]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/machorep.h
projects / apple / security.git / blob
? search:


d30ba53791909d23d9a4311f779964486df60d64
[apple/security.git] / OSX / libsecurity_codesigning / lib / machorep.h
1 /*
2 * Copyright (c) 2006,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // machorep - DiskRep mix-in for handling Mach-O main executables
26 //
27 #ifndef _H_MACHOREP
28 #define _H_MACHOREP
29
30 #include "singlediskrep.h"
31 #include "sigblob.h"
32 #include <security_utilities/unix++.h>
33 #include <security_utilities/macho++.h>
34
35 namespace Security {
36 namespace CodeSigning {
37
38
39 //
40 // MachORep is a DiskRep class that supports code signatures
41 // directly embedded in Mach-O binary files.
42 //
43 // It does not have write support (for writing signatures);
44 // writing multi-architecture binaries is complicated enough
45 // that it's driven directly from the signing code, with no
46 // abstractions to get in the way.
47 //
48 class MachORep : public SingleDiskRep {
49 public:
50 MachORep(const char *path, const Context *ctx = NULL);
51 virtual ~MachORep();
52
53 CFDataRef component(CodeDirectory::SpecialSlot slot);
54 CFDataRef identification();
55 Universal *mainExecutableImage();
56 void prepareForSigning(SigningContext &context);
57 size_t signingBase();
58 size_t signingLimit();
59 size_t execSegBase(const Architecture *arch);
60 size_t execSegLimit(const Architecture *arch);
61 std::string format();
62 CFDictionaryRef diskRepInformation();
63
64 std::string recommendedIdentifier(const SigningContext &ctx);
65 const Requirements *defaultRequirements(const Architecture *arch, const SigningContext &ctx);
66 size_t pageSize(const SigningContext &ctx);
67
68 void strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated, SecCSFlags flags);
69
70 void flush(); // flush cache
71
72 static bool candidate(UnixPlusPlus::FileDesc &fd);
73
74 public:
75 static CFDataRef identificationFor(MachO *macho);
76
77 public:
78 DiskRep::Writer *writer();
79 class Writer;
80 friend class Writer;
81
82 protected:
83 CFDataRef embeddedComponent(CodeDirectory::SpecialSlot slot);
84 CFDataRef infoPlist();
85 Requirement *libraryRequirements(const Architecture *arch, const SigningContext &ctx);
86
87 private:
88 static bool needsExecSeg(const MachO& macho);
89
90 Universal *mExecutable; // cached Mach-O/Universal reference to mainExecutablePath()
91 EmbeddedSignatureBlob *mSigningData; // cached signing data from current architecture
92 };
93
94
95 //
96 // The write side of a MachORep.
97 // This is purposely dysfunctional; Mach-O signatures are written
98 // by code in signerutils, not by DiskRep::Writers.
99 //
100 class MachORep::Writer : public SingleDiskRep::Writer {
101 friend class FileDiskRep;
102 public:
103 Writer(MachORep *r) : SingleDiskRep::Writer(r, writerNoGlobal) { }
104 void component(CodeDirectory::SpecialSlot slot, CFDataRef data);
105 };
106
107
108 } // end namespace CodeSigning
109 } // end namespace Security
110
111 #endif // !_H_MACHOREP
mirror of Security