#include "csgeneric.h"
#include "cs.h"
#include "StaticCode.h"
#include <securityd_client/cshosting.h>
#include <sys/param.h>
namespace Security {
namespace CodeSigning {
using MachPlusPlus::Port;
#define CALL(host, name, args...) \
OSStatus result; \
if (cshosting_client_ ## name (host, mig_get_reply_port(), &result, args)) \
MacOSError::throwMe(errSecCSNotAHost); \
MacOSError::check(result);
GenericCode::GenericCode(SecCode *host, SecGuestRef guestRef)
: SecCode(host), mGuestRef(guestRef)
{
}
SecCode *GenericCode::locateGuest(CFDictionaryRef attributes)
{
if (Port host = hostingPort()) {
CFRef<CFDataRef> attrData;
void *attrPtr = NULL; size_t attrLength = 0;
if (attributes) {
attrData.take(CFPropertyListCreateXMLData(NULL, attributes));
attrPtr = (void *)CFDataGetBytePtr(attrData);
attrLength = CFDataGetLength(attrData);
}
GuestChain guestPath;
mach_msg_type_number_t guestPathLength;
mach_port_t subport;
CALL(host, findGuest, guestRef(), attrPtr, attrLength,
&guestPath, &guestPathLength, &subport);
CODESIGN_GUEST_LOCATE_GENERIC(this, guestPath, guestPathLength, subport);
SecPointer<SecCode> code = this;
for (unsigned n = 0; n < guestPathLength; n++)
code = new GenericCode(code, guestPath[n]);
return code.yield();
} else
return NULL; }
SecStaticCode *GenericCode::identifyGuest(SecCode *guest, CFDataRef *cdhashOut)
{
if (GenericCode *iguest = dynamic_cast<GenericCode *>(guest)) {
FilePathOut path;
CFRef<CFDataRef> cdhash;
CFDictionary attributes(errSecCSHostProtocolInvalidAttribute);
identifyGuest(iguest->guestRef(), path, cdhash.aref(), attributes.aref());
DiskRep::Context ctx;
if (CFNumberRef architecture = attributes.get<CFNumberRef>(kSecGuestAttributeArchitecture)) {
cpu_type_t cpu = cfNumber<cpu_type_t>(architecture);
if (CFNumberRef subarchitecture = attributes.get<CFNumberRef>(kSecGuestAttributeSubarchitecture))
ctx.arch = Architecture(cpu, cfNumber<cpu_subtype_t>(subarchitecture));
else
ctx.arch = Architecture(cpu);
}
SecPointer<GenericStaticCode> code = new GenericStaticCode(DiskRep::bestGuess(path, &ctx));
CODESIGN_GUEST_IDENTIFY_GENERIC(iguest, iguest->guestRef(), code);
if (cdhash) {
CODESIGN_GUEST_CDHASH_GENERIC(iguest, (void *)CFDataGetBytePtr(cdhash), CFDataGetLength(cdhash));
*cdhashOut = cdhash.yield();
}
return code.yield();
} else
MacOSError::throwMe(errSecCSNotAHost);
}
void GenericCode::identifyGuest(SecGuestRef guest, char *path, CFDataRef &cdhash, CFDictionaryRef &attributes)
{
if (Port host = hostingPort()) {
HashDataOut hash;
uint32_t hashLength;
XMLBlobOut attr;
uint32_t attrLength;
CALL(host, identifyGuest, guest, path, hash, &hashLength, &attr, &attrLength);
if (hashLength)
cdhash = makeCFData(hash, hashLength);
if (attrLength) {
CFRef<CFDataRef> attrData = makeCFData(attr, attrLength);
attributes = makeCFDictionaryFrom(attrData);
#if ROSETTA_TEST_HACK
CFMutableDictionaryRef hattr = makeCFMutableDictionary(attributes);
CFDictionaryAddValue(hattr, kSecGuestAttributeArchitecture, CFTempNumber(CPU_TYPE_POWERPC));
CFRelease(attributes);
attributes = hattr;
#endif
}
} else
MacOSError::throwMe(errSecCSNotAHost);
}
SecCodeStatus GenericCode::getGuestStatus(SecCode *guest)
{
if (Port host = hostingPort()) {
uint32_t status;
CALL(host, guestStatus, safe_cast<GenericCode *>(guest)->guestRef(), &status);
return status;
} else
MacOSError::throwMe(errSecCSNotAHost);
}
void GenericCode::changeGuestStatus(SecCode *iguest, SecCodeStatusOperation operation, CFDictionaryRef arguments)
{
if (dynamic_cast<GenericCode *>(iguest))
switch (operation) {
case kSecCodeOperationNull:
break;
case kSecCodeOperationInvalidate:
case kSecCodeOperationSetHard:
case kSecCodeOperationSetKill:
MacOSError::throwMe(errSecCSUnimplemented);
break;
default:
MacOSError::throwMe(errSecCSUnimplemented);
}
else
MacOSError::throwMe(errSecCSNoSuchCode);
}
Port GenericCode::hostingPort()
{
if (!mHostingPort) {
if (staticCode()->codeDirectory()->flags & kSecCodeSignatureHost) {
mHostingPort = getHostingPort();
CODESIGN_GUEST_HOSTINGPORT(this, mHostingPort);
}
}
return mHostingPort;
}
mach_port_t GenericCode::getHostingPort()
{
if (GenericCode *genericHost = dynamic_cast<GenericCode *>(host()))
return genericHost->getHostingPort();
else
MacOSError::throwMe(errSecCSNotAHost);
}
} }