X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/ce3c8656732c924baf7e88df75eab50891bdc471..fa7225c82381bac4432a6edf16f53b5370238d85:/OSX/libsecurity_codesigning/CodeSigningHelper/main.cpp?ds=sidebyside diff --git a/OSX/libsecurity_codesigning/CodeSigningHelper/main.cpp b/OSX/libsecurity_codesigning/CodeSigningHelper/main.cpp new file mode 100644 index 00000000..be200db3 --- /dev/null +++ b/OSX/libsecurity_codesigning/CodeSigningHelper/main.cpp @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +#include +#include +#include +#include +#include +#include +#include +#include "codedirectory.h" + + + +static void +request(xpc_connection_t peer, xpc_object_t event) +{ + OSStatus rc; + + pid_t pid = (pid_t)xpc_dictionary_get_int64(event, "pid"); + if (pid <= 0) + return; + + xpc_object_t reply = xpc_dictionary_create_reply(event); + if (reply == NULL) + return; + + CFTemp attributes("{%O=%d}", kSecGuestAttributePid, pid); + CFRef code; + if ((rc = SecCodeCopyGuestWithAttributes(NULL, attributes, kSecCSDefaultFlags, &code.aref())) == noErr) { + + // path to base of client code + CFRef codePath; + if ((rc = SecCodeCopyPath(code, kSecCSDefaultFlags, &codePath.aref())) == noErr) { + CFRef data = CFURLCreateData(NULL, codePath, kCFStringEncodingUTF8, true); + xpc_dictionary_set_data(reply, "bundleURL", CFDataGetBytePtr(data), CFDataGetLength(data)); + } + + // if the caller wants the Info.plist, get it and verify the hash passed by the caller + size_t iphLength; + if (const void *iphash = xpc_dictionary_get_data(event, "infohash", &iphLength)) { + if (CFRef data = SecCodeCopyComponent(code, Security::CodeSigning::cdInfoSlot, CFTempData(iphash, iphLength))) { + xpc_dictionary_set_data(reply, "infoPlist", CFDataGetBytePtr(data), CFDataGetLength(data)); + } + } + } + xpc_connection_send_message(peer, reply); + xpc_release(reply); +} + + +static void CodeSigningHelper_peer_event_handler(xpc_connection_t peer, xpc_object_t event) +{ + xpc_type_t type = xpc_get_type(event); + if (type == XPC_TYPE_ERROR) + return; + + assert(type == XPC_TYPE_DICTIONARY); + + const char *cmd = xpc_dictionary_get_string(event, "command"); + if (cmd == NULL) { + xpc_connection_cancel(peer); + } else if (strcmp(cmd, "fetchData") == 0) + request(peer, event); + else { + Syslog::error("peer sent invalid command %s", cmd); + xpc_connection_cancel(peer); + } +} + + +static void CodeSigningHelper_event_handler(xpc_connection_t peer) +{ + xpc_connection_set_event_handler(peer, ^(xpc_object_t event) { + CodeSigningHelper_peer_event_handler(peer, event); + }); + xpc_connection_resume(peer); +} + +int main(int argc, const char *argv[]) +{ + char *error = NULL; + if (sandbox_init("com.apple.CodeSigningHelper", SANDBOX_NAMED, &error)) { + Syslog::error("failed to enter sandbox: %s", error); + exit(EXIT_FAILURE); + } + xpc_main(CodeSigningHelper_event_handler); + return 0; +}