machorep.h
1 /* 2 * Copyright (c) 2006,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 // 25 // machorep - DiskRep mix-in for handling Mach-O main executables 26 // 27 #ifndef _H_MACHOREP 28 #define _H_MACHOREP 29 30 #include "singlediskrep.h" 31 #include "sigblob.h" 32 #include <security_utilities/unix++.h> 33 #include <security_utilities/macho++.h> 34 35 namespace Security { 36 namespace CodeSigning { 37 38 39 // 40 // MachORep is a DiskRep class that supports code signatures 41 // directly embedded in Mach-O binary files. 42 // 43 // It does not have write support (for writing signatures); 44 // writing multi-architecture binaries is complicated enough 45 // that it's driven directly from the signing code, with no 46 // abstractions to get in the way. 47 // 48 class MachORep : public SingleDiskRep, public EditableDiskRep { 49 public: 50 MachORep(const char *path, const Context *ctx = NULL); 51 virtual ~MachORep(); 52 53 CFDataRef component(CodeDirectory::SpecialSlot slot); 54 RawComponentMap createRawComponents(); 55 CFDataRef identification(); 56 Universal *mainExecutableImage(); 57 void prepareForSigning(SigningContext &context); 58 size_t signingBase(); 59 size_t signingLimit(); 60 size_t execSegBase(const Architecture *arch); 61 size_t execSegLimit(const Architecture *arch); 62 std::string format(); 63 CFDictionaryRef copyDiskRepInformation(); 64 65 std::string recommendedIdentifier(const SigningContext &ctx); 66 const Requirements *defaultRequirements(const Architecture *arch, const SigningContext &ctx); 67 size_t pageSize(const SigningContext &ctx); 68 69 void strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated, SecCSFlags flags); 70 71 void flush(); // flush cache 72 73 static bool candidate(UnixPlusPlus::FileDesc &fd); 74 void registerStapledTicket(); 75 76 public: 77 static CFDataRef identificationFor(MachO *macho); 78 79 public: 80 DiskRep::Writer *writer(); 81 class Writer; 82 friend class Writer; 83 84 protected: 85 CFDataRef embeddedComponent(CodeDirectory::SpecialSlot slot); 86 CFDataRef infoPlist(); 87 Requirement *libraryRequirements(const Architecture *arch, const SigningContext &ctx); 88 89 private: 90 static bool needsExecSeg(const MachO& macho); 91 EmbeddedSignatureBlob *signingData(); 92 93 Universal *mExecutable; // cached Mach-O/Universal reference to mainExecutablePath() 94 mutable EmbeddedSignatureBlob *mSigningData; // cached signing data from current architecture 95 }; 96 97 98 // 99 // The write side of a MachORep. 100 // This is purposely dysfunctional; Mach-O signatures are written 101 // by code in signerutils, not by DiskRep::Writers. 102 // 103 class MachORep::Writer : public SingleDiskRep::Writer { 104 friend class FileDiskRep; 105 public: 106 Writer(MachORep *r) : SingleDiskRep::Writer(r, writerNoGlobal) { } 107 void component(CodeDirectory::SpecialSlot slot, CFDataRef data); 108 }; 109 110 111 } // end namespace CodeSigning 112 } // end namespace Security 113 114 #endif // !_H_MACHOREP