Lines Matching refs:blob
140 CSMAGIC_REQUIREMENT = 0xfade0c00, /* single Requirement blob */
142 CSMAGIC_CODEDIRECTORY = 0xfade0c02, /* CodeDirectory blob */
172 uint32_t length; /* total length of blob */
188 uint32_t length; /* total length of CodeDirectory blob */
208 * Locate the CodeDirectory from an embedded signature blob
241 * without a blob.
371 /* Retrieve the entitlements blob for a process.
379 * entitlements blob if found; or will be set to NULL/zero
390 CS_GenericBlob *blob;
414 blob = (void *)((char *)super_blob + ntohl(blob_index->offset));
417 if (CSMAGIC_CODEDIRECTORY != ntohl(blob->magic))
419 code_dir = (void *)blob;
429 if (CSMAGIC_EMBEDDED_ENTITLEMENTS != ntohl(blob->magic))
431 start = (void *)blob;
432 length = ntohl(blob->length);
2390 SYSCTL_INT(_vm, OID_AUTO, cs_blob_size_max, CTLFLAG_RD | CTLFLAG_LOCKED, &cs_blob_size_max, 0, "Size of biggest code signature blob");
2435 struct cs_blob *blob, *oblob;
2445 blob = (struct cs_blob *) kalloc(sizeof (struct cs_blob));
2446 if (blob == NULL) {
2451 /* get a memory entry on the blob */
2476 /* fill in the new blob */
2477 blob->csb_cpu_type = cputype;
2478 blob->csb_base_offset = base_offset;
2479 blob->csb_mem_size = size;
2480 blob->csb_mem_offset = 0;
2481 blob->csb_mem_handle = blob_handle;
2482 blob->csb_mem_kaddr = addr;
2485 * Validate the blob's contents
2490 (char *) addr + blob->csb_mem_size);
2492 /* no code directory => useless blob ! */
2493 blob->csb_flags = 0;
2494 blob->csb_start_offset = 0;
2495 blob->csb_end_offset = 0;
2500 blob->csb_flags = ntohl(cd->flags) | CS_VALID;
2501 blob->csb_end_offset = round_page(ntohl(cd->codeLimit));
2505 blob->csb_start_offset = ntohl(scatter->base) * PAGE_SIZE;
2507 blob->csb_start_offset = (blob->csb_end_offset -
2510 /* compute the blob's SHA1 hash */
2516 SHA1Final(blob->csb_sha1, &sha1ctxt);
2518 bzero(blob->csb_sha1, 20);
2523 * Let policy module check whether the blob's signature is accepted.
2526 error = mac_vnode_check_signature(vp, blob->csb_sha1, (void*)addr, size);
2532 * Validate the blob's coverage
2534 blob_start_offset = blob->csb_base_offset + blob->csb_start_offset;
2535 blob_end_offset = blob->csb_base_offset + blob->csb_end_offset;
2540 /* reject empty or backwards blob */
2553 /* check if this new blob overlaps with an existing blob */
2565 /* no conflict with this existing blob */
2570 blob->csb_mem_size == oblob->csb_mem_size &&
2571 blob->csb_flags == oblob->csb_flags &&
2572 (blob->csb_cpu_type == CPU_TYPE_ANY ||
2574 blob->csb_cpu_type == oblob->csb_cpu_type) &&
2575 !bcmp(blob->csb_sha1,
2579 * We already have this blob:
2581 * throw away the new blob.
2585 * The old blob matches this one
2596 /* different blob: reject the new one */
2615 * Add this blob to the list of blobs for this vnode.
2617 * blob from the list, so ubc_cs_get_blobs() can return whatever
2621 blob->csb_next = uip->cs_blobs;
2622 uip->cs_blobs = blob;
2628 OSAddAtomic((SInt32) +blob->csb_mem_size, &cs_blob_size);
2632 if ((UInt32) blob->csb_mem_size > cs_blob_size_max) {
2633 cs_blob_size_max = (UInt32) blob->csb_mem_size;
2644 blob->csb_cpu_type == -1 ? "detached" : "embedded",
2646 blob->csb_base_offset + blob->csb_start_offset,
2647 blob->csb_base_offset + blob->csb_end_offset,
2648 blob->csb_flags);
2658 if (blob) {
2659 kfree(blob, sizeof (*blob));
2660 blob = NULL;
2671 * to add an existing blob again. We cleaned the new
2672 * blob and we want to return success.
2692 struct cs_blob *blob;
2698 blob = NULL;
2703 for (blob = uip->cs_blobs;
2704 blob != NULL;
2705 blob = blob->csb_next) {
2706 if (cputype != -1 && blob->csb_cpu_type == cputype) {
2710 offset_in_blob = offset - blob->csb_base_offset;
2711 if (offset_in_blob >= blob->csb_start_offset &&
2712 offset_in_blob < blob->csb_end_offset) {
2713 /* our offset is covered by this blob */
2722 return blob;
2729 struct cs_blob *blob, *next_blob;
2731 for (blob = uip->cs_blobs;
2732 blob != NULL;
2733 blob = next_blob) {
2734 next_blob = blob->csb_next;
2735 if (blob->csb_mem_kaddr != 0) {
2736 ubc_cs_blob_deallocate(blob->csb_mem_kaddr,
2737 blob->csb_mem_size);
2738 blob->csb_mem_kaddr = 0;
2740 if (blob->csb_mem_handle != IPC_PORT_NULL) {
2741 mach_memory_entry_port_release(blob->csb_mem_handle);
2743 blob->csb_mem_handle = IPC_PORT_NULL;
2745 OSAddAtomic((SInt32) -blob->csb_mem_size, &cs_blob_size);
2746 kfree(blob, sizeof (*blob));
2802 struct cs_blob *blobs, *blob;
2821 for (blob = blobs;
2822 blob != NULL;
2823 blob = blob->csb_next) {
2824 offset = page_offset - blob->csb_base_offset;
2825 if (offset < blob->csb_start_offset ||
2826 offset >= blob->csb_end_offset) {
2827 /* our page is not covered by this blob */
2831 /* map the blob in the kernel address space */
2832 kaddr = blob->csb_mem_kaddr;
2834 ksize = (vm_size_t) (blob->csb_mem_size +
2835 blob->csb_mem_offset);
2841 blob->csb_mem_handle,
2849 printf("cs_validate_page: failed to map blob, "
2851 (size_t)blob->csb_mem_size, kr);
2855 blob_addr = kaddr + blob->csb_mem_offset;
2858 upper_bound = lower_bound + blob->csb_mem_size;
2866 /* bogus blob ? */
2870 offset = page_offset - blob->csb_base_offset;
2871 if (offset < blob->csb_start_offset ||
2872 offset >= blob->csb_end_offset) {
2873 /* our page is not covered by this blob */
2965 struct cs_blob *blobs, *blob;
2972 for (blob = blobs;
2973 blob != NULL;
2974 blob = blob->csb_next) {
2975 /* compute offset relative to this blob */
2976 rel_offset = offset - blob->csb_base_offset;
2977 if (rel_offset >= blob->csb_start_offset &&
2978 rel_offset < blob->csb_end_offset) {
2979 /* this blob does cover our "offset" ! */
2984 if (blob == NULL) {
2985 /* we didn't find a blob covering "offset" */
2988 /* get the SHA1 hash of that blob */
2989 bcopy(blob->csb_sha1, cdhash, sizeof (blob->csb_sha1));