestInternal& m2, SecManifestCompareOptions options);
122 };
123
124
125
126 enum ManifestItemType {kManifestDataBlobItemType, kManifestFileItemType, kManifestDirectoryItemType, kManifestSymLinkItemType,
127 kManifestOtherType};
128
129 // base class for our internal object representation
130 class ManifestItem
131 {
132 public:
133 virtual ~ManifestItem ();
134
135 virtual ManifestItemType GetItemType () = 0;
136 virtual void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup) = 0;
137 };
138
139
140
141 class ManifestDataBlobItem : public ManifestItem
142 {
143 protected:
144 SHA1Digest mSHA1Digest;
145 size_t mLength;
146
147 public:
148 ManifestDataBlobItem ();
149 virtual ~ManifestDataBlobItem ();
150
151 ManifestItemType GetItemType ();
152
153 const SHA1Digest* GetDigest ();
154 void SetDigest (const SHA1Digest *sha1Digest);
155 size_t GetLength ();
156 void SetLength (size_t length);
157 void Compare (ManifestItem* item, bool compareOwnerAndGroup);
158 };
159
160
161
162 class FileSystemEntryItem : public ManifestItem
163 {
164 protected:
165 std::string mPath, mName;
166 uid_t mUserID;
167 gid_t mGroupID;
168 mode_t mMode;
169
170 public:
171 FileSystemEntryItem ();
172 virtual ~FileSystemEntryItem ();
173
174 void SetName (char* name);
175 void SetPath (char* path);
176 void SetUID (uid_t uid);
177 void SetGID (gid_t gid);
178 void SetMode (mode_t mode);
179
180 const char* GetName () const;
181 const std::string& GetNameAsString () const {return mName;}
182 uid_t GetUID () const;
183 gid_t GetGID () const;
184 mode_t GetMode () const;
185
186 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
187 };
188
189
190
191 const int kMaxForks = 2;
192
193 class ManifestFileItem : public FileSystemEntryItem
194 {
195 protected:
196 SHA1Digest mDigest[kMaxForks];
197 size_t mFileLengths[kMaxForks];
198
199 bool FileSystemHasTrueForks (char* pathToFile);
200 bool HasResourceFork (char* path, std::string &pathName, struct stat &st);
201 std::string ResourceFileName (char* path);
202 bool FileIsMachOBinary (char* path);
203 void ComputeDigestForFile (char* path, SHA1Digest &digest, size_t &length, struct stat &st);
204 void ComputeDigestForAppleDoubleResourceFork (char* path, SHA1Digest &digest, size_t &length);
205
206 int mNumForks;
207
208 public:
209 ManifestFileItem ();
210 virtual ~ManifestFileItem ();
211
212 u_int32_t GetNumberOfForks ();
213 void SetNumberOfForks (u_int32_t numForks);
214 void ComputeRepresentations (struct stat &st, bool hasAppleDoubleResourceFork);
215 void GetItemRepresentation (int whichFork, void* &itemRep, size_t &size);
216 void SetItemRepresentation (int whichFork, const void* itemRep, size_t size);
217 void SetForkLength (int whichFork, size_t length);
218 size_t GetForkLength (int whichFork);
219
220 ManifestItemType GetItemType ();
221
222 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
223 };
224
225
226
227 class ManifestDirectoryItem : public FileSystemEntryItem
228 {
229 protected:
230 FileSystemItemList mDirectoryItems;
231
232 public:
233 ManifestDirectoryItem ();
234 virtual ~ManifestDirectoryItem ();
235
236 void SetPath (char* path, StringSet &exceptions, bool isRoot);
237 ManifestItemType GetItemType ();
238 ManifestItemList& GetItemList () {return mDirectoryItems;}
239
240 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
241 };
242
243
244
245 class ManifestSymLinkItem : public FileSystemEntryItem
246 {
247 protected:
248 std::string mContent;
249 SHA1Digest mDigest;
250
251 public:
252 ManifestSymLinkItem ();
253 virtual ~ManifestSymLinkItem ();
254
255 const SHA1Digest* GetDigest ();
256 void SetDigest (const SHA1Digest* sha1Digest);
257 void ComputeRepresentation ();
258 ManifestItemType GetItemType ();
259
260 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
261 };
262
263
264
265 class ManifestOtherItem : public FileSystemEntryItem
266 {
267 protected:
268 std::string mPath, mName;
269
270 public:
271 ManifestOtherItem ();
272 virtual ~ManifestOtherItem ();
273
274 ManifestItemType GetItemType ();
275
276 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
277 };
278
279 #endif
mirror of Security