static CFType typeFromCFTypeRef(CFTypeRef type)
{
ASSERT(type);
if (type == tokenNullTypeRef())
return Null;
CFTypeID typeID = CFGetTypeID(type);
if (typeID == CFArrayGetTypeID())
return CFArray;
if (typeID == CFBooleanGetTypeID())
return CFBoolean;
if (typeID == CFDataGetTypeID())
return CFData;
if (typeID == CFDictionaryGetTypeID())
return CFDictionary;
if (typeID == CFNullGetTypeID())
return CFNull;
if (typeID == CFNumberGetTypeID())
return CFNumber;
if (typeID == CFStringGetTypeID())
return CFString;
if (typeID == CFURLGetTypeID())
return CFURL;
#if PLATFORM(MAC)
if (typeID == SecCertificateGetTypeID())
return SecCertificate;
#endif
ASSERT_NOT_REACHED();
return Unknown;
}
JSValue *UserObjectImp::toPrimitive(ExecState *exec, JSType preferredType) const
{
JSValue *result = jsUndefined();
JSUserObject* jsObjPtr = KJSValueToJSObject(toObject(exec), exec);
CFTypeRef cfValue = jsObjPtr ? jsObjPtr->CopyCFValue() : 0;
if (cfValue) {
CFTypeID cfType = CFGetTypeID(cfValue); // toPrimitive
if (cfValue == GetCFNull()) {
result = jsNull();
}
else if (cfType == CFBooleanGetTypeID()) {
if (cfValue == kCFBooleanTrue) {
result = jsBoolean(true);
} else {
result = jsBoolean(false);
}
} else if (cfType == CFStringGetTypeID()) {
result = jsString(CFStringToUString((CFStringRef)cfValue));
} else if (cfType == CFNumberGetTypeID()) {
double d = 0.0;
CFNumberGetValue((CFNumberRef)cfValue, kCFNumberDoubleType, &d);
result = jsNumber(d);
} else if (cfType == CFURLGetTypeID()) {
CFURLRef absURL = CFURLCopyAbsoluteURL((CFURLRef)cfValue);
if (absURL) {
result = jsString(CFStringToUString(CFURLGetString(absURL)));
ReleaseCFType(absURL);
}
}
ReleaseCFType(cfValue);
}
if (jsObjPtr)
jsObjPtr->Release();
return result;
}
static CFDictionaryRef _CFUserNotificationModifiedDictionary(CFAllocatorRef allocator, CFDictionaryRef dictionary, SInt32 token, SInt32 timeout, CFStringRef source) {
CFMutableDictionaryRef md = CFDictionaryCreateMutable(allocator, 0, &kCFCopyStringDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFNumberRef tokenNumber = CFNumberCreate(allocator, kCFNumberSInt32Type, &token);
CFNumberRef timeoutNumber = CFNumberCreate(allocator, kCFNumberSInt32Type, &timeout);
CFURLRef url = NULL;
CFStringRef path = NULL;
if (dictionary) CFDictionaryApplyFunction(dictionary, _CFUserNotificationAddToDictionary, md);
if (source) CFDictionaryAddValue(md, kCFUserNotificationAlertSourceKey, source);
if (tokenNumber) {
CFDictionaryAddValue(md, kCFUserNotificationTokenKey, tokenNumber);
CFRelease(tokenNumber);
}
if (timeoutNumber) {
CFDictionaryAddValue(md, kCFUserNotificationTimeoutKey, timeoutNumber);
CFRelease(timeoutNumber);
}
url = CFDictionaryGetValue(md, kCFUserNotificationIconURLKey);
if (url && CFGetTypeID((CFTypeRef)url) == CFURLGetTypeID()) {
url = CFURLCopyAbsoluteURL(url);
CFDictionaryRemoveValue(md, kCFUserNotificationIconURLKey);
path = CFURLCopyFileSystemPath(url, kCFURLPOSIXPathStyle);
CFDictionaryAddValue(md, kCFUserNotificationIconPathKey, path);
CFRelease(url);
CFRelease(path);
}
url = CFDictionaryGetValue(md, kCFUserNotificationSoundURLKey);
if (url && CFGetTypeID((CFTypeRef)url) == CFURLGetTypeID()) {
url = CFURLCopyAbsoluteURL(url);
CFDictionaryRemoveValue(md, kCFUserNotificationSoundURLKey);
path = CFURLCopyFileSystemPath(url, kCFURLPOSIXPathStyle);
CFDictionaryAddValue(md, kCFUserNotificationSoundPathKey, path);
CFRelease(url);
CFRelease(path);
}
url = CFDictionaryGetValue(md, kCFUserNotificationLocalizationURLKey);
if (url && CFGetTypeID((CFTypeRef)url) == CFURLGetTypeID()) {
url = CFURLCopyAbsoluteURL(url);
CFDictionaryRemoveValue(md, kCFUserNotificationLocalizationURLKey);
path = CFURLCopyFileSystemPath(url, kCFURLPOSIXPathStyle);
CFDictionaryAddValue(md, kCFUserNotificationLocalizationPathKey, path);
CFRelease(url);
CFRelease(path);
}
return md;
}
void SocketStreamHandle::chooseProxyFromArray(CFArrayRef proxyArray)
{
if (!proxyArray) {
m_connectionType = Direct;
return;
}
CFIndex proxyArrayCount = CFArrayGetCount(proxyArray);
// PAC is always the first entry, if present.
if (proxyArrayCount) {
CFDictionaryRef proxyInfo = static_cast<CFDictionaryRef>(CFArrayGetValueAtIndex(proxyArray, 0));
CFTypeRef proxyType = CFDictionaryGetValue(proxyInfo, kCFProxyTypeKey);
if (proxyType && CFGetTypeID(proxyType) == CFStringGetTypeID()) {
if (CFEqual(proxyType, kCFProxyTypeAutoConfigurationURL)) {
CFTypeRef pacFileURL = CFDictionaryGetValue(proxyInfo, kCFProxyAutoConfigurationURLKey);
if (pacFileURL && CFGetTypeID(pacFileURL) == CFURLGetTypeID()) {
executePACFileURL(static_cast<CFURLRef>(pacFileURL));
return;
}
}
}
}
CFDictionaryRef chosenProxy = 0;
for (CFIndex i = 0; i < proxyArrayCount; ++i) {
CFDictionaryRef proxyInfo = static_cast<CFDictionaryRef>(CFArrayGetValueAtIndex(proxyArray, i));
CFTypeRef proxyType = CFDictionaryGetValue(proxyInfo, kCFProxyTypeKey);
if (proxyType && CFGetTypeID(proxyType) == CFStringGetTypeID()) {
if (CFEqual(proxyType, kCFProxyTypeSOCKS)) {
m_connectionType = SOCKSProxy;
chosenProxy = proxyInfo;
break;
}
if (CFEqual(proxyType, kCFProxyTypeHTTPS)) {
m_connectionType = CONNECTProxy;
chosenProxy = proxyInfo;
// Keep looking for proxies, as a SOCKS one is preferable.
}
}
}
if (chosenProxy) {
ASSERT(m_connectionType != Unknown);
ASSERT(m_connectionType != Direct);
CFTypeRef proxyHost = CFDictionaryGetValue(chosenProxy, kCFProxyHostNameKey);
CFTypeRef proxyPort = CFDictionaryGetValue(chosenProxy, kCFProxyPortNumberKey);
if (proxyHost && CFGetTypeID(proxyHost) == CFStringGetTypeID() && proxyPort && CFGetTypeID(proxyPort) == CFNumberGetTypeID()) {
m_proxyHost = static_cast<CFStringRef>(proxyHost);
m_proxyPort = static_cast<CFNumberRef>(proxyPort);
return;
}
}
m_connectionType = Direct;
}
//
// Perform common argument normalizations for update operations
//
static void normalizeTarget(CFRef<CFTypeRef> &target, CFDictionary &context, std::string *signUnsigned)
{
// turn CFURLs into (designated) SecRequirements
if (target && CFGetTypeID(target) == CFURLGetTypeID()) {
CFRef<SecStaticCodeRef> code;
MacOSError::check(SecStaticCodeCreateWithPath(target.as<CFURLRef>(), kSecCSDefaultFlags, &code.aref()));
switch (OSStatus rc = SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, (SecRequirementRef *)&target.aref())) {
case noErr: {
// use the *default* DR to avoid unreasonably wide DRs opening up Gatekeeper to attack
CFRef<CFDictionaryRef> info;
MacOSError::check(SecCodeCopySigningInformation(code, kSecCSRequirementInformation, &info.aref()));
target = CFDictionaryGetValue(info, kSecCodeInfoImplicitDesignatedRequirement);
}
break;
case errSecCSUnsigned:
if (signUnsigned) {
// Ad-hoc sign the code temporarily so we can get its code requirement
CFRef<CFDataRef> signature = CFDataCreateMutable(NULL, 0);
CFRef<SecCodeSignerRef> signer;
CFTemp<CFDictionaryRef> arguments("{%O=%O, %O=#N}", kSecCodeSignerDetached, signature.get(), kSecCodeSignerIdentity);
MacOSError::check(SecCodeSignerCreate(arguments, kSecCSDefaultFlags, &signer.aref()));
MacOSError::check(SecCodeSignerAddSignature(signer, code, kSecCSDefaultFlags));
MacOSError::check(SecCodeSetDetachedSignature(code, signature, kSecCSDefaultFlags));
MacOSError::check(SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, (SecRequirementRef *)&target.aref()));
CFRef<CFDictionaryRef> info;
MacOSError::check(SecCodeCopySigningInformation(code, kSecCSInternalInformation, &info.aref()));
if (CFDataRef cdData = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoCodeDirectory)))
*signUnsigned = ((const CodeDirectory *)CFDataGetBytePtr(cdData))->screeningCode();
break;
}
MacOSError::check(rc);
case errSecCSSignatureFailed:
// recover certain cases of broken signatures (well, try)
if (codeInvalidityExceptions(code, NULL)) {
// Ad-hoc sign the code in place (requiring a writable subject). This requires root privileges.
CFRef<SecCodeSignerRef> signer;
CFTemp<CFDictionaryRef> arguments("{%O=#N}", kSecCodeSignerIdentity);
MacOSError::check(SecCodeSignerCreate(arguments, kSecCSDefaultFlags, &signer.aref()));
MacOSError::check(SecCodeSignerAddSignature(signer, code, kSecCSDefaultFlags));
MacOSError::check(SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, (SecRequirementRef *)&target.aref()));
break;
}
MacOSError::check(rc);
default:
MacOSError::check(rc);
}
if (context.get(kSecAssessmentUpdateKeyRemarks) == NULL) {
// no explicit remarks; add one with the path
CFRef<CFURLRef> path;
MacOSError::check(SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref()));
CFMutableDictionaryRef dict = makeCFMutableDictionary(context.get());
CFDictionaryAddValue(dict, kSecAssessmentUpdateKeyRemarks, CFTempString(cfString(path)));
context.take(dict);
}
}
}
static void copyCFDictionary(const void *key, const void *value, void *ctx)
{
CFMutableDictionaryRef target = CFMutableDictionaryRef(ctx);
if (CFEqual(key, kSecAssessmentContextKeyCertificates)) // obsolete
return;
if (CFGetTypeID(value) == CFURLGetTypeID()) {
CFRef<CFStringRef> path = CFURLCopyFileSystemPath(CFURLRef(value), kCFURLPOSIXPathStyle);
CFDictionaryAddValue(target, key, path);
} else {
CFDictionaryAddValue(target, key, value);
}
}
Boolean path_exists(CFTypeRef path) {
if (CFGetTypeID(path) == CFStringGetTypeID()) {
CFURLRef url = CFURLCreateWithFileSystemPath(NULL, path, kCFURLPOSIXPathStyle, true);
Boolean result = CFURLResourceIsReachable(url, NULL);
CFRelease(url);
return result;
} else if (CFGetTypeID(path) == CFURLGetTypeID()) {
return CFURLResourceIsReachable(path, NULL);
} else {
return false;
}
}
void MDSAttrParser::parseAttrs(CFStringRef subdir)
{
/* get all *.mdsinfo files */
CFArrayRef bundleInfoFiles = CFBundleCopyResourceURLsOfType(mBundle,
CFSTR(MDS_INFO_TYPE),
subdir);
if(bundleInfoFiles == NULL) {
Syslog::alert("MDSAttrParser: no mdsattr files for %s", mPath);
return;
}
assert(CFGetTypeID(bundleInfoFiles) == CFArrayGetTypeID());
/* process each .mdsinfo file */
CFIndex numFiles = CFArrayGetCount(bundleInfoFiles);
for(CFIndex i=0; i<numFiles; i++) {
/* get filename as CFURL */
CFURLRef infoUrl = NULL;
infoUrl = reinterpret_cast<CFURLRef>(
CFArrayGetValueAtIndex(bundleInfoFiles, i));
if(infoUrl == NULL) {
MPDebug("MDSAttrParser: CFBundleCopyResourceURLsOfType screwup 1");
continue;
}
if(CFGetTypeID(infoUrl) != CFURLGetTypeID()) {
MPDebug("MDSAttrParser: CFBundleCopyResourceURLsOfType screwup 2");
continue;
}
// @@@ Workaround for 4234967: skip any filename beginning with "._"
CFStringRef lastComponent = CFURLCopyLastPathComponent(infoUrl);
if (lastComponent) {
CFStringRef resFilePfx = CFSTR("._");
// setting the search length and location like this permits,
// e.g., ".foo.mdsinfo" to be valid
CFIndex resFilePfxLen = CFStringGetMaximumSizeForEncoding(CFStringGetLength(resFilePfx), kCFStringEncodingUTF8);
CFRange range = CFRangeMake(0, resFilePfxLen);
Boolean skip = CFStringFindWithOptions(lastComponent,
resFilePfx,
range,
0/*options*/,
NULL/*returned substr*/);
CFRelease(lastComponent);
if (skip == true) {
Syslog::warning("MDSAttrParser: ignoring resource file");
continue;
}
}
parseFile(infoUrl, subdir);
} /* for each mdsinfo */
CF_RELEASE(bundleInfoFiles);
}
string cfString(CFTypeRef it, OSStatus err)
{
if (it == NULL)
MacOSError::throwMe(err);
CFTypeID id = CFGetTypeID(it);
if (id == CFStringGetTypeID())
return cfString(CFStringRef(it));
else if (id == CFURLGetTypeID())
return cfString(CFURLRef(it));
else if (id == CFBundleGetTypeID())
return cfString(CFBundleRef(it));
else
return cfString(CFCopyDescription(it), true);
}
CFDictionaryRef PolicyEngine::remove(CFTypeRef target, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context)
{
if (type == kAuthorityOpenDoc) {
// handle document-open differently: use quarantine flags for whitelisting
authorizeUpdate(flags, context);
if (!target || CFGetTypeID(target) != CFURLGetTypeID())
MacOSError::throwMe(errSecCSInvalidObjectRef);
std::string spath = cfString(CFURLRef(target)).c_str();
FileQuarantine qtn(spath.c_str());
qtn.clearFlag(QTN_FLAG_ASSESSMENT_OK);
qtn.applyTo(spath.c_str());
return NULL;
}
return manipulateRules("DELETE FROM authority", target, type, flags, context);
}
void extractQuarantineProperty(const std::string &table_key_name,
CFTypeRef property,
const std::string &path,
QueryData &results) {
std::string value;
if (CFGetTypeID(property) == CFStringGetTypeID()) {
value = stringFromCFString((CFStringRef)property);
} else if (CFGetTypeID(property) == CFDateGetTypeID()) {
auto unix_time = CFDateGetAbsoluteTime((CFDateRef)property) +
kCFAbsoluteTimeIntervalSince1970;
value = INTEGER(std::llround(unix_time));
} else if (CFGetTypeID(property) == CFURLGetTypeID()) {
value = stringFromCFString(CFURLGetString((CFURLRef)property));
}
setRow(results, path, table_key_name, value);
}
CFDictionaryRef xpcEngineUpdate(CFTypeRef target, uint flags, CFDictionaryRef context)
{
Message msg("update");
// target can be NULL, a CFURLRef, a SecRequirementRef, or a CFNumberRef
if (target) {
if (CFGetTypeID(target) == CFNumberGetTypeID())
xpc_dictionary_set_uint64(msg, "rule", cfNumber<int64_t>(CFNumberRef(target)));
else if (CFGetTypeID(target) == CFURLGetTypeID())
xpc_dictionary_set_string(msg, "url", cfString(CFURLRef(target)).c_str());
else if (CFGetTypeID(target) == SecRequirementGetTypeID()) {
CFRef<CFDataRef> data;
MacOSError::check(SecRequirementCopyData(SecRequirementRef(target), kSecCSDefaultFlags, &data.aref()));
xpc_dictionary_set_data(msg, "requirement", CFDataGetBytePtr(data), CFDataGetLength(data));
} else
MacOSError::throwMe(errSecCSInvalidObjectRef);
}
xpc_dictionary_set_int64(msg, "flags", flags);
CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary();
if (context)
CFDictionaryApplyFunction(context, copyCFDictionary, ctx);
AuthorizationRef localAuthorization = NULL;
if (CFDictionaryGetValue(ctx, kSecAssessmentUpdateKeyAuthorization) == NULL) { // no caller-provided authorization
MacOSError::check(AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &localAuthorization));
AuthorizationExternalForm extForm;
MacOSError::check(AuthorizationMakeExternalForm(localAuthorization, &extForm));
CFDictionaryAddValue(ctx, kSecAssessmentUpdateKeyAuthorization, CFTempData(&extForm, sizeof(extForm)));
}
CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx));
xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData));
msg.send();
if (localAuthorization)
AuthorizationFree(localAuthorization, kAuthorizationFlagDefaults);
if (int64_t error = xpc_dictionary_get_int64(msg, "error"))
MacOSError::throwMe(error);
size_t resultLength;
const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength);
return makeCFDictionaryFrom(resultData, resultLength);
}
CFTypeID Url::type_id() {
return CFURLGetTypeID();
}
static pascal OSStatus DataBrowserDataCallback(
ControlRef browser,
DataBrowserItemID item,
DataBrowserPropertyID property,
DataBrowserItemDataRef itemData,
Boolean setValue
)
// Called by the data browser control to get information about the
// data that it's displaying. item is the row in the list, which in this
// case is the index (plus one) into the gItems CFArray that represents
// the login items list. property is the column in the list; these values
// are set in the .nib file. When asked for data, the routine looks up
// the item'th element of gItems and then extracts the appropriate key
// from that dictionary.
{
OSStatus err;
CFDictionaryRef dict;
CFBooleanRef hidden;
CFURLRef url;
CFStringRef str;
assert(browser == gDataControl);
assert( (item != kDataBrowserNoItem) && (item <= CFArrayGetCount(gItems)) );
assert( (property < 1024) || (property == 'hidn') || (property == 'URL ') );
assert( ! setValue );
// gItems can only be NULL before the first call to DoRefresh as the
// application starts up. Data browser should never be calling us to
// get information about items during that time, because we haven't
// added any items to the data browser. Thus, we shouldn't be called
// when gItems is NULL.
assert( gItems != NULL );
switch (property) {
case 'hidn':
dict = (CFDictionaryRef) CFArrayGetValueAtIndex(gItems, (CFIndex) (item - 1));
assert( (dict != NULL) && (CFGetTypeID(dict) == CFDictionaryGetTypeID()) );
hidden = (CFBooleanRef) CFDictionaryGetValue(dict, kLIAEHidden);
assert( (hidden != NULL) && (CFGetTypeID(hidden) == CFBooleanGetTypeID()) );
err = SetDataBrowserItemDataText(
itemData,
(CFBooleanGetValue(hidden) ? CFSTR("yes") : CFSTR("no"))
);
break;
case 'URL ':
dict = (CFDictionaryRef) CFArrayGetValueAtIndex(gItems, (CFIndex) (item - 1));
assert( (dict != NULL) && (CFGetTypeID(dict) == CFDictionaryGetTypeID()) );
url = (CFURLRef) CFDictionaryGetValue(dict, kLIAEURL);
assert( (url != NULL) && (CFGetTypeID(url) == CFURLGetTypeID()) );
str = CFURLGetString(url);
err = SetDataBrowserItemDataText(itemData, str);
break;
default:
err = noErr;
break;
}
assert(err == noErr);
return err;
}
bool UserObjectImp::toBoolean(ExecState *exec) const
{
bool result = false;
JSUserObject* jsObjPtr = KJSValueToJSObject(toObject(exec), exec);
CFTypeRef cfValue = jsObjPtr ? jsObjPtr->CopyCFValue() : 0;
if (cfValue)
{
CFTypeID cfType = CFGetTypeID(cfValue); // toPrimitive
if (cfValue == GetCFNull())
{
//
}
else if (cfType == CFBooleanGetTypeID())
{
if (cfValue == kCFBooleanTrue)
{
result = true;
}
}
else if (cfType == CFStringGetTypeID())
{
if (CFStringGetLength((CFStringRef)cfValue))
{
result = true;
}
}
else if (cfType == CFNumberGetTypeID())
{
if (cfValue != kCFNumberNaN)
{
double d;
if (CFNumberGetValue((CFNumberRef)cfValue, kCFNumberDoubleType, &d))
{
if (d != 0)
{
result = true;
}
}
}
}
else if (cfType == CFArrayGetTypeID())
{
if (CFArrayGetCount((CFArrayRef)cfValue))
{
result = true;
}
}
else if (cfType == CFDictionaryGetTypeID())
{
if (CFDictionaryGetCount((CFDictionaryRef)cfValue))
{
result = true;
}
}
else if (cfType == CFSetGetTypeID())
{
if (CFSetGetCount((CFSetRef)cfValue))
{
result = true;
}
}
else if (cfType == CFURLGetTypeID())
{
CFURLRef absURL = CFURLCopyAbsoluteURL((CFURLRef)cfValue);
if (absURL)
{
CFStringRef cfStr = CFURLGetString(absURL);
if (cfStr && CFStringGetLength(cfStr))
{
result = true;
}
ReleaseCFType(absURL);
}
}
}
if (jsObjPtr) jsObjPtr->Release();
ReleaseCFType(cfValue);
return result;
}
static void processProxyServers(Vector<ProxyServer>& proxyServers, CFArrayRef proxies, CFURLRef url)
{
CFIndex numProxies = CFArrayGetCount(proxies);
for (CFIndex i = 0; i < numProxies; ++i) {
CFDictionaryRef proxyDictionary = static_cast<CFDictionaryRef>(CFArrayGetValueAtIndex(proxies, i));
ProxyServer::Type type = ProxyServer::Direct;
CFStringRef typeString = static_cast<CFStringRef>(CFDictionaryGetValue(proxyDictionary, kCFProxyTypeKey));
if (!url) {
// If we have no URL then we're processing an auto-configuration response.
// It isn't sensible to receive another auto-configured proxy in such a response.
ASSERT(!CFEqual(typeString, kCFProxyTypeAutoConfigurationURL));
}
if (CFEqual(typeString, kCFProxyTypeAutoConfigurationURL)) {
if (!url)
continue;
// FIXME: We should restructure to allow this to happen asynchronously.
CFURLRef scriptURL = static_cast<CFURLRef>(CFDictionaryGetValue(proxyDictionary, kCFProxyAutoConfigurationURLKey));
if (!scriptURL || CFGetTypeID(scriptURL) != CFURLGetTypeID())
continue;
CFStreamClientContext context = { 0, (void*)&proxyServers, 0, 0, 0 };
RetainPtr<CFRunLoopSourceRef> runLoopSource(AdoptCF, CFNetworkExecuteProxyAutoConfigurationURL(scriptURL, url, proxyAutoConfigurationResultCallback, &context));
CFStringRef privateRunLoopMode = CFSTR("com.apple.WebKit.ProxyAutoConfiguration");
CFTimeInterval timeout = 5;
CFRunLoopAddSource(CFRunLoopGetCurrent(), runLoopSource.get(), privateRunLoopMode);
CFRunLoopRunInMode(privateRunLoopMode, timeout, 0);
CFRunLoopRemoveSource(CFRunLoopGetCurrent(), runLoopSource.get(), privateRunLoopMode);
CFRunLoopSourceInvalidate(runLoopSource.get());
// The proxyAutoConfigurationResultCallback has added any relevant ProxyServers to proxyServers.
continue;
}
if (CFEqual(typeString, kCFProxyTypeNone)) {
proxyServers.append(ProxyServer(ProxyServer::Direct, String(), -1));
continue;
}
if (CFEqual(typeString, kCFProxyTypeHTTP))
type = ProxyServer::HTTP;
else if (CFEqual(typeString, kCFProxyTypeHTTPS))
type = ProxyServer::HTTPS;
else if (CFEqual(typeString, kCFProxyTypeSOCKS))
type = ProxyServer::SOCKS;
else {
// We don't know how to handle this type.
continue;
}
CFStringRef host = static_cast<CFStringRef>(CFDictionaryGetValue(proxyDictionary, kCFProxyHostNameKey));
CFNumberRef port = static_cast<CFNumberRef>(CFDictionaryGetValue(proxyDictionary, kCFProxyPortNumberKey));
SInt32 portValue;
CFNumberGetValue(port, kCFNumberSInt32Type, &portValue);
proxyServers.append(ProxyServer(type, host, portValue));
}
}
CFTypeID URL::GetTypeID( void ) const
{
return CFURLGetTypeID();
}
bool Type::IsURL( void ) const
{
return this->GetTypeID() == CFURLGetTypeID();
}
CFStringRef FSCopyFormatNameForFSType(CFStringRef fsType, int16_t fsSubtype, bool localized, bool encrypted)
{
CFTypeRef formatName;
CFStringRef formatNameTableKey;
CFIndex indx;
if (NULL == fsType) return NULL;
// Create a key for cache localized name table (i.e. "0hfs0")
formatNameTableKey = CFStringCreateWithFormat(NULL, NULL, CFSTR("%d%@%d"), (localized ? 1 : 0), fsType, fsSubtype);
// Use OSSpinLock to protect the table accessed from multiple threads
OSSpinLockLock(&__FSLocalizedNameTableLock);
formatName = (void*)((NULL == __FSLocalizedNameTable) ? NULL : CFDictionaryGetValue(__FSLocalizedNameTable, (const void *)formatNameTableKey));
OSSpinLockUnlock(&__FSLocalizedNameTableLock);
if (NULL == formatName) { // not in the cache
CFBundleRef bundle = NULL;
CFURLRef bundleURL;
CFStringRef fsTypeName;
static CFArrayRef searchPaths = NULL;
/* Construct a bundle path URL from the fsType argument and create a CFBundle. We search (using CFCopySearchPathForDirectoriesInDomains) /Network/Library/Filesystems, /Library/Filesystems, and /System/Library/Filesystems. */
// Create CFURL for /System/Library/Filesystems and cache it
if (NULL == searchPaths) {
CFArrayRef tmpPaths = CFCopySearchPathForDirectoriesInDomains(kCFLibraryDirectory, kCFSystemDomainMask | kCFNetworkDomainMask | kCFLocalDomainMask, true);
CFMutableArrayRef tmpStrings;
CFIndex i;
if (NULL == tmpPaths)
return NULL; // No directories to search?!?!
tmpStrings = CFArrayCreateMutable(NULL, CFArrayGetCount(tmpPaths), NULL);
if (tmpStrings == NULL)
goto done;
for (i = 0; i < CFArrayGetCount(tmpPaths); i++) {
CFStringRef tStr;
CFURLRef tURL;
char path[PATH_MAX + 1];
CFTypeRef tobject = CFArrayGetValueAtIndex(tmpPaths, i);
if (CFGetTypeID(tobject) == CFURLGetTypeID()) {
if (false ==
CFURLGetFileSystemRepresentation(
tobject,
false,
(UInt8*)path,
sizeof(path))) {
goto done;
}
} else if (CFGetTypeID(tobject) == CFStringGetTypeID()) {
CFStringGetCString(tobject, path, sizeof(path), kCFStringEncodingUTF8);
} else {
goto done;
}
strlcat(path, "/Filesystems", sizeof(path));
tStr = CFStringCreateWithCString(NULL, path, kCFStringEncodingUTF8);
if (tStr == NULL)
goto done;
tURL = CFURLCreateWithFileSystemPath(NULL, tStr, kCFURLPOSIXPathStyle, true);
if (tURL) {
CFArrayAppendValue(tmpStrings, tURL);
}
CFRelease(tStr);
}
searchPaths = CFArrayCreateCopy(NULL, tmpStrings);
done:
CFRelease(tmpStrings);
CFRelease(tmpPaths);
if (searchPaths == NULL)
return NULL;
}
for (indx = 0; indx < CFArrayGetCount(searchPaths); indx++) {
CFURLRef libRef = CFArrayGetValueAtIndex(searchPaths, indx);
fsTypeName = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@.fs"), fsType);
bundleURL = CFURLCreateWithFileSystemPathRelativeToBase(NULL, fsTypeName, kCFURLPOSIXPathStyle, true, libRef);
bundle = CFBundleCreate(NULL, bundleURL);
CFRelease(fsTypeName);
CFRelease(bundleURL);
if (NULL != bundle) {
break;
}
}
if (NULL != bundle) { // the bundle exists at path
CFDictionaryRef localPersonalities = NULL;
// Access the Info dictionary in the bundle
CFDictionaryRef bundleDict = CFBundleGetInfoDictionary(bundle);
// Get localized FSPersonalities only if we want localized name
if (localized == true) {
localPersonalities = CFBundleGetValueForInfoDictionaryKey(bundle, KEY_FS_PERSONALITIES);
//NSLog(CFSTR("localPersonalities = %@\n"), localPersonalities);
}
/* Get global FSPersonalities. We need to access this since FSSubType exists only
* in global FSPersonalities
*/
CFDictionaryRef globalPersonalities = CFDictionaryGetValue(bundleDict, (const void *) KEY_FS_PERSONALITIES);
//NSLog(CFSTR("globalPersonalities = %@\n"), globalPersonalities);
CFIndex numPersonalities;
if (((NULL != localPersonalities) || (localized == false)) && // localPersonalities or we don't want localizations
(NULL != globalPersonalities) &&
((numPersonalities = CFDictionaryGetCount(globalPersonalities)) > 0)) {
// read all FSPersonalities keys and values
CFDictionaryRef valuesBuffer[MAX_FS_SUBTYPES];
CFStringRef keysBuffer[MAX_FS_SUBTYPES];
CFDictionaryRef *values = ((numPersonalities > MAX_FS_SUBTYPES) ? (CFDictionaryRef *)malloc(sizeof(CFDictionaryRef) * numPersonalities) : valuesBuffer);
CFStringRef *keys = ((numPersonalities > MAX_FS_SUBTYPES) ? (CFStringRef *)malloc(sizeof(CFStringRef) * numPersonalities) : keysBuffer);
CFDictionaryGetKeysAndValues(globalPersonalities, (const void **)keys, (const void **)values);
// create CFNumberRef for the FSSubType
CFNumberRef subTypeID = CFNumberCreate(NULL, kCFNumberSInt16Type, (const void *)&fsSubtype);
CFStringRef FSNameKey = NULL;
// search for valid FSSubType - we will use its key from global FSPersonalties to
// access FSName from localized FSPersonalities
CFIndex index;
CFNumberRef readSubTypeID;
for (index = 0; index < numPersonalities; index++) {
if ((true == CFDictionaryGetValueIfPresent(values[index], (const void *)KEY_FS_SUBTYPE, (const void **)&readSubTypeID)) &&
(CFNumberCompare(subTypeID, readSubTypeID, NULL) == 0)) {
FSNameKey = keys[index];
break;
}
}
CFRelease(subTypeID);
/* If a personality hasn't been found, use the last value in the dictionary (note the content of CFDictionary is unordered so choosing the last doesn't produce consistent result) */
if (NULL == FSNameKey) {
FSNameKey = keys[numPersonalities - 1]; // is selecting the last entry right ?
}
// Get FSName from the FSPersonalities entry
CFDictionaryRef FSNameDict;
if (localized == true) {
FSNameDict = CFDictionaryGetValue(localPersonalities, FSNameKey);
} else {
FSNameDict = CFDictionaryGetValue(globalPersonalities, FSNameKey);
}
if (NULL != FSNameDict) {
CFStringRef tempName = CFDictionaryGetValue(FSNameDict, (const void *)KEY_FS_NAME);
CFStringRef encrName = CFDictionaryGetValue(FSNameDict, CFSTR(kFSCoreStorageEncryptNameKey));
if (tempName) {
if (encrName) {
formatName = (void*)CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
if (formatName != NULL) {
(void)CFDictionarySetValue((void*)formatName, tempName, encrName);
}
} else {
formatName = tempName;
}
}
}
if (values != valuesBuffer) free(values);
if (keys != keysBuffer) free(keys);
}
}
// If all failed, return "Unknown format (f_fstypename)" as the last resort
if (NULL == formatName) {
static CFStringRef unknownTypeString = NULL;
CFStringRef unknownFSNameString = NULL;
// This should use the framework bundle this code resides. CarbonCore ??? */
if (NULL == unknownTypeString) unknownTypeString = CFCopyLocalizedString(UNKNOWN_FS_NAME, "This string is displayed when localized file system name cannot be determined.");
unknownFSNameString = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@ (%@)"), unknownTypeString, fsType);
formatName = (void*)unknownFSNameString;
}
// Cache the result
OSSpinLockLock(&__FSLocalizedNameTableLock);
if (NULL == __FSLocalizedNameTable) __FSLocalizedNameTable = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
// NSLog(CFSTR("Setting value %@ for key %@\n"), formatName, formatNameTableKey);
CFDictionarySetValue(__FSLocalizedNameTable, (const void *)formatNameTableKey, (const void *)formatName);
OSSpinLockUnlock(&__FSLocalizedNameTableLock);
// NSLog(CFSTR("Localized Name Table = %@\n"), __FSLocalizedNameTable);
if (NULL != bundle) CFRelease(bundle); // it has to be released here since formatName might be owned by the bundle
}
CFRelease(formatNameTableKey);
if (CFGetTypeID(formatName) == CFStringGetTypeID()) {
return CFRetain(formatName);
} else if (CFGetTypeID(formatName) == CFDictionaryGetTypeID()) {
// Dictionary with the (possibly localized) name as the key, and the encrypted name as the value
// If we want the encrypted name, we return the value, else we return the key
size_t numEntries = CFDictionaryGetCount((void*)formatName);
void *keyNames[numEntries];
void *values[numEntries];
CFDictionaryGetKeysAndValues((void*)formatName, (const void**)&keyNames, (const void**)&values);
if (encrypted)
return CFRetain(values[0]);
else
return CFRetain(keyNames[0]);
}
return CFRetain(formatName);
}
UString UserObjectImp::toString(ExecState *exec) const
{
UString result;
JSUserObject* jsObjPtr = KJSValueToJSObject(toObject(exec), exec);
CFTypeRef cfValue = jsObjPtr ? jsObjPtr->CopyCFValue() : 0;
if (cfValue)
{
CFTypeID cfType = CFGetTypeID(cfValue);
if (cfValue == GetCFNull())
{
//
}
else if (cfType == CFBooleanGetTypeID())
{
if (cfValue == kCFBooleanTrue)
{
result = "true";
}
else
{
result = "false";
}
}
else if (cfType == CFStringGetTypeID())
{
result = CFStringToUString((CFStringRef)cfValue);
}
else if (cfType == CFNumberGetTypeID())
{
if (cfValue == kCFNumberNaN)
{
result = "Nan";
}
else if (CFNumberCompare(kCFNumberPositiveInfinity, (CFNumberRef)cfValue, 0) == 0)
{
result = "Infinity";
}
else if (CFNumberCompare(kCFNumberNegativeInfinity, (CFNumberRef)cfValue, 0) == 0)
{
result = "-Infinity";
}
else
{
CFStringRef cfNumStr;
double d = 0;
CFNumberGetValue((CFNumberRef)cfValue, kCFNumberDoubleType, &d);
if (CFNumberIsFloatType((CFNumberRef)cfValue))
{
cfNumStr = CFStringCreateWithFormat(0, 0, CFSTR("%f"), d);
}
else
{
cfNumStr = CFStringCreateWithFormat(0, 0, CFSTR("%.0f"), d);
}
result = CFStringToUString(cfNumStr);
ReleaseCFType(cfNumStr);
}
}
else if (cfType == CFArrayGetTypeID())
{
//
}
else if (cfType == CFDictionaryGetTypeID())
{
//
}
else if (cfType == CFSetGetTypeID())
{
//
}
else if (cfType == CFURLGetTypeID())
{
CFURLRef absURL = CFURLCopyAbsoluteURL((CFURLRef)cfValue);
if (absURL)
{
CFStringRef cfStr = CFURLGetString(absURL);
if (cfStr)
{
result = CFStringToUString(cfStr);
}
ReleaseCFType(absURL);
}
}
}
ReleaseCFType(cfValue);
if (jsObjPtr) jsObjPtr->Release();
return result;
}
//
// Add a rule to the policy database
//
CFDictionaryRef PolicyEngine::add(CFTypeRef inTarget, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context)
{
// default type to execution
if (type == kAuthorityInvalid)
type = kAuthorityExecute;
authorizeUpdate(flags, context);
CFDictionary ctx(context, errSecCSInvalidAttributeValues);
CFCopyRef<CFTypeRef> target = inTarget;
CFRef<CFDataRef> bookmark = NULL;
std::string filter_unsigned;
switch (type) {
case kAuthorityExecute:
normalizeTarget(target, ctx, &filter_unsigned);
// bookmarks are untrusted and just a hint to callers
bookmark = ctx.get<CFDataRef>(kSecAssessmentRuleKeyBookmark);
break;
case kAuthorityInstall:
if (inTarget && CFGetTypeID(inTarget) == CFURLGetTypeID()) {
// no good way to turn an installer file into a requirement. Pretend to succeeed so caller proceeds
return cfmake<CFDictionaryRef>("{%O=%O}", kSecAssessmentAssessmentAuthorityOverride, CFSTR("virtual install"));
}
break;
case kAuthorityOpenDoc:
// handle document-open differently: use quarantine flags for whitelisting
if (!target || CFGetTypeID(target) != CFURLGetTypeID()) // can only "add" file paths
MacOSError::throwMe(errSecCSInvalidObjectRef);
try {
std::string spath = cfString(target.as<CFURLRef>());
FileQuarantine qtn(spath.c_str());
qtn.setFlag(QTN_FLAG_ASSESSMENT_OK);
qtn.applyTo(spath.c_str());
} catch (const CommonError &error) {
// could not set quarantine flag - report qualified success
return cfmake<CFDictionaryRef>("{%O=%O,'assessment:error'=%d}",
kSecAssessmentAssessmentAuthorityOverride, CFSTR("error setting quarantine"), error.osStatus());
} catch (...) {
return cfmake<CFDictionaryRef>("{%O=%O}", kSecAssessmentAssessmentAuthorityOverride, CFSTR("unable to set quarantine"));
}
return NULL;
}
// if we now have anything else, we're busted
if (!target || CFGetTypeID(target) != SecRequirementGetTypeID())
MacOSError::throwMe(errSecCSInvalidObjectRef);
double priority = 0;
string label;
bool allow = true;
double expires = never;
string remarks;
if (CFNumberRef pri = ctx.get<CFNumberRef>(kSecAssessmentUpdateKeyPriority))
CFNumberGetValue(pri, kCFNumberDoubleType, &priority);
if (CFStringRef lab = ctx.get<CFStringRef>(kSecAssessmentUpdateKeyLabel))
label = cfString(lab);
if (CFDateRef time = ctx.get<CFDateRef>(kSecAssessmentUpdateKeyExpires))
// we're using Julian dates here; convert from CFDate
expires = dateToJulian(time);
if (CFBooleanRef allowing = ctx.get<CFBooleanRef>(kSecAssessmentUpdateKeyAllow))
allow = allowing == kCFBooleanTrue;
if (CFStringRef rem = ctx.get<CFStringRef>(kSecAssessmentUpdateKeyRemarks))
remarks = cfString(rem);
CFRef<CFStringRef> requirementText;
MacOSError::check(SecRequirementCopyString(target.as<SecRequirementRef>(), kSecCSDefaultFlags, &requirementText.aref()));
SQLite::Transaction xact(*this, SQLite3::Transaction::deferred, "add_rule");
SQLite::Statement insert(*this,
"INSERT INTO authority (type, allow, requirement, priority, label, expires, filter_unsigned, remarks)"
" VALUES (:type, :allow, :requirement, :priority, :label, :expires, :filter_unsigned, :remarks);");
insert.bind(":type").integer(type);
insert.bind(":allow").integer(allow);
insert.bind(":requirement") = requirementText.get();
insert.bind(":priority") = priority;
if (!label.empty())
insert.bind(":label") = label;
insert.bind(":expires") = expires;
insert.bind(":filter_unsigned") = filter_unsigned.empty() ? NULL : filter_unsigned.c_str();
if (!remarks.empty())
insert.bind(":remarks") = remarks;
insert.execute();
SQLite::int64 newRow = this->lastInsert();
if (bookmark) {
SQLite::Statement bi(*this, "INSERT INTO bookmarkhints (bookmark, authority) VALUES (:bookmark, :authority)");
bi.bind(":bookmark") = CFDataRef(bookmark);
bi.bind(":authority").integer(newRow);
bi.execute();
}
this->purgeObjects(priority);
xact.commit();
notify_post(kNotifySecAssessmentUpdate);
return cfmake<CFDictionaryRef>("{%O=%d}", kSecAssessmentUpdateKeyRow, newRow);
}
