1/*
2 * Copyright (c) 2006-2011 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24//
25// bundlediskrep - bundle directory disk representation
26//
27#ifndef _H_BUNDLEDISKREP
28#define _H_BUNDLEDISKREP
29
30#include "diskrep.h"
31#include "machorep.h"
32
33namespace Security {
34namespace CodeSigning {
35
36
37#define BUNDLEDISKREP_DIRECTORY		"_CodeSignature"
38#define CODERESOURCES_LINK			"CodeResources"
39#define STORE_RECEIPT_DIRECTORY		"_MASReceipt"
40
41
42//
43// A BundleDiskRep represents a standard Mac OS X bundle on disk.
44// The bundle is expected to have an Info.plist, and a "main executable file"
45// of some sort (as indicated therein).
46// The BundleDiskRep stores the necessary components in the main executable
47// if it is in Mach-O format, or in files in a _CodeSignature directory if not.
48// This DiskRep supports resource sealing.
49//
50class BundleDiskRep : public DiskRep {
51public:
52	BundleDiskRep(const char *path, const Context *ctx = NULL);
53	BundleDiskRep(CFBundleRef ref, const Context *ctx = NULL);
54	~BundleDiskRep();
55
56	CFDataRef component(CodeDirectory::SpecialSlot slot);
57	CFDataRef identification();
58	std::string mainExecutablePath();
59	CFURLRef copyCanonicalPath();
60	std::string resourcesRootPath();
61	std::string resourcesRelativePath();
62	void adjustResources(ResourceBuilder &builder);
63	Universal *mainExecutableImage();
64	size_t signingBase();
65	size_t signingLimit();
66	std::string format();
67	CFArrayRef modifiedFiles();
68	UnixPlusPlus::FileDesc &fd();
69	void flush();
70
71	std::string recommendedIdentifier(const SigningContext &ctx);
72	CFDictionaryRef defaultResourceRules(const SigningContext &ctx);
73	const Requirements *defaultRequirements(const Architecture *arch, const SigningContext &ctx);
74	size_t pageSize(const SigningContext &ctx);
75
76	void strictValidate(const ToleratedErrors& tolerated);
77	CFArrayRef allowedResourceOmissions();
78
79	CFBundleRef bundle() const { return mBundle; }
80
81public:
82	Writer *writer();
83	class Writer;
84	friend class Writer;
85
86protected:
87	std::string metaPath(const char *name);
88	CFDataRef metaData(const char *name) { return cfLoadFile(CFTempURL(metaPath(name))); }
89	void createMeta();						// (try to) create the meta-file directory
90
91private:
92	void setup(const Context *ctx);			// shared init
93	void checkModifiedFile(CFMutableArrayRef files, CodeDirectory::SpecialSlot slot);
94	CFDataRef loadRegularFile(CFURLRef url);
95	void recordStrictError(OSStatus error);
96	void validateFrameworkRoot(std::string root);
97
98private:
99	CFRef<CFBundleRef> mBundle;
100	std::string mMetaPath;					// path to directory containing signing files
101	bool mMetaExists;						// separate meta-file directory exists
102	CFRef<CFURLRef> mMainExecutableURL;		// chosen main executable URL
103	bool mInstallerPackage;					// is an installer (not executable) bundle
104	string mFormat;							// format description string
105	RefPointer<DiskRep> mExecRep;			// DiskRep for main executable file
106	std::set<OSStatus> mStrictErrors;		// strict validation errors encountered
107};
108
109
110//
111// Writers
112//
113//
114class BundleDiskRep::Writer : public DiskRep::Writer {
115	friend class BundleDiskRep;
116public:
117	Writer(BundleDiskRep *r);
118
119	void component(CodeDirectory::SpecialSlot slot, CFDataRef data);
120	void remove();
121	void flush();
122
123protected:
124	DiskRep *execRep() { return rep->mExecRep; }
125	void remove(CodeDirectory::SpecialSlot slot);
126
127protected:
128	RefPointer<BundleDiskRep> rep;
129	RefPointer<DiskRep::Writer> execWriter;
130	bool mMadeMetaDirectory;
131};
132
133
134} // end namespace CodeSigning
135} // end namespace Security
136
137#endif // !_H_BUNDLEDISKREP
138