]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/CodeSigningHelper/main.cpp
Security-58286.251.4.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / CodeSigningHelper / main.cpp
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #include <Security/CodeSigning.h>
24 #include <Security/SecCodePriv.h>
25 #include <xpc/xpc.h>
26 #include <sandbox.h>
27 #include <security_utilities/cfutilities.h>
28 #include <security_utilities/cfmunge.h>
29 #include <security_utilities/logging.h>
30 #include "codedirectory.h"
31
32
33
34 static void
35 request(xpc_connection_t peer, xpc_object_t event)
36 {
37 OSStatus rc;
38
39 pid_t pid = (pid_t)xpc_dictionary_get_int64(event, "pid");
40 if (pid <= 0)
41 return;
42
43 size_t audit_size;
44 audit_token_t const *audit =
45 (audit_token_t const *)xpc_dictionary_get_data(event, "audit", &audit_size);
46
47 if (audit != NULL && audit_size != sizeof(audit_token_t)) {
48 Syslog::error("audit token has unexpected size %zu", audit_size);
49 return;
50 }
51
52 xpc_object_t reply = xpc_dictionary_create_reply(event);
53 if (reply == NULL)
54 return;
55
56 CFTemp<CFMutableDictionaryRef> attributes("{%O=%d}", kSecGuestAttributePid, pid);
57
58 if (audit != NULL) {
59 CFRef<CFDataRef> auditData = makeCFData(audit, audit_size);
60 CFDictionaryAddValue(attributes.get(), kSecGuestAttributeAudit,
61 auditData);
62 }
63 CFRef<SecCodeRef> code;
64 if ((rc = SecCodeCopyGuestWithAttributes(NULL, attributes, kSecCSDefaultFlags, &code.aref())) == noErr) {
65
66 // path to base of client code
67 CFRef<CFURLRef> codePath;
68 if ((rc = SecCodeCopyPath(code, kSecCSDefaultFlags, &codePath.aref())) == noErr) {
69 CFRef<CFDataRef> data = CFURLCreateData(NULL, codePath, kCFStringEncodingUTF8, true);
70 xpc_dictionary_set_data(reply, "bundleURL", CFDataGetBytePtr(data), CFDataGetLength(data));
71 }
72
73 // if the caller wants the Info.plist, get it and verify the hash passed by the caller
74 size_t iphLength;
75 if (const void *iphash = xpc_dictionary_get_data(event, "infohash", &iphLength)) {
76 if (CFRef<CFDataRef> data = SecCodeCopyComponent(code, Security::CodeSigning::cdInfoSlot, CFTempData(iphash, iphLength))) {
77 xpc_dictionary_set_data(reply, "infoPlist", CFDataGetBytePtr(data), CFDataGetLength(data));
78 }
79 }
80 }
81 xpc_connection_send_message(peer, reply);
82 xpc_release(reply);
83 }
84
85
86 static void CodeSigningHelper_peer_event_handler(xpc_connection_t peer, xpc_object_t event)
87 {
88 xpc_type_t type = xpc_get_type(event);
89 if (type == XPC_TYPE_ERROR)
90 return;
91
92 assert(type == XPC_TYPE_DICTIONARY);
93
94 const char *cmd = xpc_dictionary_get_string(event, "command");
95 if (cmd == NULL) {
96 xpc_connection_cancel(peer);
97 } else if (strcmp(cmd, "fetchData") == 0)
98 request(peer, event);
99 else {
100 Syslog::error("peer sent invalid command %s", cmd);
101 xpc_connection_cancel(peer);
102 }
103 }
104
105
106 static void CodeSigningHelper_event_handler(xpc_connection_t peer)
107 {
108 xpc_connection_set_event_handler(peer, ^(xpc_object_t event) {
109 CodeSigningHelper_peer_event_handler(peer, event);
110 });
111 xpc_connection_resume(peer);
112 }
113
114 int main(int argc, const char *argv[])
115 {
116 char *error = NULL;
117 if (sandbox_init("com.apple.CodeSigningHelper", SANDBOX_NAMED, &error)) {
118 Syslog::error("failed to enter sandbox: %s", error);
119 exit(EXIT_FAILURE);
120 }
121 xpc_main(CodeSigningHelper_event_handler);
122 return 0;
123 }