]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/kern_cs.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-4570.41.2.tar.gz
[apple/xnu.git] / bsd / kern / kern_cs.c
CommitLineData
39236c6e
A		 1/*
2 * Copyright (c) 2000-2012 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29#include <sys/types.h>
30#include <sys/param.h>
31#include <sys/systm.h>
32#include <sys/kernel.h>
33#include <sys/proc_internal.h>
34#include <sys/sysctl.h>
35#include <sys/signal.h>
36#include <sys/signalvar.h>
37#include <sys/codesign.h>
38
39#include <sys/fcntl.h>
40#include <sys/file.h>
fe8ab488 41#include <sys/file_internal.h>
39236c6e
A		 42#include <sys/kauth.h>
43#include <sys/mount.h>
44#include <sys/msg.h>
45#include <sys/proc.h>
46#include <sys/socketvar.h>
47#include <sys/vnode.h>
48#include <sys/vnode_internal.h>
49
50#include <sys/ubc.h>
51#include <sys/ubc_internal.h>
52
53#include <security/mac.h>
54#include <security/mac_policy.h>
55#include <security/mac_framework.h>
56
57#include <mach/mach_types.h>
58#include <mach/vm_map.h>
59#include <mach/mach_vm.h>
60
61#include <kern/kern_types.h>
62#include <kern/task.h>
63
64#include <vm/vm_map.h>
65#include <vm/vm_kern.h>
66
39236c6e
A		 67
68#include <kern/assert.h>
69
70#include <pexpert/pexpert.h>
71
15129b1c
A		 72#include <mach/shared_region.h>
73
4bd07ac2
A		 74#include <libkern/section_keywords.h>
75
39236c6e
A		 76unsigned long cs_procs_killed = 0;
77unsigned long cs_procs_invalidated = 0;
78
79int cs_force_kill = 0;
80int cs_force_hard = 0;
81int cs_debug = 0;
82#if SECURE_KERNEL
3e170ce0
A		 83const int cs_enforcement_enable = 1;
84const int cs_library_val_enable = 1;
85#else /* !SECURE_KERNEL */
86int cs_enforcement_panic=0;
5ba3f43e 87int cs_relax_platform_task_ports = 0;
3e170ce0 88
39236c6e 89#if CONFIG_ENFORCE_SIGNED_CODE
4bd07ac2 90#define DEFAULT_CS_ENFORCEMENT_ENABLE 1
39236c6e 91#else
4bd07ac2 92#define DEFAULT_CS_ENFORCEMENT_ENABLE 0
3e170ce0 93#endif
4bd07ac2 94SECURITY_READ_ONLY_LATE(int) cs_enforcement_enable = DEFAULT_CS_ENFORCEMENT_ENABLE;
fe8ab488
A		 95
96#if CONFIG_ENFORCE_LIBRARY_VALIDATION
4bd07ac2 97#define DEFAULT_CS_LIBRARY_VA_ENABLE 1
fe8ab488 98#else
4bd07ac2 99#define DEFAULT_CS_LIBRARY_VA_ENABLE 0
3e170ce0 100#endif
4bd07ac2 101SECURITY_READ_ONLY_LATE(int) cs_library_val_enable = DEFAULT_CS_LIBRARY_VA_ENABLE;
fe8ab488 102
3e170ce0 103#endif /* !SECURE_KERNEL */
39236c6e
A		 104int cs_all_vnodes = 0;
105
106static lck_grp_t *cs_lockgrp;
39236c6e
A		 107
108SYSCTL_INT(_vm, OID_AUTO, cs_force_kill, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_force_kill, 0, "");
109SYSCTL_INT(_vm, OID_AUTO, cs_force_hard, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_force_hard, 0, "");
110SYSCTL_INT(_vm, OID_AUTO, cs_debug, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_debug, 0, "");
111
112SYSCTL_INT(_vm, OID_AUTO, cs_all_vnodes, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_all_vnodes, 0, "");
113
114#if !SECURE_KERNEL
115SYSCTL_INT(_vm, OID_AUTO, cs_enforcement, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_enforcement_enable, 0, "");
116SYSCTL_INT(_vm, OID_AUTO, cs_enforcement_panic, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_enforcement_panic, 0, "");
3e170ce0
A		 117
118#if !CONFIG_ENFORCE_LIBRARY_VALIDATION
119SYSCTL_INT(_vm, OID_AUTO, cs_library_validation, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_library_val_enable, 0, "");
39236c6e 120#endif
3e170ce0 121#endif /* !SECURE_KERNEL */
39236c6e 122
15129b1c 123int panic_on_cs_killed = 0;
5ba3f43e 124
39236c6e
A		 125void
126cs_init(void)
127{
fe8ab488 128#if MACH_ASSERT && __x86_64__
15129b1c 129 panic_on_cs_killed = 1;
fe8ab488 130#endif /* MACH_ASSERT && __x86_64__ */
15129b1c
A		 131 PE_parse_boot_argn("panic_on_cs_killed", &panic_on_cs_killed,
132 sizeof (panic_on_cs_killed));
39236c6e
A		 133#if !SECURE_KERNEL
134 int disable_cs_enforcement = 0;
135 PE_parse_boot_argn("cs_enforcement_disable", &disable_cs_enforcement,
136 sizeof (disable_cs_enforcement));
137 if (disable_cs_enforcement) {
138 cs_enforcement_enable = 0;
139 } else {
140 int panic = 0;
141 PE_parse_boot_argn("cs_enforcement_panic", &panic, sizeof(panic));
142 cs_enforcement_panic = (panic != 0);
143 }
144
5ba3f43e
A		 145 PE_parse_boot_argn("cs_relax_platform_task_ports",
146 &cs_relax_platform_task_ports,
147 sizeof(cs_relax_platform_task_ports));
148
39236c6e 149 PE_parse_boot_argn("cs_debug", &cs_debug, sizeof (cs_debug));
3e170ce0
A		 150
151#if !CONFIG_ENFORCE_LIBRARY_VALIDATION
152 PE_parse_boot_argn("cs_library_val_enable", &cs_library_val_enable,
153 sizeof (cs_library_val_enable));
39236c6e 154#endif
3e170ce0
A		 155#endif /* !SECURE_KERNEL */
156
39236c6e
A		 157 lck_grp_attr_t *attr = lck_grp_attr_alloc_init();
158 cs_lockgrp = lck_grp_alloc_init("KERNCS", attr);
39037602 159 lck_grp_attr_free(attr);
39236c6e
A		 160}
161
162int
163cs_allow_invalid(struct proc *p)
164{
165#if MACH_ASSERT
166 lck_mtx_assert(&p->p_mlock, LCK_MTX_ASSERT_NOTOWNED);
167#endif
168#if CONFIG_MACF && CONFIG_ENFORCE_SIGNED_CODE
169 /* There needs to be a MAC policy to implement this hook, or else the
170 * kill bits will be cleared here every time. If we have
171 * CONFIG_ENFORCE_SIGNED_CODE, we can assume there is a policy
172 * implementing the hook.
173 */
174 if( 0 != mac_proc_check_run_cs_invalid(p)) {
175 if(cs_debug) printf("CODE SIGNING: cs_allow_invalid() "
176 "not allowed: pid %d\n",
177 p->p_pid);
178 return 0;
179 }
180 if(cs_debug) printf("CODE SIGNING: cs_allow_invalid() "
181 "allowed: pid %d\n",
182 p->p_pid);
183 proc_lock(p);
184 p->p_csflags &= ~(CS_KILL | CS_HARD);
490019cf
A		 185 if (p->p_csflags & CS_VALID)
186 {
187 p->p_csflags |= CS_DEBUGGED;
188 }
5ba3f43e 189
39236c6e 190 proc_unlock(p);
5ba3f43e 191
39236c6e
A		 192 vm_map_switch_protect(get_task_map(p->task), FALSE);
193#endif
194 return (p->p_csflags & (CS_KILL | CS_HARD)) == 0;
195}
196
197int
39037602 198cs_invalid_page(addr64_t vaddr, boolean_t *cs_killed)
39236c6e
A		 199{
200 struct proc *p;
201 int send_kill = 0, retval = 0, verbose = cs_debug;
202 uint32_t csflags;
203
204 p = current_proc();
205
39236c6e
A		 206 if (verbose)
207 printf("CODE SIGNING: cs_invalid_page(0x%llx): p=%d[%s]\n",
208 vaddr, p->p_pid, p->p_comm);
209
210 proc_lock(p);
211
212 /* XXX for testing */
213 if (cs_force_kill)
214 p->p_csflags |= CS_KILL;
215 if (cs_force_hard)
216 p->p_csflags |= CS_HARD;
217
218 /* CS_KILL triggers a kill signal, and no you can't have the page. Nothing else. */
219 if (p->p_csflags & CS_KILL) {
220 p->p_csflags |= CS_KILLED;
221 cs_procs_killed++;
222 send_kill = 1;
223 retval = 1;
224 }
225
226 /* CS_HARD means fail the mapping operation so the process stays valid. */
227 if (p->p_csflags & CS_HARD) {
228 retval = 1;
229 } else {
230 if (p->p_csflags & CS_VALID) {
231 p->p_csflags &= ~CS_VALID;
232 cs_procs_invalidated++;
233 verbose = 1;
234 }
235 }
236 csflags = p->p_csflags;
237 proc_unlock(p);
238
fe8ab488 239 if (verbose)
39236c6e 240 printf("CODE SIGNING: cs_invalid_page(0x%llx): "
15129b1c 241 "p=%d[%s] final status 0x%x, %s page%s\n",
39236c6e 242 vaddr, p->p_pid, p->p_comm, p->p_csflags,
15129b1c 243 retval ? "denying" : "allowing (remove VALID)",
39236c6e 244 send_kill ? " sending SIGKILL" : "");
39236c6e 245
39037602
A		 246 if (send_kill) {
247 /* We will set the exit reason for the thread later */
248 threadsignal(current_thread(), SIGKILL, EXC_BAD_ACCESS, FALSE);
249 if (cs_killed) {
250 *cs_killed = TRUE;
251 }
252 } else if (cs_killed) {
253 *cs_killed = FALSE;
254 }
39236c6e
A		 255
256
257 return retval;
258}
259
260/*
261 * Assumes p (if passed in) is locked with proc_lock().
262 */
263
264int
265cs_enforcement(struct proc *p)
266{
267
268 if (cs_enforcement_enable)
269 return 1;
270
271 if (p == NULL)
272 p = current_proc();
273
274 if (p != NULL && (p->p_csflags & CS_ENFORCEMENT))
275 return 1;
276
277 return 0;
278}
279
39037602
A		 280/*
281 * Returns whether a given process is still valid.
282 */
283int
284cs_valid(struct proc *p)
285{
286
287 if (p == NULL)
288 p = current_proc();
289
290 if (p != NULL && (p->p_csflags & CS_VALID))
291 return 1;
292
293 return 0;
294}
295
fe8ab488
A		 296/*
297 * Library validation functions
298 */
299int
300cs_require_lv(struct proc *p)
301{
302
303 if (cs_library_val_enable)
304 return 1;
305
306 if (p == NULL)
307 p = current_proc();
308
309 if (p != NULL && (p->p_csflags & CS_REQUIRE_LV))
310 return 1;
311
312 return 0;
313}
314
39037602
A		 315/*
316 * <rdar://problem/24634089> added to allow system level library
317 * validation check at mac_cred_label_update_execve time
318 */
319int
320cs_system_require_lv(void)
321{
322 return cs_library_val_enable ? 1 : 0;
323}
324
325/*
326 * Function: csblob_get_base_offset
327 *
527f9951 328 * Description: This function returns the base offset into the (possibly universal) binary
39037602
A		 329 * for a given blob.
330*/
331
332off_t
333csblob_get_base_offset(struct cs_blob *blob)
334{
335 return blob->csb_base_offset;
336}
337
338/*
339 * Function: csblob_get_size
340 *
341 * Description: This function returns the size of a given blob.
342*/
343
344vm_size_t
345csblob_get_size(struct cs_blob *blob)
346{
347 return blob->csb_mem_size;
348}
349
350/*
351 * Function: csblob_get_addr
352 *
353 * Description: This function returns the address of a given blob.
354*/
355
356vm_address_t
357csblob_get_addr(struct cs_blob *blob)
358{
359 return blob->csb_mem_kaddr;
360}
361
fe8ab488 362/*
3e170ce0 363 * Function: csblob_get_platform_binary
fe8ab488 364 *
3e170ce0
A		 365 * Description: This function returns true if the binary is
366 * in the trust cache.
fe8ab488 367*/
fe8ab488 368
3e170ce0
A		 369int
370csblob_get_platform_binary(struct cs_blob *blob)
371{
372 if (blob && blob->csb_platform_binary)
373 return 1;
374 return 0;
375}
fe8ab488 376
3e170ce0
A		 377/*
378 * Function: csblob_get_flags
379 *
380 * Description: This function returns the flags for a given blob
381*/
fe8ab488 382
3e170ce0
A		 383unsigned int
384csblob_get_flags(struct cs_blob *blob)
385{
39037602 386 return blob->csb_flags;
fe8ab488
A		 387}
388
5ba3f43e
A		 389/*
390 * Function: csblob_get_hashtype
391 *
392 * Description: This function returns the hash type for a given blob
393*/
394
395uint8_t
396csblob_get_hashtype(struct cs_blob const * const blob)
397{
398 return blob->csb_hashtype != NULL ? cs_hash_type(blob->csb_hashtype) : 0;
399}
400
fe8ab488
A		 401/*
402 * Function: csproc_get_blob
403 *
404 * Description: This function returns the cs_blob
405 * for the process p
406 */
3e170ce0 407struct cs_blob *
fe8ab488
A		 408csproc_get_blob(struct proc *p)
409{
410 if (NULL == p)
411 return NULL;
412
413 if (NULL == p->p_textvp)
414 return NULL;
415
527f9951
A		 416 if ((p->p_csflags & CS_SIGNED) == 0) {
417 return NULL;
418 }
419
fe8ab488
A		 420 return ubc_cs_blob_get(p->p_textvp, -1, p->p_textoff);
421}
422
3e170ce0 423/*
527f9951 424 * Function: csvnode_get_blob
3e170ce0
A		 425 *
426 * Description: This function returns the cs_blob
427 * for the vnode vp
428 */
429struct cs_blob *
430csvnode_get_blob(struct vnode *vp, off_t offset)
431{
432 return ubc_cs_blob_get(vp, -1, offset);
433}
434
435/*
436 * Function: csblob_get_teamid
437 *
438 * Description: This function returns a pointer to the
439 * team id of csblob
440*/
441const char *
442csblob_get_teamid(struct cs_blob *csblob)
443{
444 return csblob->csb_teamid;
445}
446
447/*
448 * Function: csblob_get_identity
449 *
450 * Description: This function returns a pointer to the
451 * identity string
452 */
453const char *
454csblob_get_identity(struct cs_blob *csblob)
455{
456 const CS_CodeDirectory *cd;
457
458 cd = (const CS_CodeDirectory *)csblob_find_blob(csblob, CSSLOT_CODEDIRECTORY, CSMAGIC_CODEDIRECTORY);
459 if (cd == NULL)
460 return NULL;
461
462 if (cd->identOffset == 0)
463 return NULL;
464
465 return ((const char *)cd) + ntohl(cd->identOffset);
466}
467
468/*
469 * Function: csblob_get_cdhash
470 *
471 * Description: This function returns a pointer to the
472 * cdhash of csblob (20 byte array)
473 */
474const uint8_t *
475csblob_get_cdhash(struct cs_blob *csblob)
476{
477 return csblob->csb_cdhash;
478}
479
5ba3f43e
A		 480/*
481 * Function: csblob_get_signer_type
482 *
483 * Description: This function returns the signer type
484 * as an integer
485 */
486unsigned int
487csblob_get_signer_type(struct cs_blob *csblob)
488{
489 return csblob->csb_signer_type;
490}
491
39037602
A		 492void *
493csblob_entitlements_dictionary_copy(struct cs_blob *csblob)
494{
495 if (!csblob->csb_entitlements) return NULL;
496 osobject_retain(csblob->csb_entitlements);
497 return csblob->csb_entitlements;
498}
499
500void
501csblob_entitlements_dictionary_set(struct cs_blob *csblob, void * entitlements)
502{
503 assert(csblob->csb_entitlements == NULL);
504 if (entitlements) osobject_retain(entitlements);
505 csblob->csb_entitlements = entitlements;
506}
507
fe8ab488
A		 508/*
509 * Function: csproc_get_teamid
510 *
511 * Description: This function returns a pointer to the
512 * team id of the process p
513*/
514const char *
515csproc_get_teamid(struct proc *p)
516{
517 struct cs_blob *csblob;
518
519 csblob = csproc_get_blob(p);
3e170ce0
A		 520 if (csblob == NULL)
521 return NULL;
fe8ab488 522
3e170ce0 523 return csblob_get_teamid(csblob);
fe8ab488
A		 524}
525
5ba3f43e
A		 526/*
527 * Function: csproc_get_signer_type
528 *
529 * Description: This function returns the signer type
530 * of the process p
531*/
532unsigned int
533csproc_get_signer_type(struct proc *p)
534{
535 struct cs_blob *csblob;
536
537 csblob = csproc_get_blob(p);
538 if (csblob == NULL)
539 return CS_SIGNER_TYPE_UNKNOWN;
540
541 return csblob_get_signer_type(csblob);
542}
543
fe8ab488
A		 544/*
545 * Function: csvnode_get_teamid
546 *
547 * Description: This function returns a pointer to the
548 * team id of the binary at the given offset in vnode vp
549*/
550const char *
551csvnode_get_teamid(struct vnode *vp, off_t offset)
552{
553 struct cs_blob *csblob;
554
555 if (vp == NULL)
556 return NULL;
557
558 csblob = ubc_cs_blob_get(vp, -1, offset);
3e170ce0
A		 559 if (csblob == NULL)
560 return NULL;
fe8ab488 561
3e170ce0 562 return csblob_get_teamid(csblob);
fe8ab488
A		 563}
564
565/*
566 * Function: csproc_get_platform_binary
567 *
568 * Description: This function returns the value
569 * of the platform_binary field for proc p
570 */
571int
572csproc_get_platform_binary(struct proc *p)
573{
574 struct cs_blob *csblob;
575
576 csblob = csproc_get_blob(p);
577
578 /* If there is no csblob this returns 0 because
579 it is true that it is not a platform binary */
580 return (csblob == NULL) ? 0 : csblob->csb_platform_binary;
581}
582
3e170ce0
A		 583int
584csproc_get_platform_path(struct proc *p)
585{
527f9951
A		 586 struct cs_blob *csblob;
587
588 csblob = csproc_get_blob(p);
3e170ce0
A		 589
590 return (csblob == NULL) ? 0 : csblob->csb_platform_path;
591}
592
5ba3f43e
A		 593#if DEVELOPMENT || DEBUG
594void
595csproc_clear_platform_binary(struct proc *p)
596{
597 struct cs_blob *csblob = csproc_get_blob(p);
598
599 if (csblob == NULL) {
600 return;
601 }
602
603 if (cs_debug) {
604 printf("clearing platform binary on proc/task: pid = %d\n", p->p_pid);
605 }
606
607 csblob->csb_platform_binary = 0;
608 csblob->csb_platform_path = 0;
609 task_set_platform_binary(proc_task(p), FALSE);
610}
611#endif
612
743345f9
A		 613/*
614 * Function: csproc_get_prod_signed
615 *
616 * Description: Returns 1 if process is not signed with a developer identity.
617 * Note the inverted meaning from the cs_flag to make the error case safer.
618 * Will go away with rdar://problem/28322552.
619 */
620int
621csproc_get_prod_signed(struct proc *p)
622{
623 return ((p->p_csflags & CS_DEV_CODE) == 0);
624}
625
626
fe8ab488
A		 627/*
628 * Function: csfg_get_platform_binary
629 *
630 * Description: This function returns the
631 * platform binary field for the
632 * fileglob fg
633 */
634int
635csfg_get_platform_binary(struct fileglob *fg)
636{
637 int platform_binary = 0;
638 struct ubc_info *uip;
639 vnode_t vp;
640
641 if (FILEGLOB_DTYPE(fg) != DTYPE_VNODE)
642 return 0;
643
644 vp = (struct vnode *)fg->fg_data;
645 if (vp == NULL)
646 return 0;
647
648 vnode_lock(vp);
649 if (!UBCINFOEXISTS(vp))
650 goto out;
651
652 uip = vp->v_ubcinfo;
653 if (uip == NULL)
654 goto out;
655
656 if (uip->cs_blobs == NULL)
657 goto out;
658
659 /* It is OK to extract the teamid from the first blob
660 because all blobs of a vnode must have the same teamid */
661 platform_binary = uip->cs_blobs->csb_platform_binary;
662out:
663 vnode_unlock(vp);
664
665 return platform_binary;
666}
667
3e170ce0
A		 668uint8_t *
669csfg_get_cdhash(struct fileglob *fg, uint64_t offset, size_t *cdhash_size)
670{
671 vnode_t vp;
672
673 if (FILEGLOB_DTYPE(fg) != DTYPE_VNODE)
674 return NULL;
675
676 vp = (struct vnode *)fg->fg_data;
677 if (vp == NULL)
678 return NULL;
679
680 struct cs_blob *csblob = NULL;
681 if ((csblob = ubc_cs_blob_get(vp, -1, offset)) == NULL)
682 return NULL;
683
684 if (cdhash_size)
685 *cdhash_size = CS_CDHASH_LEN;
686
687 return csblob->csb_cdhash;
688}
689
5ba3f43e
A		 690/*
691 * Function: csfg_get_signer_type
692 *
693 * Description: This returns the signer type
694 * for the fileglob fg
695 */
696unsigned int
697csfg_get_signer_type(struct fileglob *fg)
698{
699 struct ubc_info *uip;
700 unsigned int signer_type = CS_SIGNER_TYPE_UNKNOWN;
701 vnode_t vp;
702
703 if (FILEGLOB_DTYPE(fg) != DTYPE_VNODE)
704 return CS_SIGNER_TYPE_UNKNOWN;
705
706 vp = (struct vnode *)fg->fg_data;
707 if (vp == NULL)
708 return CS_SIGNER_TYPE_UNKNOWN;
709
710 vnode_lock(vp);
711 if (!UBCINFOEXISTS(vp))
712 goto out;
713
714 uip = vp->v_ubcinfo;
715 if (uip == NULL)
716 goto out;
717
718 if (uip->cs_blobs == NULL)
719 goto out;
720
721 /* It is OK to extract the signer type from the first blob,
722 because all blobs of a vnode must have the same signer type. */
723 signer_type = uip->cs_blobs->csb_signer_type;
724out:
725 vnode_unlock(vp);
726
727 return signer_type;
728}
729
fe8ab488
A		 730/*
731 * Function: csfg_get_teamid
732 *
733 * Description: This returns a pointer to
734 * the teamid for the fileglob fg
735 */
736const char *
737csfg_get_teamid(struct fileglob *fg)
738{
739 struct ubc_info *uip;
740 const char *str = NULL;
741 vnode_t vp;
742
743 if (FILEGLOB_DTYPE(fg) != DTYPE_VNODE)
744 return NULL;
745
746 vp = (struct vnode *)fg->fg_data;
747 if (vp == NULL)
748 return NULL;
749
750 vnode_lock(vp);
751 if (!UBCINFOEXISTS(vp))
752 goto out;
753
754 uip = vp->v_ubcinfo;
755 if (uip == NULL)
756 goto out;
757
758 if (uip->cs_blobs == NULL)
759 goto out;
760
761 /* It is OK to extract the teamid from the first blob
762 because all blobs of a vnode must have the same teamid */
763 str = uip->cs_blobs->csb_teamid;
764out:
765 vnode_unlock(vp);
766
767 return str;
768}
769
743345f9
A		 770/*
771 * Function: csfg_get_prod_signed
772 *
773 * Description: Returns 1 if code is not signed with a developer identity.
774 * Note the inverted meaning from the cs_flag to make the error case safer.
775 * Will go away with rdar://problem/28322552.
776 */
777int
778csfg_get_prod_signed(struct fileglob *fg)
779{
780 struct ubc_info *uip;
781 vnode_t vp;
782 int prod_signed = 0;
783
784 if (FILEGLOB_DTYPE(fg) != DTYPE_VNODE)
5ba3f43e 785 return 0;
743345f9
A		 786
787 vp = (struct vnode *)fg->fg_data;
788 if (vp == NULL)
5ba3f43e 789 return 0;
743345f9
A		 790
791 vnode_lock(vp);
792 if (!UBCINFOEXISTS(vp))
793 goto out;
794
795 uip = vp->v_ubcinfo;
796 if (uip == NULL)
797 goto out;
798
799 if (uip->cs_blobs == NULL)
800 goto out;
801
802 /* It is OK to extract the flag from the first blob
803 because all blobs of a vnode must have the same cs_flags */
804 prod_signed = (uip->cs_blobs->csb_flags & CS_DEV_CODE) == 0;
805out:
806 vnode_unlock(vp);
807
808 return prod_signed;
809}
810
811
fe8ab488
A		 812uint32_t
813cs_entitlement_flags(struct proc *p)
814{
815 return (p->p_csflags & CS_ENTITLEMENT_FLAGS);
816}
817
3e170ce0
A		 818int
819cs_restricted(struct proc *p)
820{
821 return (p->p_csflags & CS_RESTRICT) ? 1 : 0;
822}
823
fe8ab488
A		 824/*
825 * Function: csfg_get_path
826 *
827 * Description: This populates the buffer passed in
828 * with the path of the vnode
829 * When calling this, the fileglob
830 * cannot go away. The caller must have a
831 * a reference on the fileglob or fileproc
832 */
833int
834csfg_get_path(struct fileglob *fg, char *path, int *len)
835{
836 vnode_t vp = NULL;
837
838 if (FILEGLOB_DTYPE(fg) != DTYPE_VNODE)
839 return -1;
840
841 vp = (struct vnode *)fg->fg_data;
842
843 /* vn_getpath returns 0 for success,
844 or an error code */
845 return vn_getpath(vp, path, len);
846}
3e170ce0
A		 847
848/* Retrieve the entitlements blob for a process.
849 * Returns:
850 * EINVAL no text vnode associated with the process
851 * EBADEXEC invalid code signing data
852 * 0 no error occurred
853 *
854 * On success, out_start and out_length will point to the
855 * entitlements blob if found; or will be set to NULL/zero
856 * if there were no entitlements.
857 */
858
859int
860cs_entitlements_blob_get(proc_t p, void **out_start, size_t *out_length)
861{
862 struct cs_blob *csblob;
863
864 *out_start = NULL;
865 *out_length = 0;
866
527f9951
A		 867 if ((p->p_csflags & CS_SIGNED) == 0) {
868 return 0;
869 }
870
3e170ce0
A		 871 if (NULL == p->p_textvp)
872 return EINVAL;
873
874 if ((csblob = ubc_cs_blob_get(p->p_textvp, -1, p->p_textoff)) == NULL)
875 return 0;
876
877 return csblob_get_entitlements(csblob, out_start, out_length);
878}
879
880/* Retrieve the codesign identity for a process.
881 * Returns:
882 * NULL an error occured
883 * string the cs_identity
884 */
885
886const char *
887cs_identity_get(proc_t p)
888{
889 struct cs_blob *csblob;
890
527f9951
A		 891 if ((p->p_csflags & CS_SIGNED) == 0) {
892 return NULL;
893 }
894
3e170ce0
A		 895 if (NULL == p->p_textvp)
896 return NULL;
897
898 if ((csblob = ubc_cs_blob_get(p->p_textvp, -1, p->p_textoff)) == NULL)
899 return NULL;
900
901 return csblob_get_identity(csblob);
902}
903
527f9951
A		 904/*
905 * DO NOT USE THIS FUNCTION!
906 * Use the properly guarded csproc_get_blob instead.
3e170ce0 907 *
527f9951
A		 908 * This is currently here to allow detached signatures to work
909 * properly. The only user of this function is also checking
910 * for CS_VALID.
3e170ce0
A		 911 */
912
913int
914cs_blob_get(proc_t p, void **out_start, size_t *out_length)
915{
916 struct cs_blob *csblob;
917
918 *out_start = NULL;
919 *out_length = 0;
920
921 if (NULL == p->p_textvp)
922 return EINVAL;
923
924 if ((csblob = ubc_cs_blob_get(p->p_textvp, -1, p->p_textoff)) == NULL)
925 return 0;
926
927 *out_start = (void *)csblob->csb_mem_kaddr;
928 *out_length = csblob->csb_mem_size;
929
930 return 0;
931}
932
933/*
934 * return cshash of a process, cdhash is of size CS_CDHASH_LEN
935 */
936
937uint8_t *
938cs_get_cdhash(struct proc *p)
939{
940 struct cs_blob *csblob;
941
527f9951
A		 942 if ((p->p_csflags & CS_SIGNED) == 0) {
943 return NULL;
944 }
945
3e170ce0
A		 946 if (NULL == p->p_textvp)
947 return NULL;
948
949 if ((csblob = ubc_cs_blob_get(p->p_textvp, -1, p->p_textoff)) == NULL)
950 return NULL;
951
952 return csblob->csb_cdhash;
953}
mirror of XNU