osxcode.cpp   [plain text]

/*
 * Copyright (c) 2000-2001,2011-2012,2014 Apple Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// osxcode - MacOS X's standard code objects
//
#include <security_utilities/osxcode.h>
#include <security_utilities/unix++.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <errno.h>
#include <CoreFoundation/CFBundle.h>
#include <CoreFoundation/CFBundlePriv.h>


namespace Security {


//
// Produce an OSXCode for the currently running application.
//
// Note that we don't build the CFBundleRef here; we defer this to when we
// really need it for something more interesting than the base or executable paths.
// This is important because OSXCode::main() is called from various initialization
// scenarios (out of the securityd client layer), and CFBundle calls into some
// bizarrely high-level APIs to complete CFBundleGetMainBundle. Until that is fixed
// (if it ever is), this particular instance of laziness is mandatory.
//
RefPointer<OSXCode> OSXCode::main()
{
	// return a code signing-aware OSXCode subclass if possible
	CFRef<SecCodeRef> me;
	if (!SecCodeCopySelf(kSecCSDefaultFlags, &me.aref()))
		return new OSXCodeWrap(me);

	// otherwise, follow the legacy path precisely - no point in messing with this, is there?
	Boolean isRealBundle;
	string path = cfStringRelease(_CFBundleCopyMainBundleExecutableURL(&isRealBundle));
	if (isRealBundle) {
		const char *cpath = path.c_str();
		if (const char *slash = strrchr(cpath, '/'))
			if (const char *contents = strstr(cpath, "/Contents/MacOS/"))
				if (contents + 15 == slash)
					return new Bundle(path.substr(0, contents-cpath).c_str());
		secinfo("bundle", "OSXCode::main(%s) not recognized as bundle (treating as tool)", cpath);
	}
	return new ExecutableTool(path.c_str());
}


SecStaticCodeRef OSXCode::codeRef() const
{
	SecStaticCodeRef code;
	MacOSError::check(SecStaticCodeCreateWithPath(CFTempURL(this->canonicalPath()), kSecCSDefaultFlags, &code));
	return code;
}


//
// Produce an OSXCode for whatever is at a given path.
// This tries to guess at the type of OSXCode to be used.
// If you *know*, just create the suitable subclass directly.
//
RefPointer<OSXCode> OSXCode::at(const char *path)
{
	CFRef<SecStaticCodeRef> code;
	if (!SecStaticCodeCreateWithPath(CFTempURL(path), kSecCSDefaultFlags, &code.aref()))
		return new OSXCodeWrap(code);

	struct stat st;
	// otherwise, follow the legacy path precisely - no point in messing with this, is there?
	if (stat(path, &st))
		UnixError::throwMe();
	if ((st.st_mode & S_IFMT) == S_IFDIR) {	// directory - assume bundle
		return new Bundle(path);
	} else {
		// look for .../Contents/MacOS/<base>
		if (const char *slash = strrchr(path, '/'))
			if (const char *contents = strstr(path, "/Contents/MacOS/"))
				if (contents + 15 == slash)
					return new Bundle(string(path).substr(0, contents-path).c_str(), path);
		// assume tool (single executable)
		return new ExecutableTool(path);
	}
}


//
// Executable Tools
//
string ExecutableTool::canonicalPath() const
{
	return path();
}

string ExecutableTool::executablePath() const
{
	return path();
}


//
// Generic Bundles
//
Bundle::Bundle(const char *path, const char *execPath /* = NULL */)
	: mPath(path), mBundle(NULL)
{
	if (execPath)						// caller knows that one; set it
		mExecutablePath = execPath;
	secinfo("bundle", "%p Bundle from path %s(%s)", this, path, executablePath().c_str());
}

Bundle::Bundle(CFBundleRef bundle, const char *root /* = NULL */)
	: mBundle(bundle)
{
	assert(bundle);
	CFRetain(bundle);
	mPath = root ? root : cfStringRelease(CFBundleCopyBundleURL(mBundle));
	secinfo("bundle", "%p Bundle from bundle %p(%s)", this, bundle, mPath.c_str());
}


Bundle::~Bundle()
{
	if (mBundle)
		CFRelease(mBundle);
}


string Bundle::executablePath() const
{
	if (mExecutablePath.empty())
		return mExecutablePath = cfStringRelease(CFBundleCopyExecutableURL(cfBundle()));
	else
		return mExecutablePath;
}


CFBundleRef Bundle::cfBundle() const
{
	if (!mBundle) {
		secinfo("bundle", "instantiating CFBundle for %s", mPath.c_str());
		CFRef<CFURLRef> url = CFURLCreateFromFileSystemRepresentation(NULL,
			(const UInt8 *)mPath.c_str(), mPath.length(), true);
		if (!url || !(mBundle = CFBundleCreate(NULL, url)))
			CFError::throwMe();
	}
	return mBundle;
}


CFTypeRef Bundle::infoPlistItem(const char *name) const
{
	return CFBundleGetValueForInfoDictionaryKey(cfBundle(), CFTempString(name));
}


void *Bundle::lookupSymbol(const char *name)
{
    CFRef<CFStringRef> cfName(CFStringCreateWithCString(NULL, name,
                                                        kCFStringEncodingMacRoman));
    if (!cfName)
		UnixError::throwMe(EBADEXEC);	// sort of
    void *function = CFBundleGetFunctionPointerForName(cfBundle(), cfName);
    if (function == NULL)
		UnixError::throwMe(EBADEXEC);	// sort of
    return function;
}

string Bundle::canonicalPath() const
{
	return path();
}


string Bundle::resource(const char *name, const char *type, const char *subdir)
{
	return cfStringRelease(CFBundleCopyResourceURL(cfBundle(),
		CFTempString(name), CFTempString(type), CFTempString(subdir)));
}

void Bundle::resources(vector<string> &paths, const char *type, const char *subdir)
{
	CFRef<CFArrayRef> cfList = CFBundleCopyResourceURLsOfType(cfBundle(),
		CFTempString(type), CFTempString(subdir));
	CFIndex size = CFArrayGetCount(cfList);
	paths.reserve(size);
	for (CFIndex n = 0; n < size; n++)
		paths.push_back(cfString(CFURLRef(CFArrayGetValueAtIndex(cfList, n))));
}


//
// Load management for a loadable bundle
//
void LoadableBundle::load()
{
	if (!CFBundleLoadExecutable(cfBundle()))
		CFError::throwMe();
    secinfo("bundle", "%p (%s) loaded", this, path().c_str());
}

void LoadableBundle::unload()
{
    secinfo("bundle", "%p (%s) unloaded", this, path().c_str());
	CFBundleUnloadExecutable(cfBundle());
}

bool LoadableBundle::isLoaded() const
{
	return CFBundleIsExecutableLoaded(cfBundle());
}


//
// OSXCodeWrap
//	
string OSXCodeWrap::canonicalPath() const
{
	CFURLRef path;
	MacOSError::check(SecCodeCopyPath(mCode, kSecCSDefaultFlags, &path));
	return cfStringRelease(path);
}


//
// The executable path is a bit annoying to get, but not quite
// annoying enough to cache the result.
//
string OSXCodeWrap::executablePath() const
{
	CFRef<CFDictionaryRef> info;
	MacOSError::check(SecCodeCopySigningInformation(mCode, kSecCSDefaultFlags, &info.aref()));
	return cfString(CFURLRef(CFDictionaryGetValue(info, kSecCodeInfoMainExecutable)));
}

SecStaticCodeRef OSXCodeWrap::codeRef() const
{
	return mCode.retain();
}


} // end namespace Security