+++ /dev/null
-/*
- * Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-#ifndef _SECURITY_MANIFEST_H_
-#define _SECURITY_MANIFEST_H_
-
-
-#include <Security/Security.h>
-#include <security_utilities/security_utilities.h>
-#include <security_utilities/cfclass.h>
-#include <security_cdsa_client/cspclient.h>
-#include "SecManifest.h"
-#include <vector>
-#include <set>
-
-
-// note: The error range for the file signing library is -22040 through -22079
-
-class ManifestItem;
-
-class CSSMInitializer
-{
-protected:
- static ModuleNexus<CSSMInitializer> mInstance;
-
- CssmClient::Module mModule;
- CssmClient::CSP mCSP;
-
-public:
- CSSMInitializer ();
- ~CSSMInitializer ();
-
- static CssmClient::CSP* GetCSP ();
-};
-
-
-
-const int kSHA1DigestSize = 20;
-typedef unsigned char SHA1Digest[kSHA1DigestSize];
-
-typedef std::set<std::string> StringSet;
-
-class ManifestItemList : private std::vector<ManifestItem*>
-{
-private:
-
-friend class FileSystemItemList;
-
- typedef std::vector<ManifestItem*> ParentClass;
-
- void ConvertToStringSet (const char* path, CFArrayRef array, StringSet& stringSet);
-
-protected:
- void DecodeURL (CFURLRef url, char *pathBuffer, CFIndex maxBufLen);
- void AddDataObject (CFDataRef data);
-
-public:
- ManifestItemList ();
- ~ManifestItemList ();
-
- void AddFileSystemObject (char* path, StringSet& exceptions, bool isRoot, bool hasAppleDoubleResourceFork);
- void AddObject (CFTypeRef object, CFArrayRef exceptionList);
-
- using ParentClass::push_back;
- using ParentClass::size;
- // using ParentClass::operator[];
-
- ManifestItem* operator[] (int n) {return ParentClass::operator[] (n);}
-};
-
-
-
-class FileSystemItemList : public ManifestItemList
-{
-public:
- void Compare (FileSystemItemList &itemList, bool compareOwnerAndGroup);
-};
-
-
-
-class RootItemList : public ManifestItemList
-{
-public:
- void Compare (RootItemList& itemList, bool compareOwnerAndGroup);
-};
-
-
-
-class ManifestInternal
-{
-protected:
- RootItemList mManifestItems;
-
-public:
- ManifestInternal ();
-
- virtual ~ManifestInternal ();
-
- ManifestItemList& GetItemList () {return mManifestItems;}
-
- static void CompareManifests (ManifestInternal& m1, ManifestInternal& m2, SecManifestCompareOptions options);
-};
-
-
-
-enum ManifestItemType {kManifestDataBlobItemType, kManifestFileItemType, kManifestDirectoryItemType, kManifestSymLinkItemType,
- kManifestOtherType};
-
-// base class for our internal object representation
-class ManifestItem
-{
-public:
- virtual ~ManifestItem ();
-
- virtual ManifestItemType GetItemType () = 0;
- virtual void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup) = 0;
-};
-
-
-
-class ManifestDataBlobItem : public ManifestItem
-{
-protected:
- SHA1Digest mSHA1Digest;
- size_t mLength;
-
-public:
- ManifestDataBlobItem ();
- virtual ~ManifestDataBlobItem ();
-
- ManifestItemType GetItemType ();
-
- const SHA1Digest* GetDigest ();
- void SetDigest (const SHA1Digest *sha1Digest);
- size_t GetLength ();
- void SetLength (size_t length);
- void Compare (ManifestItem* item, bool compareOwnerAndGroup);
-};
-
-
-
-class FileSystemEntryItem : public ManifestItem
-{
-protected:
- std::string mPath, mName;
- uid_t mUserID;
- gid_t mGroupID;
- mode_t mMode;
-
-public:
- FileSystemEntryItem ();
- virtual ~FileSystemEntryItem ();
-
- void SetName (char* name);
- void SetPath (char* path);
- void SetUID (uid_t uid);
- void SetGID (gid_t gid);
- void SetMode (mode_t mode);
-
- const char* GetName () const;
- const std::string& GetNameAsString () const {return mName;}
- uid_t GetUID () const;
- gid_t GetGID () const;
- mode_t GetMode () const;
-
- void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
-};
-
-
-
-const int kMaxForks = 2;
-
-class ManifestFileItem : public FileSystemEntryItem
-{
-protected:
- SHA1Digest mDigest[kMaxForks];
- size_t mFileLengths[kMaxForks];
-
- bool FileSystemHasTrueForks (char* pathToFile);
- bool HasResourceFork (char* path, std::string &pathName, struct stat &st);
- std::string ResourceFileName (char* path);
- bool FileIsMachOBinary (char* path);
- void ComputeDigestForFile (char* path, SHA1Digest &digest, size_t &length, struct stat &st);
- void ComputeDigestForAppleDoubleResourceFork (char* path, SHA1Digest &digest, size_t &length);
-
- int mNumForks;
-
-public:
- ManifestFileItem ();
- virtual ~ManifestFileItem ();
-
- u_int32_t GetNumberOfForks ();
- void SetNumberOfForks (u_int32_t numForks);
- void ComputeRepresentations (struct stat &st, bool hasAppleDoubleResourceFork);
- void GetItemRepresentation (int whichFork, void* &itemRep, size_t &size);
- void SetItemRepresentation (int whichFork, const void* itemRep, size_t size);
- void SetForkLength (int whichFork, size_t length);
- size_t GetForkLength (int whichFork);
-
- ManifestItemType GetItemType ();
-
- void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
-};
-
-
-
-class ManifestDirectoryItem : public FileSystemEntryItem
-{
-protected:
- FileSystemItemList mDirectoryItems;
-
-public:
- ManifestDirectoryItem ();
- virtual ~ManifestDirectoryItem ();
-
- void SetPath (char* path, StringSet &exceptions, bool isRoot);
- ManifestItemType GetItemType ();
- ManifestItemList& GetItemList () {return mDirectoryItems;}
-
- void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
-};
-
-
-
-class ManifestSymLinkItem : public FileSystemEntryItem
-{
-protected:
- std::string mContent;
- SHA1Digest mDigest;
-
-public:
- ManifestSymLinkItem ();
- virtual ~ManifestSymLinkItem ();
-
- const SHA1Digest* GetDigest ();
- void SetDigest (const SHA1Digest* sha1Digest);
- void ComputeRepresentation ();
- ManifestItemType GetItemType ();
-
- void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
-};
-
-
-
-class ManifestOtherItem : public FileSystemEntryItem
-{
-protected:
- std::string mPath, mName;
-
-public:
- ManifestOtherItem ();
- virtual ~ManifestOtherItem ();
-
- ManifestItemType GetItemType ();
-
- void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup);
-};
-
-#endif
projects / apple / security.git / blobdiff