]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/csprocess.cpp
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / csprocess.cpp
1 /*
2 * Copyright (c) 2006,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // csprocess - UNIX process implementation of the Code Signing Host Interface
26 //
27 #include "csprocess.h"
28 #include "cskernel.h"
29 #include <securityd_client/ssclient.h>
30 #include <System/sys/codesign.h>
31
32 namespace Security {
33 namespace CodeSigning {
34
35
36 //
37 // Construct a running process representation
38 //
39 ProcessCode::ProcessCode(pid_t pid, const audit_token_t* token, PidDiskRep *pidDiskRep /*= NULL */)
40 : GenericCode(KernelCode::active()), mPid(pid), mPidBased(pidDiskRep)
41 {
42 if (token)
43 mAudit = new audit_token_t(*token);
44 else
45 mAudit = NULL;
46 }
47
48
49 mach_port_t ProcessCode::getHostingPort()
50 {
51 return SecurityServer::ClientSession().hostingPort(pid());
52 }
53
54
55 int ProcessCode::csops(unsigned int ops, void *addr, size_t size)
56 {
57 // pass pid and audit token both if we have it, or just the pid if we don't
58 if (mAudit)
59 return ::csops_audittoken(mPid, ops, addr, size, mAudit);
60 else
61 return ::csops(mPid, ops, addr, size);
62 }
63
64
65 /*
66 *
67 */
68
69 ProcessDynamicCode::ProcessDynamicCode(ProcessCode *guest)
70 : SecStaticCode(guest->pidBased()), mGuest(guest)
71 {
72 }
73
74 CFDataRef ProcessDynamicCode::component(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)
75 {
76 if (slot == cdInfoSlot && !mGuest->pidBased()->supportInfoPlist())
77 return NULL;
78 else if (slot == cdResourceDirSlot)
79 return NULL;
80 return SecStaticCode::component(slot, fail);
81 }
82
83 CFDictionaryRef ProcessDynamicCode::infoDictionary()
84 {
85 if (mGuest->pidBased()->supportInfoPlist())
86 return SecStaticCode::infoDictionary();
87 return makeCFDictionary(0);
88 }
89
90 void ProcessDynamicCode::validateComponent(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)
91 {
92 if (slot == cdInfoSlot && !mGuest->pidBased()->supportInfoPlist())
93 return;
94 else if (slot == cdResourceDirSlot)
95 return;
96 SecStaticCode::validateComponent(slot, fail);
97 }
98
99
100
101 } // CodeSigning
102 } // Security