--- /dev/null
+/*
+ * Copyright (c) 2011-2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include "evaluationmanager.h"
+#include "policyengine.h"
+#include <security_utilities/cfmunge.h>
+#include <xpc/xpc.h>
+#include <exception>
+#include <vector>
+
+
+
+
+namespace Security {
+namespace CodeSigning {
+
+
+
+
+#pragma mark - EvaluationTask
+
+
+//
+// An evaluation task object manages the assessment - either directly, or in the
+// form of waiting for another evaluation task to finish an assessment on the
+// same target.
+//
+class EvaluationTask
+{
+public:
+ CFURLRef path() const { return mPath.get(); }
+ AuthorityType type() const { return mType; }
+ bool isSharable() const { return mSharable; }
+ void setUnsharable() { mSharable = false; }
+
+private:
+ EvaluationTask(PolicyEngine *engine, CFURLRef path, AuthorityType type);
+ virtual ~EvaluationTask();
+ void performEvaluation(SecAssessmentFlags flags, CFDictionaryRef context);
+ void waitForCompletion(SecAssessmentFlags flags, CFMutableDictionaryRef result);
+
+ PolicyEngine *mPolicyEngine;
+ AuthorityType mType;
+ dispatch_queue_t mWorkQueue;
+ dispatch_queue_t mFeedbackQueue;
+ dispatch_semaphore_t mAssessmentLock;
+ __block dispatch_once_t mAssessmentKicked;
+ int32_t mReferenceCount;
+ int32_t mEvalCount;
+// This whole thing is a pre-existing crutch and must be fixed soon.
+#define UNOFFICIAL_MAX_XPC_ID_LENGTH 127
+ char mXpcActivityName[UNOFFICIAL_MAX_XPC_ID_LENGTH];
+ bool mSharable;
+
+ CFCopyRef<CFURLRef> mPath;
+ CFCopyRef<CFMutableDictionaryRef> mResult;
+ std::vector<SecAssessmentFeedback> mFeedback;
+
+ std::exception_ptr mExceptionToRethrow;
+
+ friend class EvaluationManager;
+};
+
+
+EvaluationTask::EvaluationTask(PolicyEngine *engine, CFURLRef path, AuthorityType type) :
+ mPolicyEngine(engine), mType(type), mAssessmentLock(dispatch_semaphore_create(0)),
+ mAssessmentKicked(0), mReferenceCount(0), mEvalCount(0), mSharable(true),
+ mExceptionToRethrow(0)
+{
+ mXpcActivityName[0] = 0;
+
+ mWorkQueue = dispatch_queue_create("EvaluationTask", 0);
+ mFeedbackQueue = dispatch_queue_create("EvaluationTaskFeedback", 0);
+
+ mPath = path;
+ mResult.take(makeCFMutableDictionary());
+}
+
+
+EvaluationTask::~EvaluationTask()
+{
+ dispatch_release(mFeedbackQueue);
+ dispatch_release(mWorkQueue);
+ dispatch_release(mAssessmentLock);
+}
+
+
+void EvaluationTask::performEvaluation(SecAssessmentFlags flags, CFDictionaryRef context)
+{
+ bool performTheEvaluation = false;
+ bool lowPriority = flags & kSecAssessmentFlagLowPriority;
+
+ // each evaluation task performs at most a single evaluation
+ if (OSAtomicIncrement32Barrier(&mEvalCount) == 1)
+ performTheEvaluation = true;
+
+ // define a block to run when the assessment has feedback available
+ SecAssessmentFeedback relayFeedback = ^Boolean(CFStringRef type, CFDictionaryRef information) {
+
+ __block Boolean proceed = true;
+ dispatch_sync(mFeedbackQueue, ^{
+ if (mFeedback.size() > 0) {
+ proceed = false; // we need at least one interested party to proceed
+ // forward the feedback to all registered listeners
+ for (int i = 0; i < mFeedback.size(); ++i) {
+ proceed |= mFeedback[i](type, information);
+ }
+ }
+ });
+ if (!proceed)
+ this->setUnsharable(); // don't share an expiring evaluation task
+ return proceed;
+ };
+
+
+ // if the calling context has a feedback block, register it to listen to
+ // our feedback relay
+ dispatch_sync(mFeedbackQueue, ^{
+ SecAssessmentFeedback feedback = (SecAssessmentFeedback)CFDictionaryGetValue(context, kSecAssessmentContextKeyFeedback);
+ if (feedback && CFGetTypeID(feedback) == CFGetTypeID(relayFeedback))
+ mFeedback.push_back(feedback);
+ });
+
+ // if we haven't already started the evaluation (we're the first interested
+ // party), do it now
+ if (performTheEvaluation) {
+ dispatch_semaphore_t startLock = dispatch_semaphore_create(0);
+
+ // create the assessment block
+ dispatch_async(mWorkQueue, dispatch_block_create_with_qos_class(DISPATCH_BLOCK_ENFORCE_QOS_CLASS, QOS_CLASS_UTILITY, 0, ^{
+ // signal that the assessment is ready to start
+ dispatch_semaphore_signal(startLock);
+
+ // wait until we're permitted to start the assessment. if we're in low
+ // priority mode, this will not happen until we're on AC power. if not
+ // in low priority mode, we're either already free to perform the
+ // assessment or we will be quite soon
+ dispatch_semaphore_wait(mAssessmentLock, DISPATCH_TIME_FOREVER);
+
+ // Unregister a possibly still scheduled activity, as it lost its point.
+ if (strlen(mXpcActivityName)) {
+ xpc_activity_unregister(mXpcActivityName);
+ }
+
+ // copy the original context into our own mutable dictionary and replace
+ // (or assign) the feedback entry within it to our multi-receiver
+ // feedback relay block
+ CFRef<CFMutableDictionaryRef> contextOverride = makeCFMutableDictionary(context);
+ CFDictionaryRemoveValue(contextOverride.get(), kSecAssessmentContextKeyFeedback);
+ CFDictionaryAddValue(contextOverride.get(), kSecAssessmentContextKeyFeedback, relayFeedback);
+
+ try {
+ // perform the evaluation
+ switch (mType) {
+ case kAuthorityExecute:
+ mPolicyEngine->evaluateCode(mPath.get(), kAuthorityExecute, flags, contextOverride.get(), mResult.get(), true);
+ break;
+ case kAuthorityInstall:
+ mPolicyEngine->evaluateInstall(mPath.get(), flags, contextOverride.get(), mResult.get());
+ break;
+ case kAuthorityOpenDoc:
+ mPolicyEngine->evaluateDocOpen(mPath.get(), flags, contextOverride.get(), mResult.get());
+ break;
+ default:
+ MacOSError::throwMe(errSecCSInvalidAttributeValues);
+ break;
+ }
+ } catch(...) {
+ mExceptionToRethrow = std::current_exception();
+ }
+
+ }));
+
+ // wait for the assessment to start
+ dispatch_semaphore_wait(startLock, DISPATCH_TIME_FOREVER);
+ dispatch_release(startLock);
+
+ if (lowPriority) {
+ // This whole thing is a crutch and should be handled differently.
+ // Maybe by having just one activity that just kicks off all remaining
+ // background assessments, CTS determines that it's a good time.
+
+ // reduce the bundle path name to just the app component and generate an
+ // xpc_activity identifier from it. this identifier should be smaller than
+ // 128 characters due to rdar://problem/20094806
+ string path = cfString(mPath);
+ size_t bundleNamePosition = path.rfind('/');
+ const char *bundleName = "/default";
+ if (bundleNamePosition != string::npos)
+ bundleName = path.c_str() + bundleNamePosition;
+ snprintf(mXpcActivityName, UNOFFICIAL_MAX_XPC_ID_LENGTH, "com.apple.security.assess%s", bundleName);
+
+ // schedule the assessment to be permitted to run (beyond start) -- this
+ // will either happen once we're no longer on battery power, or
+ // immediately, based on the flag value of kSecAssessmentFlagLowPriority
+ xpc_object_t criteria = xpc_dictionary_create(NULL, NULL, 0);
+ xpc_dictionary_set_bool(criteria, XPC_ACTIVITY_REPEATING, false);
+ xpc_dictionary_set_int64(criteria, XPC_ACTIVITY_DELAY, 0);
+ xpc_dictionary_set_int64(criteria, XPC_ACTIVITY_GRACE_PERIOD, 0);
+
+ xpc_dictionary_set_string(criteria, XPC_ACTIVITY_PRIORITY, XPC_ACTIVITY_PRIORITY_MAINTENANCE);
+ xpc_dictionary_set_bool(criteria, XPC_ACTIVITY_ALLOW_BATTERY, false);
+
+ xpc_activity_register(mXpcActivityName, criteria, ^(xpc_activity_t activity) {
+ dispatch_once(&mAssessmentKicked, ^{
+ dispatch_semaphore_signal(mAssessmentLock);
+ });
+ });
+ xpc_release(criteria);
+ }
+ }
+
+ // If this is a foreground assessment to begin with, or if an assessment
+ // with an existing task has been requested in the foreground, kick it
+ // immediately.
+ if (!lowPriority) {
+ dispatch_once(&mAssessmentKicked, ^{
+ dispatch_semaphore_signal(mAssessmentLock);
+ });
+ }
+}
+
+
+
+void EvaluationTask::waitForCompletion(SecAssessmentFlags flags, CFMutableDictionaryRef result)
+{
+ // if the caller didn't request low priority we will elevate the dispatch
+ // queue priority via our wait block
+ dispatch_qos_class_t qos_class = QOS_CLASS_USER_INITIATED;
+ if (flags & kSecAssessmentFlagLowPriority)
+ qos_class = QOS_CLASS_UTILITY;
+
+ // wait for the assessment to complete; our wait block will queue up behind
+ // the assessment and the copy its results
+ dispatch_sync(mWorkQueue, dispatch_block_create_with_qos_class (DISPATCH_BLOCK_ENFORCE_QOS_CLASS, qos_class, 0, ^{
+ // copy the class result back to the caller
+ cfDictionaryApplyBlock(mResult.get(), ^(const void *key, const void *value){
+ CFDictionaryAddValue(result, key, value);
+ });
+ }));
+
+ if (mExceptionToRethrow) std::rethrow_exception(mExceptionToRethrow);
+}
+
+
+
+#pragma mark -
+
+
+static Boolean evaluationTasksAreEqual(const EvaluationTask *task1, const EvaluationTask *task2)
+{
+ if (!task1->isSharable() || !task2->isSharable()) return false;
+ if ((task1->type() != task2->type()) ||
+ (cfString(task1->path()) != cfString(task2->path())))
+ return false;
+
+ return true;
+}
+
+
+
+
+#pragma mark - EvaluationManager
+
+
+EvaluationManager *EvaluationManager::globalManager()
+{
+ static EvaluationManager *singleton;
+ static dispatch_once_t onceToken;
+ dispatch_once(&onceToken, ^{
+ singleton = new EvaluationManager();
+ });
+ return singleton;
+}
+
+
+EvaluationManager::EvaluationManager()
+{
+ static CFDictionaryValueCallBacks evalTaskValueCallbacks = kCFTypeDictionaryValueCallBacks;
+ evalTaskValueCallbacks.equal = (CFDictionaryEqualCallBack)evaluationTasksAreEqual;
+ evalTaskValueCallbacks.retain = NULL;
+ evalTaskValueCallbacks.release = NULL;
+ mCurrentEvaluations.take(
+ CFDictionaryCreateMutable(NULL,
+ 0,
+ &kCFTypeDictionaryKeyCallBacks,
+ &evalTaskValueCallbacks));
+
+ mListLockQueue = dispatch_queue_create("EvaluationManagerSyncronization", 0);
+}
+
+
+EvaluationManager::~EvaluationManager()
+{
+ dispatch_release(mListLockQueue);
+}
+
+
+EvaluationTask *EvaluationManager::evaluationTask(PolicyEngine *engine, CFURLRef path, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result)
+{
+ __block EvaluationTask *evalTask = NULL;
+
+ dispatch_sync(mListLockQueue, ^{
+ // is path already being evaluated?
+ if (!(flags & kSecAssessmentFlagIgnoreActiveAssessments))
+ evalTask = (EvaluationTask *)CFDictionaryGetValue(mCurrentEvaluations.get(), path);
+ if (!evalTask) {
+ // create a new task for the evaluation
+ evalTask = new EvaluationTask(engine, path, type);
+ if (flags & kSecAssessmentFlagIgnoreActiveAssessments)
+ evalTask->setUnsharable();
+ CFDictionaryAddValue(mCurrentEvaluations.get(), path, evalTask);
+ }
+ evalTask->mReferenceCount++;
+ });
+
+ if (evalTask)
+ evalTask->performEvaluation(flags, context);
+
+ return evalTask;
+}
+
+
+void EvaluationManager::waitForCompletion(EvaluationTask *task, SecAssessmentFlags flags, CFMutableDictionaryRef result)
+{
+ task->waitForCompletion(flags, result);
+}
+
+
+void EvaluationManager::removeTask(EvaluationTask *task)
+{
+ dispatch_sync(mListLockQueue, ^{
+ // are we done with this evaluation task?
+ if (--task->mReferenceCount == 0) {
+ // yes -- remove it from our list and delete the object
+ CFDictionaryRemoveValue(mCurrentEvaluations.get(), task->path());
+ delete task;
+ }
+ });
+}
+
+
+
+} // end namespace CodeSigning
+} // end namespace Security
+
projects / apple / security.git / blobdiff