X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/e3d460c9de4426da6c630c3ae3f46173a99f82d8..dd5fb164cf5b32c462296bc65e289e100f74b59a:/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp

diff --git a/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp b/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp
index 18625c27..3d96abd0 100644
--- a/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp
@@ -105,7 +105,6 @@ OSStatus SecStaticCodeCheckValidity(SecStaticCodeRef staticCodeRef, SecCSFlags f
 OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, SecCSFlags flags,
 	SecRequirementRef requirementRef, CFErrorRef *errors)
 {
-#if !SECTRUST_OSX
 	BEGIN_CSAPI
 
 	checkFlags(flags,
@@ -114,13 +113,15 @@ OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, Se
 		| kSecCSDoNotValidateExecutable
 		| kSecCSDoNotValidateResources
 		| kSecCSConsiderExpiration
-        | kSecCSEnforceRevocationChecks
+		| kSecCSEnforceRevocationChecks
 		| kSecCSNoNetworkAccess
 		| kSecCSCheckNestedCode
 		| kSecCSStrictValidate
+		| kSecCSRestrictSidebandData
 		| kSecCSCheckGatekeeperArchitectures
 		| kSecCSRestrictSymlinks
 		| kSecCSRestrictToAppLike
+        | kSecCSUseSoftwareSigningCert
 	);
 
 	if (errors)
@@ -132,57 +133,21 @@ OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, Se
 	DTRACK(CODESIGN_EVAL_STATIC, code, (char*)code->mainExecutablePath().c_str());
 	code->staticValidate(flags, req);
 
-	END_CSAPI_ERRORS
-#else
-#warning resolve before enabling SECTRUST_OSX: <rdar://21328880>
-	OSStatus result = errSecSuccess;
-	const char *func = "SecStaticCodeCheckValidity";
-	CFErrorRef localErrors = NULL;
-	if (!errors) { errors = &localErrors; }
-	try {
-		checkFlags(flags,
-			  kSecCSReportProgress
-			| kSecCSCheckAllArchitectures
-			| kSecCSDoNotValidateExecutable
-			| kSecCSDoNotValidateResources
-			| kSecCSConsiderExpiration
-			| kSecCSEnforceRevocationChecks
-			| kSecCSNoNetworkAccess
-			| kSecCSCheckNestedCode
-			| kSecCSStrictValidate
-			| kSecCSCheckGatekeeperArchitectures
-		);
-
-		if (errors)
-			flags |= kSecCSFullReport;	// internal-use flag
-
-		SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(staticCodeRef);
-		code->setValidationFlags(flags);
-		const SecRequirement *req = SecRequirement::optional(requirementRef);
-		DTRACK(CODESIGN_EVAL_STATIC, code, (char*)code->mainExecutablePath().c_str());
-		code->staticValidate(flags, req);
-	}
-	catch (...) {
-		// the actual error being thrown is not being caught by any of the
-		// type-specific blocks contained in the END_CSAPI_ERRORS macro,
-		// so we only have the catch-all block here for now.
-		result = errSecCSInternalError;
-	}
+#if TARGET_OS_IPHONE
+    // Everything checked out correctly but we need to make sure that when
+    // we validated the code directory, we trusted the signer.  We defer this
+    // until now because the caller may still trust the signer via a
+    // provisioning profile so if we prematurely throw an error when validating
+    // the directory, we potentially skip resource validation even though the
+    // caller will go on to trust the signature
+    // <rdar://problem/6075501> Applications that are validated against a provisioning profile do not have their resources checked
+    if (code->trustedSigningCertChain() == false) {
+        return CSError::cfError(errors, errSecCSSignatureUntrusted);
+    }
+#endif
 
-	if (errors && *errors) {
-		CFShow(errors);
-		CFRelease(errors);
-		*errors = NULL;
-	}
-	if (result == errSecCSInternalError) {
-	#if !NDEBUG
-		Security::Syslog::error("WARNING: %s ignored error %d", func, (int)result);
-	#endif
-		result = errSecSuccess;
-	}
-	return result;
 
-#endif
+	END_CSAPI_ERRORS
 }
 
 
@@ -272,7 +237,7 @@ OSStatus SecCodeMapMemory(SecStaticCodeRef codeRef, SecCSFlags flags)
 	checkFlags(flags);
 	SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
 	if (const CodeDirectory *cd = code->codeDirectory(false)) {
-		fsignatures args = { code->diskRep()->signingBase(), (void *)cd, cd->length() };
+		fsignatures args = { static_cast<off_t>(code->diskRep()->signingBase()), (void *)cd, cd->length() };
 		UnixError::check(::fcntl(code->diskRep()->fd(), F_ADDSIGS, &args));
 	} else
 		MacOSError::throwMe(errSecCSUnsigned);
@@ -323,3 +288,36 @@ OSStatus SecStaticCodeCancelValidation(SecStaticCodeRef codeRef, SecCSFlags flag
 
 	END_CSAPI
 }
+
+
+//
+// Retrieve a component object for a special slot directly.
+//
+CFDataRef SecCodeCopyComponent(SecCodeRef codeRef, int slot, CFDataRef hash)
+{
+	BEGIN_CSAPI
+	
+	SecStaticCode* code = SecStaticCode::requiredStatic(codeRef);
+	return code->copyComponent(slot, hash);
+	
+	END_CSAPI1(NULL)
+}
+
+
+//
+// Validate a single plain file's resource seal against a memory copy.
+// This will fail for any other file type (symlink, directory, nested code, etc. etc.)
+//
+OSStatus SecCodeValidateFileResource(SecStaticCodeRef codeRef, CFStringRef relativePath, CFDataRef fileData, SecCSFlags flags)
+{
+    BEGIN_CSAPI
+    
+    checkFlags(0);
+    if (fileData == NULL)
+        MacOSError::throwMe(errSecCSObjectRequired);
+    SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
+    code->validatePlainMemoryResource(cfString(relativePath), fileData, flags);
+    
+    END_CSAPI
+    
+}