1/* 2 * Copyright (c) 2006-2011 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24// 25// bundlediskrep - bundle directory disk representation 26// 27#ifndef _H_BUNDLEDISKREP 28#define _H_BUNDLEDISKREP 29 30#include "diskrep.h" 31#include "machorep.h" 32 33namespace Security { 34namespace CodeSigning { 35 36 37#define BUNDLEDISKREP_DIRECTORY "_CodeSignature" 38#define CODERESOURCES_LINK "CodeResources" 39#define STORE_RECEIPT_DIRECTORY "_MASReceipt" 40 41 42// 43// A BundleDiskRep represents a standard Mac OS X bundle on disk. 44// The bundle is expected to have an Info.plist, and a "main executable file" 45// of some sort (as indicated therein). 46// The BundleDiskRep stores the necessary components in the main executable 47// if it is in Mach-O format, or in files in a _CodeSignature directory if not. 48// This DiskRep supports resource sealing. 49// 50class BundleDiskRep : public DiskRep { 51public: 52 BundleDiskRep(const char *path, const Context *ctx = NULL); 53 BundleDiskRep(CFBundleRef ref, const Context *ctx = NULL); 54 ~BundleDiskRep(); 55 56 CFDataRef component(CodeDirectory::SpecialSlot slot); 57 CFDataRef identification(); 58 std::string mainExecutablePath(); 59 CFURLRef copyCanonicalPath(); 60 std::string resourcesRootPath(); 61 std::string resourcesRelativePath(); 62 void adjustResources(ResourceBuilder &builder); 63 Universal *mainExecutableImage(); 64 size_t signingBase(); 65 size_t signingLimit(); 66 std::string format(); 67 CFArrayRef modifiedFiles(); 68 UnixPlusPlus::FileDesc &fd(); 69 void flush(); 70 71 std::string recommendedIdentifier(const SigningContext &ctx); 72 CFDictionaryRef defaultResourceRules(const SigningContext &ctx); 73 const Requirements *defaultRequirements(const Architecture *arch, const SigningContext &ctx); 74 size_t pageSize(const SigningContext &ctx); 75 76 void strictValidate(const ToleratedErrors& tolerated); 77 CFArrayRef allowedResourceOmissions(); 78 79 CFBundleRef bundle() const { return mBundle; } 80 81public: 82 Writer *writer(); 83 class Writer; 84 friend class Writer; 85 86protected: 87 std::string metaPath(const char *name); 88 CFDataRef metaData(const char *name) { return cfLoadFile(CFTempURL(metaPath(name))); } 89 void createMeta(); // (try to) create the meta-file directory 90 91private: 92 void setup(const Context *ctx); // shared init 93 void checkModifiedFile(CFMutableArrayRef files, CodeDirectory::SpecialSlot slot); 94 CFDataRef loadRegularFile(CFURLRef url); 95 void recordStrictError(OSStatus error); 96 void validateFrameworkRoot(std::string root); 97 98private: 99 CFRef<CFBundleRef> mBundle; 100 std::string mMetaPath; // path to directory containing signing files 101 bool mMetaExists; // separate meta-file directory exists 102 CFRef<CFURLRef> mMainExecutableURL; // chosen main executable URL 103 bool mInstallerPackage; // is an installer (not executable) bundle 104 string mFormat; // format description string 105 RefPointer<DiskRep> mExecRep; // DiskRep for main executable file 106 std::set<OSStatus> mStrictErrors; // strict validation errors encountered 107}; 108 109 110// 111// Writers 112// 113// 114class BundleDiskRep::Writer : public DiskRep::Writer { 115 friend class BundleDiskRep; 116public: 117 Writer(BundleDiskRep *r); 118 119 void component(CodeDirectory::SpecialSlot slot, CFDataRef data); 120 void remove(); 121 void flush(); 122 123protected: 124 DiskRep *execRep() { return rep->mExecRep; } 125 void remove(CodeDirectory::SpecialSlot slot); 126 127protected: 128 RefPointer<BundleDiskRep> rep; 129 RefPointer<DiskRep::Writer> execWriter; 130 bool mMadeMetaDirectory; 131}; 132 133 134} // end namespace CodeSigning 135} // end namespace Security 136 137#endif // !_H_BUNDLEDISKREP 138