Security-59306.120.7.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / Code.cpp
diff --git a/OSX/libsecurity_codesigning/lib/Code.cpp b/OSX/libsecurity_codesigning/lib/Code.cpp

index 3194bf3dfe638aac0b8666d7bfe6f83b01cf94b1..712b2ff4cf0f4bfa67f56ac2c826376ce5ec3968 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/Code.cpp
+++ b/OSX/libsecurity_codesigning/lib/Code.cpp
@@ -26,10 +26,10 @@
  //
  #include "Code.h"
  #include "StaticCode.h"
  //
  #include "Code.h"
  #include "StaticCode.h"
-#include <Security/SecCodeHost.h>
  #include "cskernel.h"
  #include <security_utilities/cfmunge.h>
  #include <security_utilities/debugging.h>
  #include "cskernel.h"
  #include <security_utilities/cfmunge.h>
  #include <security_utilities/debugging.h>
+#include "SecInternalReleasePriv.h"
  
  namespace Security {
  namespace CodeSigning {
  
  namespace Security {
  namespace CodeSigning {
@@ -206,13 +206,27 @@ void SecCode::checkValidity(SecCSFlags flags)
  
         // check my static state
         myDisk->validateNonResourceComponents();        // also validates the CodeDirectory
  
         // check my static state
         myDisk->validateNonResourceComponents();        // also validates the CodeDirectory
-       if (flags & kSecCSStrictValidate)
+       if (flags & kSecCSStrictValidate) {
                 myDisk->diskRep()->strictValidate(myDisk->codeDirectory(), DiskRep::ToleratedErrors(), flags);
                 myDisk->diskRep()->strictValidate(myDisk->codeDirectory(), DiskRep::ToleratedErrors(), flags);
+       } else if (flags & kSecCSStrictValidateStructure) {
+               myDisk->diskRep()->strictValidateStructure(myDisk->codeDirectory(), DiskRep::ToleratedErrors(), flags);
+       }
  
         // check my own dynamic state
  
         // check my own dynamic state
-       if (!(this->host()->getGuestStatus(this) & kSecCodeStatusValid))
-               MacOSError::throwMe(errSecCSGuestInvalid);
-       
+       SecCodeStatus dynamic_status = this->host()->getGuestStatus(this);
+       bool isValid = (dynamic_status & kSecCodeStatusValid) != 0;
+       if (!isValid) {
+               bool isDebugged = (dynamic_status & kSecCodeStatusDebugged) != 0;
+               bool isPlatform = (dynamic_status & kSecCodeStatusPlatform) != 0;
+               bool isInternal = SecIsInternalRelease();
+
+               if (!isDebugged || (isPlatform && !isInternal)) {
+                       // fatal if the code is invalid and not being debugged, but
+                       // never let platform code be debugged except on internal systems.
+                       MacOSError::throwMe(errSecCSGuestInvalid);
+               }
+       }
+
         // check that static and dynamic views are consistent
         if (this->cdHash() && !CFEqual(this->cdHash(), myDisk->cdHash()))
                 MacOSError::throwMe(errSecCSStaticCodeChanged);
         // check that static and dynamic views are consistent
         if (this->cdHash() && !CFEqual(this->cdHash(), myDisk->cdHash()))
                 MacOSError::throwMe(errSecCSStaticCodeChanged);
@@ -255,13 +269,14 @@ void SecCode::changeGuestStatus(SecCode *guest, SecCodeStatusOperation operation
  //
  SecCode *SecCode::autoLocateGuest(CFDictionaryRef attributes, SecCSFlags flags)
  {
  //
  SecCode *SecCode::autoLocateGuest(CFDictionaryRef attributes, SecCSFlags flags)
  {
+#if TARGET_OS_OSX
         // special case: with no attributes at all, return the root of trust
         if (CFDictionaryGetCount(attributes) == 0)
                 return KernelCode::active()->retain();
         
         // special case: with no attributes at all, return the root of trust
         if (CFDictionaryGetCount(attributes) == 0)
                 return KernelCode::active()->retain();
         
-       // main logic: we need a pid, and we'll take a canonical guest id as an option
-       int pid = 0;
-       if (!cfscan(attributes, "{%O=%d}", kSecGuestAttributePid, &pid))
+       // main logic: we need a pid or audit trailer; everything else goes to the guests
+       if (CFDictionaryGetValue(attributes, kSecGuestAttributePid) == NULL
+               && CFDictionaryGetValue(attributes, kSecGuestAttributeAudit) == NULL)
                 CSError::throwMe(errSecCSUnsupportedGuestAttributes, kSecCFErrorGuestAttributes, attributes);
         if (SecCode *process =
                         KernelCode::active()->locateGuest(attributes)) {
                 CSError::throwMe(errSecCSUnsupportedGuestAttributes, kSecCFErrorGuestAttributes, attributes);
         if (SecCode *process =
                         KernelCode::active()->locateGuest(attributes)) {
@@ -271,6 +286,7 @@ SecCode *SecCode::autoLocateGuest(CFDictionaryRef attributes, SecCSFlags flags)
                         // might be a code host. Let's find out
                         CFRef<CFMutableDictionaryRef> rest = makeCFMutableDictionary(attributes);
                         CFDictionaryRemoveValue(rest, kSecGuestAttributePid);
                         // might be a code host. Let's find out
                         CFRef<CFMutableDictionaryRef> rest = makeCFMutableDictionary(attributes);
                         CFDictionaryRemoveValue(rest, kSecGuestAttributePid);
+                       CFDictionaryRemoveValue(rest, kSecGuestAttributeAudit);
                         if (SecCode *guest = code->locateGuest(rest))
                                 return guest;
                 }
                         if (SecCode *guest = code->locateGuest(rest))
                                 return guest;
                 }
@@ -279,6 +295,7 @@ SecCode *SecCode::autoLocateGuest(CFDictionaryRef attributes, SecCSFlags flags)
                         return code.yield();
                 }
         }
                         return code.yield();
                 }
         }
+#endif // TARGET_OS_OSX
         MacOSError::throwMe(errSecCSNoSuchCode);
  }
  
         MacOSError::throwMe(errSecCSNoSuchCode);
  }