OSX/libsecurity_codesigning/lib/piddiskrep.cpp

   1 /*
   2  * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23 #include "piddiskrep.h"
  24 #include "sigblob.h"
  25 #include <sys/param.h>
  26 #include <sys/utsname.h>
  27 #include <System/sys/codesign.h>
  28 #include <libproc.h>
  29 #include <xpc/xpc.h>
  30
  31 namespace Security {
  32 namespace CodeSigning {
  33
  34 using namespace UnixPlusPlus;
  35
  36
  37 void
  38 PidDiskRep::setCredentials(const Security::CodeSigning::CodeDirectory *cd)
  39 {
  40         // save the Info.plist slot
  41         if (cd->slotIsPresent(cdInfoSlot)) {
  42                 mInfoPlistHash.take(makeCFData(cd->getSlot(cdInfoSlot, false), cd->hashSize));
  43         }
  44 }
  45
  46 void
  47 PidDiskRep::fetchData(void)
  48 {
  49         if (mDataFetched)       // once
  50                 return;
  51
  52         xpc_connection_t conn = xpc_connection_create("com.apple.CodeSigningHelper",
  53                                                       dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0));
  54         xpc_connection_set_event_handler(conn, ^(xpc_object_t object){ });
  55         xpc_connection_resume(conn);
  56
  57         xpc_object_t request = xpc_dictionary_create(NULL, NULL, 0);
  58         assert(request != NULL);
  59         xpc_dictionary_set_string(request, "command", "fetchData");
  60         xpc_dictionary_set_int64(request, "pid", mPid);
  61
  62         if (mAudit) {
  63                 xpc_dictionary_set_data(request, "audit", mAudit.get(), sizeof(audit_token_t));
  64         }
  65         xpc_dictionary_set_data(request, "infohash", CFDataGetBytePtr(mInfoPlistHash), CFDataGetLength(mInfoPlistHash));
  66
  67         xpc_object_t reply = xpc_connection_send_message_with_reply_sync(conn, request);
  68         if (reply && xpc_get_type(reply) == XPC_TYPE_DICTIONARY) {
  69                 const void *data;
  70                 size_t size;
  71
  72                 if (!mInfoPlist) {
  73                         data = xpc_dictionary_get_data(reply, "infoPlist", &size);
  74                         if (data && size > 0 && size < 50 * 1024)
  75                                 mInfoPlist.take(CFDataCreate(NULL, (const UInt8 *)data, (CFIndex)size));
  76                 }
  77                 if (!mBundleURL) {
  78                         data = xpc_dictionary_get_data(reply, "bundleURL", &size);
  79                         if (data && size > 0 && size < 50 * 1024)
  80                                 mBundleURL.take(CFURLCreateWithBytes(NULL, (const UInt8 *)data, (CFIndex)size, kCFStringEncodingUTF8, NULL));
  81                 }
  82         }
  83         if (reply)
  84                 xpc_release(reply);
  85
  86         xpc_release(request);
  87         xpc_release(conn);
  88
  89     if (!mBundleURL) {
  90         MacOSError::throwMe(errSecCSNoSuchCode);
  91     }
  92
  93     mDataFetched = true;
  94 }
  95
  96
  97 PidDiskRep::PidDiskRep(pid_t pid, audit_token_t *audit, CFDataRef infoPlist)
  98         : mDataFetched(false)
  99 {
 100         BlobCore header;
 101
 102         mPid = pid;
 103         mInfoPlist = infoPlist;
 104
 105         if (audit != NULL) {
 106             mAudit.reset(new audit_token_t);
 107             memcpy(mAudit.get(), audit, sizeof(audit_token_t));
 108         }
 109
 110         //        fetchData();
 111
 112         int rcent = EINVAL;
 113
 114         if (audit != NULL) {
 115             rcent = ::csops_audittoken(pid, CS_OPS_BLOB, &header, sizeof(header), mAudit.get());
 116         } else {
 117             rcent = ::csops(pid, CS_OPS_BLOB, &header, sizeof(header));
 118         }
 119         if (rcent == 0)
 120             MacOSError::throwMe(errSecCSNoSuchCode);
 121
 122         if (errno != ERANGE)
 123                 UnixError::throwMe(errno);
 124
 125         if (header.length() > 1024 * 1024)
 126                 MacOSError::throwMe(errSecCSNoSuchCode);
 127
 128         uint32_t bufferLen = (uint32_t)header.length();
 129         mBuffer = new uint8_t [bufferLen];
 130
 131         if (audit != NULL) {
 132             UnixError::check(::csops_audittoken(pid, CS_OPS_BLOB, mBuffer, bufferLen, mAudit.get()));
 133         } else {
 134             UnixError::check(::csops(pid, CS_OPS_BLOB, mBuffer, bufferLen));
 135         }
 136
 137         const EmbeddedSignatureBlob *b = (const EmbeddedSignatureBlob *)mBuffer;
 138         if (!b->validateBlob(bufferLen))
 139                 MacOSError::throwMe(errSecCSSignatureInvalid);
 140 }
 141
 142 PidDiskRep::~PidDiskRep()
 143 {
 144         if (mBuffer)
 145                 delete [] mBuffer;
 146 }
 147
 148
 149 bool PidDiskRep::supportInfoPlist()
 150 {
 151                 fetchData();
 152         return mInfoPlist;
 153 }
 154
 155
 156 CFDataRef PidDiskRep::component(CodeDirectory::SpecialSlot slot)
 157 {
 158         if (slot == cdInfoSlot) {
 159                 fetchData();
 160                 return mInfoPlist.retain();
 161         }
 162
 163         EmbeddedSignatureBlob *b = (EmbeddedSignatureBlob *)this->blob();
 164         return b->component(slot);
 165 }
 166
 167 CFDataRef PidDiskRep::identification()
 168 {
 169         return NULL;
 170 }
 171
 172
 173 CFURLRef PidDiskRep::copyCanonicalPath()
 174 {
 175         fetchData();
 176         return mBundleURL.retain();
 177 }
 178
 179 string PidDiskRep::recommendedIdentifier(const SigningContext &)
 180 {
 181         return string("pid") + to_string(mPid);
 182 }
 183
 184 size_t PidDiskRep::signingLimit()
 185 {
 186         return 0;
 187 }
 188
 189 size_t PidDiskRep::execSegLimit(const Architecture *)
 190 {
 191                 return 0;
 192 }
 193
 194 string PidDiskRep::format()
 195 {
 196         return "pid diskrep";
 197 }
 198
 199 UnixPlusPlus::FileDesc &PidDiskRep::fd()
 200 {
 201         UnixError::throwMe(EINVAL);
 202 }
 203
 204 string PidDiskRep::mainExecutablePath()
 205 {
 206         char path[MAXPATHLEN * 2];
 207         // This is unsafe by pid only, but so is using that path in general.
 208         if(::proc_pidpath(mPid, path, sizeof(path)) == 0)
 209                 UnixError::throwMe(errno);
 210
 211         return path;
 212 }
 213
 214 bool PidDiskRep::appleInternalForcePlatform() const
 215 {
 216         uint32_t flags = 0;
 217         int rcent = EINVAL;
 218
 219         if (mAudit != NULL) {
 220                 rcent = ::csops_audittoken(mPid, CS_OPS_STATUS, &flags, sizeof(flags),
 221                                                                    mAudit.get());
 222         } else {
 223                 rcent = ::csops(mPid, CS_OPS_STATUS, &flags, sizeof(flags));
 224         }
 225
 226         if (rcent != 0) {
 227                 MacOSError::throwMe(errSecCSNoSuchCode);
 228         }
 229
 230         return (flags & CS_PLATFORM_BINARY) == CS_PLATFORM_BINARY;
 231 }
 232
 233 } // end namespace CodeSigning
 234 } // end namespace Security