#include "utilities/debugging.h"
#include "utilities/debugging_test.h"
#include "utilities/SecCFWrappers.h"
#include "utilities/SecFileLocations.h"
#include <CoreFoundation/CFSet.h>
#include <CoreFoundation/CFString.h>
#include <CoreFoundation/CFPreferences.h>
#include <dispatch/dispatch.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <pthread.h>
#include <asl.h>
#include <os/trace.h>
#include <os/log_private.h>
#include <sqlite3.h>
#include <os/lock_private.h>
const char *api_trace = "api_trace";
const CFStringRef kStringNegate = CFSTR("-");
const CFStringRef kStringAll = CFSTR("all");
const CFStringRef kAPIScope = CFSTR("api");
static CFMutableArrayRef sLogSettings = NULL;
static dispatch_queue_t GetDispatchControlQueue(void) {
static dispatch_queue_t sLoggingScopeControlQueue;
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
sLoggingScopeControlQueue = dispatch_queue_create("security scope control", DISPATCH_QUEUE_CONCURRENT);
});
return sLoggingScopeControlQueue;
}
static void with_scopes_read(dispatch_block_t action) {
dispatch_sync(GetDispatchControlQueue(), action);
}
static void with_scopes_write(dispatch_block_t action) {
dispatch_barrier_sync(GetDispatchControlQueue(), action);
}
bool IsScopeActive(int level, CFStringRef scope)
{
if (scope == NULL)
return true;
CFNumberRef level_number = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &level);
__block bool isActive = false;
with_scopes_read(^{
if (sLogSettings) {
CFArrayForEach(sLogSettings, ^(const void *value) {
CFSetRef setToCheck = NULL;
if (isSet(value)) {
setToCheck = (CFSetRef) value;
} else if (isDictionary(value)) {
CFDictionaryRef levels = (CFDictionaryRef) value;
setToCheck = CFDictionaryGetValue(levels, level_number);
if (!isSet(setToCheck))
setToCheck = NULL;
}
if (setToCheck != NULL && !isActive) {
bool negated = CFSetContainsValue(setToCheck, kStringNegate);
bool inSet = CFSetContainsValue(setToCheck, scope);
isActive = negated ^ inSet;
}
});
}
});
CFReleaseNull(level_number);
return isActive;
}
bool IsScopeActiveC(int level, const char *scope)
{
CFStringRef scopeString = CFStringCreateWithBytes(kCFAllocatorDefault, (const uint8_t*)scope, strlen(scope), kCFStringEncodingUTF8, false);
bool isActive = IsScopeActive(level, scopeString);
CFReleaseNull(scopeString);
return isActive;
}
static CFMutableSetRef CopyScopesFromScopeList(CFStringRef scopes) {
CFMutableSetRef resultSet = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
CFStringRef allocated_scope_list = NULL;
CFStringRef clean_scope_list = scopes;
bool add_negate = false;
if (CFStringHasPrefix(scopes, kStringNegate)) {
allocated_scope_list = CFStringCreateWithSubstring(kCFAllocatorDefault, scopes, CFRangeMake(CFStringGetLength(kStringNegate), CFStringGetLength(scopes) - 1));
clean_scope_list = allocated_scope_list;
add_negate = true;
}
CFArrayRef commaArray = CFStringCreateArrayBySeparatingStrings(kCFAllocatorDefault, clean_scope_list, CFSTR(","));
if (commaArray) {
CFArrayForEach(commaArray, ^(const void *value) {
if (isString(value)) {
CFMutableStringRef copy = CFStringCreateMutableCopy(kCFAllocatorDefault, 0, (CFStringRef) value);
CFStringTrimWhitespace(copy);
CFSetSetValue(resultSet, copy);
CFReleaseNull(copy);
}
});
}
CFSetRemoveValue(resultSet, CFSTR("none"));
CFSetRemoveValue(resultSet, CFSTR(""));
if (CFSetContainsValue(resultSet, CFSTR("all"))) {
CFSetRemoveAllValues(resultSet);
add_negate = !add_negate;
}
if (add_negate)
CFSetSetValue(resultSet, kStringNegate);
CFReleaseNull(commaArray);
CFReleaseNull(allocated_scope_list);
return resultSet;
}
static CFMutableArrayRef CFArrayCreateMutableForCFTypesFilledWithCFNull(CFAllocatorRef allocator, CFIndex capacity) {
CFMutableArrayRef result = CFArrayCreateMutableForCFTypesWithCapacity(kCFAllocatorDefault, kScopeIDMax);
for(int count = 0; count <= capacity; ++count)
CFArrayAppendValue(result, kCFNull);
return result;
}
static bool CFArrayIsAll(CFArrayRef array, const void *value)
{
return CFArrayGetCountOfValue(array, CFRangeMake(0, CFArrayGetCount(array)), value) == CFArrayGetCount(array);
}
static void SetNthScopeSet(int nth, CFTypeRef collection)
{
with_scopes_write(^{
if (sLogSettings == NULL) {
sLogSettings = CFArrayCreateMutableForCFTypesFilledWithCFNull(kCFAllocatorDefault, kScopeIDMax);
}
CFArraySetValueAtIndex(sLogSettings, nth, collection);
if (CFArrayIsAll(sLogSettings, kCFNull)) {
CFReleaseNull(sLogSettings);
}
});
}
static int string_to_log_level(CFStringRef string) {
if (CFEqual(string, CFSTR(ASL_STRING_EMERG)))
return SECLOG_LEVEL_EMERG;
else if (CFEqual(string, CFSTR(ASL_STRING_ALERT)))
return SECLOG_LEVEL_ALERT;
else if (CFEqual(string, CFSTR(ASL_STRING_CRIT)))
return SECLOG_LEVEL_CRIT;
else if (CFEqual(string, CFSTR(ASL_STRING_ERR)))
return SECLOG_LEVEL_ERR;
else if (CFEqual(string, CFSTR(ASL_STRING_WARNING)))
return SECLOG_LEVEL_WARNING;
else if (CFEqual(string, CFSTR(ASL_STRING_NOTICE)))
return SECLOG_LEVEL_NOTICE;
else if (CFEqual(string, CFSTR(ASL_STRING_INFO)))
return SECLOG_LEVEL_INFO;
else if (CFEqual(string, CFSTR(ASL_STRING_DEBUG)))
return SECLOG_LEVEL_DEBUG;
else
return -1;
}
static void CFSetAppendValues(CFSetRef set, CFMutableArrayRef appendTo)
{
CFSetForEach(set, ^(const void *value) {
CFArrayAppendValue(appendTo, value);
});
}
static CFMutableArrayRef CFSetOfCFObjectsCopyValues(CFSetRef setOfCFs)
{
CFMutableArrayRef result = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
CFSetForEach(setOfCFs, ^(const void *value) {
CFArrayAppendValue(result, value);
});
return result;
}
CFPropertyListRef CopyCurrentScopePlist(void)
{
CFMutableArrayRef result = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
with_scopes_read(^{
CFArrayForEach(sLogSettings, ^(const void *value) {
if (isSet(value)) {
CFArrayRef values = CFSetOfCFObjectsCopyValues((CFSetRef) value);
CFArrayAppendValue(result, values);
CFReleaseNull(values);
} else if (isDictionary(value)) {
CFMutableDictionaryRef levels = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
CFDictionaryForEach((CFDictionaryRef) value, ^(const void *key, const void *value) {
if (isSet(value)) {
CFArrayRef values = CFSetOfCFObjectsCopyValues((CFSetRef) value);
CFDictionaryAddValue(levels, key, values);
CFReleaseNull(values);
}
});
CFArrayAppendValue(result, levels);
} else {
CFArrayAppendValue(result, kCFNull);
}
});
});
return result;
}
void ApplyScopeDictionaryForID(CFDictionaryRef scopeDictionary, SecDebugScopeID whichID)
{
CFMutableDictionaryRef dictionary_for_id = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
CFDictionaryForEach(scopeDictionary, ^(const void *key, const void *value) {
CFSetRef scope_set = NULL;
CFNumberRef key_number = NULL;
if (isString(key)) {
int level = string_to_log_level((CFStringRef) key);
if (level >= 0)
key_number = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &level);
} else if (isNumber(key)) {
key_number = CFRetainSafe(key);
}
if (isString(value)) {
scope_set = CopyScopesFromScopeList(value);
}
if (key_number && scope_set)
CFDictionaryAddValue(dictionary_for_id, key_number, scope_set);
CFReleaseNull(key_number);
CFReleaseNull(scope_set);
});
if (CFDictionaryGetCount(dictionary_for_id) > 0) {
SetNthScopeSet(whichID, dictionary_for_id);
}
CFReleaseNull(dictionary_for_id);
}
void ApplyScopeListForID(CFStringRef scopeList, SecDebugScopeID whichID)
{
CFMutableSetRef scopesToUse = CopyScopesFromScopeList(scopeList);
SetNthScopeSet(whichID, scopesToUse);
CFReleaseNull(scopesToUse);
}
void ApplyScopeListForIDC(const char *scopeList, SecDebugScopeID whichID) {
CFStringRef scope_string = CFStringCreateWithCStringNoCopy(kCFAllocatorDefault, scopeList, kCFStringEncodingUTF8, kCFAllocatorNull);
ApplyScopeListForID(scope_string, whichID);
CFReleaseNull(scope_string);
}
#pragma mark - Log Handlers to catch log information
static CFPropertyListRef
CopyPlistFromFile(CFURLRef url)
{
CFDictionaryRef d = NULL;
CFReadStreamRef s = CFReadStreamCreateWithFile(kCFAllocatorDefault, url);
if (s && CFReadStreamOpen(s)) {
d = (CFDictionaryRef)CFPropertyListCreateWithStream(kCFAllocatorDefault, s, 0, kCFPropertyListImmutable, NULL, NULL);
}
CFReleaseSafe(s);
return d;
}
static void ApplyScopeByTypeForID(CFPropertyListRef scopes, SecDebugScopeID whichID) {
if (isDictionary(scopes)) {
ApplyScopeDictionaryForID(scopes, whichID);
} else if (isString(scopes)) {
ApplyScopeListForID(scopes, whichID);
}
}
static void setup_config_settings() {
CFStringRef logFileName;
#if TARGET_OS_IPHONE
logFileName = CFSTR(".GlobalPreferences.plist");
#else
logFileName = CFSTR("com.apple.security.logging.plist");
#endif
CFURLRef prefURL = SecCopyURLForFileInManagedPreferencesDirectory(logFileName);
if(prefURL) {
CFPropertyListRef plist = CopyPlistFromFile(prefURL);
if (plist) {
ApplyScopeByTypeForID(CFDictionaryGetValue(plist, CFSTR("SecLogging")), kScopeIDConfig);
}
CFReleaseSafe(plist);
}
CFReleaseSafe(prefURL);
}
static void setup_defaults_settings() {
CFPropertyListRef scopes_value = CFPreferencesCopyValue(CFSTR("Logging"), CFSTR("com.apple.security"), kCFPreferencesAnyUser, kCFPreferencesCurrentHost);
ApplyScopeByTypeForID(scopes_value, kScopeIDDefaults);
CFReleaseSafe(scopes_value);
}
static void setup_circle_defaults_settings() {
CFPropertyListRef scopes_value = CFPreferencesCopyValue(CFSTR("Circle-Logging"), CFSTR("com.apple.security"), kCFPreferencesAnyUser, kCFPreferencesCurrentHost);
ApplyScopeByTypeForID(scopes_value, kScopeIDDefaults);
CFReleaseSafe(scopes_value);
}
static void setup_environment_scopes() {
const char *cur_scope = getenv("DEBUGSCOPE");
if (cur_scope == NULL)
cur_scope = "";
ApplyScopeListForIDC(cur_scope, kScopeIDEnvironment);
}
void __security_debug_init(void) {
static dispatch_once_t sdOnceToken;
dispatch_once(&sdOnceToken, ^{
setup_environment_scopes();
setup_config_settings();
setup_defaults_settings();
setup_circle_defaults_settings();
});
}
static char *copyScopeStr(CFStringRef scope, char *alternative) {
char *scopeStr = NULL;
if(scope) {
scopeStr = CFStringToCString(scope);
} else {
scopeStr = strdup("noScope");
}
return scopeStr;
}
os_log_t
secLogObjForCFScope(CFStringRef scope)
{
os_log_t retval = OS_LOG_DISABLED;
static os_unfair_lock lock = OS_UNFAIR_LOCK_INIT;
static CFMutableDictionaryRef scopeMap = NULL;
if (scope == NULL) {
scope = CFSTR("logging");
}
os_unfair_lock_lock_with_options(&lock, OS_UNFAIR_LOCK_DATA_SYNCHRONIZATION);
if (scopeMap == NULL) {
scopeMap = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFCopyStringDictionaryKeyCallBacks, NULL);
}
retval = (os_log_t)CFDictionaryGetValue(scopeMap, scope);
if (retval == NULL) {
CFStringPerformWithCString(scope, ^(const char *scopeStr) {
CFDictionaryAddValue(scopeMap, scope, os_log_create("com.apple.securityd", scopeStr));
});
retval = (os_log_t)CFDictionaryGetValue(scopeMap, scope);
}
os_unfair_lock_unlock(&lock);
return retval;
}
static bool loggingEnabled = true;
static pthread_mutex_t loggingMutex = PTHREAD_MUTEX_INITIALIZER;
bool secLogEnabled(void) {
bool r = false;
pthread_mutex_lock(&loggingMutex);
r = loggingEnabled;
pthread_mutex_unlock(&loggingMutex);
return r;
}
void secLogDisable(void) {
pthread_mutex_lock(&loggingMutex);
loggingEnabled = false;
pthread_mutex_unlock(&loggingMutex);
}
void secLogEnable(void) {
pthread_mutex_lock(&loggingMutex);
loggingEnabled = true;
pthread_mutex_unlock(&loggingMutex);
}
os_log_t secLogObjForScope(const char *scope) {
if (!secLogEnabled())
return OS_LOG_DISABLED;
CFStringRef cfscope = NULL;
if(scope) cfscope = CFStringCreateWithCString(kCFAllocatorDefault, scope, kCFStringEncodingASCII);
os_log_t retval = secLogObjForCFScope(cfscope);
CFReleaseNull(cfscope);
return retval;
}
CFStringRef SecLogAPICreate(bool apiIn, const char *api, CFStringRef format, ... ) {
CFMutableStringRef outStr = CFStringCreateMutable(kCFAllocatorDefault, 0);
char *direction = apiIn ? "ENTER" : "RETURN";
va_list args;
va_start(args, format);
CFStringAppend(outStr, CFSTR("SecAPITrace "));
CFStringAppendCString(outStr, api, kCFStringEncodingASCII);
CFStringAppendCString(outStr, direction, kCFStringEncodingASCII);
if (format) {
CFStringRef message = CFStringCreateWithFormatAndArguments(kCFAllocatorDefault, NULL, format, args);
CFStringAppend(outStr, message);
CFReleaseSafe(message);
}
if (apiIn) {
char caller_info[80];
snprintf(caller_info, sizeof(caller_info), "C%p F%p", __builtin_return_address(1), __builtin_frame_address(2));
CFStringAppend(outStr, CFSTR("CALLER "));
CFStringAppendCString(outStr, caller_info, kCFStringEncodingASCII);
}
va_end(args);
return outStr;
}
#if TARGET_OS_OSX
#include <dlfcn.h>
#define weak_log_f(fname, newname, rettype, fallthrough) \
rettype newname(log_args) { \
static dispatch_once_t onceToken = 0; \
static rettype (*newname)(log_args) = NULL; \
\
dispatch_once(&onceToken, ^{ \
void* libtrace = dlopen("/usr/lib/system/libsystem_trace.dylib", RTLD_LAZY | RTLD_LOCAL); \
if (libtrace) { \
newname = (rettype(*)(log_args)) dlsym(libtrace, #fname); \
} \
}); \
\
if(newname) { \
return newname(log_argnames); \
} \
fallthrough;\
}
#define log_args void *dso, os_log_t log, os_log_type_t type, const char *format, uint8_t *buf, unsigned int size
#define log_argnames dso, log, type, format, buf, size
weak_log_f(_os_log_impl, weak_os_log_impl, void, return);
#undef log_args
#undef log_argnames
#define log_args const char *subsystem, const char *category
#define log_argnames subsystem, category
weak_log_f(os_log_create, weak_os_log_create, os_log_t, return NULL);
#undef log_args
#undef log_argnames
#define log_args os_log_t oslog, os_log_type_t type
#define log_argnames oslog, type
weak_log_f(os_log_type_enabled, weak_os_log_type_enabled, bool, return false);
#undef log_args
#undef log_argnames
#undef weak_log_f
#endif // TARGET_OS_OSX