static CFType typeFromCFTypeRef(CFTypeRef type) { ASSERT(type); if (type == tokenNullTypeRef()) return Null; CFTypeID typeID = CFGetTypeID(type); if (typeID == CFArrayGetTypeID()) return CFArray; if (typeID == CFBooleanGetTypeID()) return CFBoolean; if (typeID == CFDataGetTypeID()) return CFData; if (typeID == CFDictionaryGetTypeID()) return CFDictionary; if (typeID == CFNullGetTypeID()) return CFNull; if (typeID == CFNumberGetTypeID()) return CFNumber; if (typeID == CFStringGetTypeID()) return CFString; if (typeID == CFURLGetTypeID()) return CFURL; #if PLATFORM(MAC) if (typeID == SecCertificateGetTypeID()) return SecCertificate; #endif ASSERT_NOT_REACHED(); return Unknown; }
JSValue *UserObjectImp::toPrimitive(ExecState *exec, JSType preferredType) const { JSValue *result = jsUndefined(); JSUserObject* jsObjPtr = KJSValueToJSObject(toObject(exec), exec); CFTypeRef cfValue = jsObjPtr ? jsObjPtr->CopyCFValue() : 0; if (cfValue) { CFTypeID cfType = CFGetTypeID(cfValue); // toPrimitive if (cfValue == GetCFNull()) { result = jsNull(); } else if (cfType == CFBooleanGetTypeID()) { if (cfValue == kCFBooleanTrue) { result = jsBoolean(true); } else { result = jsBoolean(false); } } else if (cfType == CFStringGetTypeID()) { result = jsString(CFStringToUString((CFStringRef)cfValue)); } else if (cfType == CFNumberGetTypeID()) { double d = 0.0; CFNumberGetValue((CFNumberRef)cfValue, kCFNumberDoubleType, &d); result = jsNumber(d); } else if (cfType == CFURLGetTypeID()) { CFURLRef absURL = CFURLCopyAbsoluteURL((CFURLRef)cfValue); if (absURL) { result = jsString(CFStringToUString(CFURLGetString(absURL))); ReleaseCFType(absURL); } } ReleaseCFType(cfValue); } if (jsObjPtr) jsObjPtr->Release(); return result; }
static CFDictionaryRef _CFUserNotificationModifiedDictionary(CFAllocatorRef allocator, CFDictionaryRef dictionary, SInt32 token, SInt32 timeout, CFStringRef source) { CFMutableDictionaryRef md = CFDictionaryCreateMutable(allocator, 0, &kCFCopyStringDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFNumberRef tokenNumber = CFNumberCreate(allocator, kCFNumberSInt32Type, &token); CFNumberRef timeoutNumber = CFNumberCreate(allocator, kCFNumberSInt32Type, &timeout); CFURLRef url = NULL; CFStringRef path = NULL; if (dictionary) CFDictionaryApplyFunction(dictionary, _CFUserNotificationAddToDictionary, md); if (source) CFDictionaryAddValue(md, kCFUserNotificationAlertSourceKey, source); if (tokenNumber) { CFDictionaryAddValue(md, kCFUserNotificationTokenKey, tokenNumber); CFRelease(tokenNumber); } if (timeoutNumber) { CFDictionaryAddValue(md, kCFUserNotificationTimeoutKey, timeoutNumber); CFRelease(timeoutNumber); } url = CFDictionaryGetValue(md, kCFUserNotificationIconURLKey); if (url && CFGetTypeID((CFTypeRef)url) == CFURLGetTypeID()) { url = CFURLCopyAbsoluteURL(url); CFDictionaryRemoveValue(md, kCFUserNotificationIconURLKey); path = CFURLCopyFileSystemPath(url, kCFURLPOSIXPathStyle); CFDictionaryAddValue(md, kCFUserNotificationIconPathKey, path); CFRelease(url); CFRelease(path); } url = CFDictionaryGetValue(md, kCFUserNotificationSoundURLKey); if (url && CFGetTypeID((CFTypeRef)url) == CFURLGetTypeID()) { url = CFURLCopyAbsoluteURL(url); CFDictionaryRemoveValue(md, kCFUserNotificationSoundURLKey); path = CFURLCopyFileSystemPath(url, kCFURLPOSIXPathStyle); CFDictionaryAddValue(md, kCFUserNotificationSoundPathKey, path); CFRelease(url); CFRelease(path); } url = CFDictionaryGetValue(md, kCFUserNotificationLocalizationURLKey); if (url && CFGetTypeID((CFTypeRef)url) == CFURLGetTypeID()) { url = CFURLCopyAbsoluteURL(url); CFDictionaryRemoveValue(md, kCFUserNotificationLocalizationURLKey); path = CFURLCopyFileSystemPath(url, kCFURLPOSIXPathStyle); CFDictionaryAddValue(md, kCFUserNotificationLocalizationPathKey, path); CFRelease(url); CFRelease(path); } return md; }
void SocketStreamHandle::chooseProxyFromArray(CFArrayRef proxyArray) { if (!proxyArray) { m_connectionType = Direct; return; } CFIndex proxyArrayCount = CFArrayGetCount(proxyArray); // PAC is always the first entry, if present. if (proxyArrayCount) { CFDictionaryRef proxyInfo = static_cast<CFDictionaryRef>(CFArrayGetValueAtIndex(proxyArray, 0)); CFTypeRef proxyType = CFDictionaryGetValue(proxyInfo, kCFProxyTypeKey); if (proxyType && CFGetTypeID(proxyType) == CFStringGetTypeID()) { if (CFEqual(proxyType, kCFProxyTypeAutoConfigurationURL)) { CFTypeRef pacFileURL = CFDictionaryGetValue(proxyInfo, kCFProxyAutoConfigurationURLKey); if (pacFileURL && CFGetTypeID(pacFileURL) == CFURLGetTypeID()) { executePACFileURL(static_cast<CFURLRef>(pacFileURL)); return; } } } } CFDictionaryRef chosenProxy = 0; for (CFIndex i = 0; i < proxyArrayCount; ++i) { CFDictionaryRef proxyInfo = static_cast<CFDictionaryRef>(CFArrayGetValueAtIndex(proxyArray, i)); CFTypeRef proxyType = CFDictionaryGetValue(proxyInfo, kCFProxyTypeKey); if (proxyType && CFGetTypeID(proxyType) == CFStringGetTypeID()) { if (CFEqual(proxyType, kCFProxyTypeSOCKS)) { m_connectionType = SOCKSProxy; chosenProxy = proxyInfo; break; } if (CFEqual(proxyType, kCFProxyTypeHTTPS)) { m_connectionType = CONNECTProxy; chosenProxy = proxyInfo; // Keep looking for proxies, as a SOCKS one is preferable. } } } if (chosenProxy) { ASSERT(m_connectionType != Unknown); ASSERT(m_connectionType != Direct); CFTypeRef proxyHost = CFDictionaryGetValue(chosenProxy, kCFProxyHostNameKey); CFTypeRef proxyPort = CFDictionaryGetValue(chosenProxy, kCFProxyPortNumberKey); if (proxyHost && CFGetTypeID(proxyHost) == CFStringGetTypeID() && proxyPort && CFGetTypeID(proxyPort) == CFNumberGetTypeID()) { m_proxyHost = static_cast<CFStringRef>(proxyHost); m_proxyPort = static_cast<CFNumberRef>(proxyPort); return; } } m_connectionType = Direct; }
// // Perform common argument normalizations for update operations // static void normalizeTarget(CFRef<CFTypeRef> &target, CFDictionary &context, std::string *signUnsigned) { // turn CFURLs into (designated) SecRequirements if (target && CFGetTypeID(target) == CFURLGetTypeID()) { CFRef<SecStaticCodeRef> code; MacOSError::check(SecStaticCodeCreateWithPath(target.as<CFURLRef>(), kSecCSDefaultFlags, &code.aref())); switch (OSStatus rc = SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, (SecRequirementRef *)&target.aref())) { case noErr: { // use the *default* DR to avoid unreasonably wide DRs opening up Gatekeeper to attack CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(code, kSecCSRequirementInformation, &info.aref())); target = CFDictionaryGetValue(info, kSecCodeInfoImplicitDesignatedRequirement); } break; case errSecCSUnsigned: if (signUnsigned) { // Ad-hoc sign the code temporarily so we can get its code requirement CFRef<CFDataRef> signature = CFDataCreateMutable(NULL, 0); CFRef<SecCodeSignerRef> signer; CFTemp<CFDictionaryRef> arguments("{%O=%O, %O=#N}", kSecCodeSignerDetached, signature.get(), kSecCodeSignerIdentity); MacOSError::check(SecCodeSignerCreate(arguments, kSecCSDefaultFlags, &signer.aref())); MacOSError::check(SecCodeSignerAddSignature(signer, code, kSecCSDefaultFlags)); MacOSError::check(SecCodeSetDetachedSignature(code, signature, kSecCSDefaultFlags)); MacOSError::check(SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, (SecRequirementRef *)&target.aref())); CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(code, kSecCSInternalInformation, &info.aref())); if (CFDataRef cdData = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoCodeDirectory))) *signUnsigned = ((const CodeDirectory *)CFDataGetBytePtr(cdData))->screeningCode(); break; } MacOSError::check(rc); case errSecCSSignatureFailed: // recover certain cases of broken signatures (well, try) if (codeInvalidityExceptions(code, NULL)) { // Ad-hoc sign the code in place (requiring a writable subject). This requires root privileges. CFRef<SecCodeSignerRef> signer; CFTemp<CFDictionaryRef> arguments("{%O=#N}", kSecCodeSignerIdentity); MacOSError::check(SecCodeSignerCreate(arguments, kSecCSDefaultFlags, &signer.aref())); MacOSError::check(SecCodeSignerAddSignature(signer, code, kSecCSDefaultFlags)); MacOSError::check(SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, (SecRequirementRef *)&target.aref())); break; } MacOSError::check(rc); default: MacOSError::check(rc); } if (context.get(kSecAssessmentUpdateKeyRemarks) == NULL) { // no explicit remarks; add one with the path CFRef<CFURLRef> path; MacOSError::check(SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref())); CFMutableDictionaryRef dict = makeCFMutableDictionary(context.get()); CFDictionaryAddValue(dict, kSecAssessmentUpdateKeyRemarks, CFTempString(cfString(path))); context.take(dict); } } }
static void copyCFDictionary(const void *key, const void *value, void *ctx) { CFMutableDictionaryRef target = CFMutableDictionaryRef(ctx); if (CFEqual(key, kSecAssessmentContextKeyCertificates)) // obsolete return; if (CFGetTypeID(value) == CFURLGetTypeID()) { CFRef<CFStringRef> path = CFURLCopyFileSystemPath(CFURLRef(value), kCFURLPOSIXPathStyle); CFDictionaryAddValue(target, key, path); } else { CFDictionaryAddValue(target, key, value); } }
Boolean path_exists(CFTypeRef path) { if (CFGetTypeID(path) == CFStringGetTypeID()) { CFURLRef url = CFURLCreateWithFileSystemPath(NULL, path, kCFURLPOSIXPathStyle, true); Boolean result = CFURLResourceIsReachable(url, NULL); CFRelease(url); return result; } else if (CFGetTypeID(path) == CFURLGetTypeID()) { return CFURLResourceIsReachable(path, NULL); } else { return false; } }
void MDSAttrParser::parseAttrs(CFStringRef subdir) { /* get all *.mdsinfo files */ CFArrayRef bundleInfoFiles = CFBundleCopyResourceURLsOfType(mBundle, CFSTR(MDS_INFO_TYPE), subdir); if(bundleInfoFiles == NULL) { Syslog::alert("MDSAttrParser: no mdsattr files for %s", mPath); return; } assert(CFGetTypeID(bundleInfoFiles) == CFArrayGetTypeID()); /* process each .mdsinfo file */ CFIndex numFiles = CFArrayGetCount(bundleInfoFiles); for(CFIndex i=0; i<numFiles; i++) { /* get filename as CFURL */ CFURLRef infoUrl = NULL; infoUrl = reinterpret_cast<CFURLRef>( CFArrayGetValueAtIndex(bundleInfoFiles, i)); if(infoUrl == NULL) { MPDebug("MDSAttrParser: CFBundleCopyResourceURLsOfType screwup 1"); continue; } if(CFGetTypeID(infoUrl) != CFURLGetTypeID()) { MPDebug("MDSAttrParser: CFBundleCopyResourceURLsOfType screwup 2"); continue; } // @@@ Workaround for 4234967: skip any filename beginning with "._" CFStringRef lastComponent = CFURLCopyLastPathComponent(infoUrl); if (lastComponent) { CFStringRef resFilePfx = CFSTR("._"); // setting the search length and location like this permits, // e.g., ".foo.mdsinfo" to be valid CFIndex resFilePfxLen = CFStringGetMaximumSizeForEncoding(CFStringGetLength(resFilePfx), kCFStringEncodingUTF8); CFRange range = CFRangeMake(0, resFilePfxLen); Boolean skip = CFStringFindWithOptions(lastComponent, resFilePfx, range, 0/*options*/, NULL/*returned substr*/); CFRelease(lastComponent); if (skip == true) { Syslog::warning("MDSAttrParser: ignoring resource file"); continue; } } parseFile(infoUrl, subdir); } /* for each mdsinfo */ CF_RELEASE(bundleInfoFiles); }
string cfString(CFTypeRef it, OSStatus err) { if (it == NULL) MacOSError::throwMe(err); CFTypeID id = CFGetTypeID(it); if (id == CFStringGetTypeID()) return cfString(CFStringRef(it)); else if (id == CFURLGetTypeID()) return cfString(CFURLRef(it)); else if (id == CFBundleGetTypeID()) return cfString(CFBundleRef(it)); else return cfString(CFCopyDescription(it), true); }
CFDictionaryRef PolicyEngine::remove(CFTypeRef target, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context) { if (type == kAuthorityOpenDoc) { // handle document-open differently: use quarantine flags for whitelisting authorizeUpdate(flags, context); if (!target || CFGetTypeID(target) != CFURLGetTypeID()) MacOSError::throwMe(errSecCSInvalidObjectRef); std::string spath = cfString(CFURLRef(target)).c_str(); FileQuarantine qtn(spath.c_str()); qtn.clearFlag(QTN_FLAG_ASSESSMENT_OK); qtn.applyTo(spath.c_str()); return NULL; } return manipulateRules("DELETE FROM authority", target, type, flags, context); }
void extractQuarantineProperty(const std::string &table_key_name, CFTypeRef property, const std::string &path, QueryData &results) { std::string value; if (CFGetTypeID(property) == CFStringGetTypeID()) { value = stringFromCFString((CFStringRef)property); } else if (CFGetTypeID(property) == CFDateGetTypeID()) { auto unix_time = CFDateGetAbsoluteTime((CFDateRef)property) + kCFAbsoluteTimeIntervalSince1970; value = INTEGER(std::llround(unix_time)); } else if (CFGetTypeID(property) == CFURLGetTypeID()) { value = stringFromCFString(CFURLGetString((CFURLRef)property)); } setRow(results, path, table_key_name, value); }
CFDictionaryRef xpcEngineUpdate(CFTypeRef target, uint flags, CFDictionaryRef context) { Message msg("update"); // target can be NULL, a CFURLRef, a SecRequirementRef, or a CFNumberRef if (target) { if (CFGetTypeID(target) == CFNumberGetTypeID()) xpc_dictionary_set_uint64(msg, "rule", cfNumber<int64_t>(CFNumberRef(target))); else if (CFGetTypeID(target) == CFURLGetTypeID()) xpc_dictionary_set_string(msg, "url", cfString(CFURLRef(target)).c_str()); else if (CFGetTypeID(target) == SecRequirementGetTypeID()) { CFRef<CFDataRef> data; MacOSError::check(SecRequirementCopyData(SecRequirementRef(target), kSecCSDefaultFlags, &data.aref())); xpc_dictionary_set_data(msg, "requirement", CFDataGetBytePtr(data), CFDataGetLength(data)); } else MacOSError::throwMe(errSecCSInvalidObjectRef); } xpc_dictionary_set_int64(msg, "flags", flags); CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary(); if (context) CFDictionaryApplyFunction(context, copyCFDictionary, ctx); AuthorizationRef localAuthorization = NULL; if (CFDictionaryGetValue(ctx, kSecAssessmentUpdateKeyAuthorization) == NULL) { // no caller-provided authorization MacOSError::check(AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &localAuthorization)); AuthorizationExternalForm extForm; MacOSError::check(AuthorizationMakeExternalForm(localAuthorization, &extForm)); CFDictionaryAddValue(ctx, kSecAssessmentUpdateKeyAuthorization, CFTempData(&extForm, sizeof(extForm))); } CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx)); xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData)); msg.send(); if (localAuthorization) AuthorizationFree(localAuthorization, kAuthorizationFlagDefaults); if (int64_t error = xpc_dictionary_get_int64(msg, "error")) MacOSError::throwMe(error); size_t resultLength; const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength); return makeCFDictionaryFrom(resultData, resultLength); }
CFTypeID Url::type_id() { return CFURLGetTypeID(); }
static pascal OSStatus DataBrowserDataCallback( ControlRef browser, DataBrowserItemID item, DataBrowserPropertyID property, DataBrowserItemDataRef itemData, Boolean setValue ) // Called by the data browser control to get information about the // data that it's displaying. item is the row in the list, which in this // case is the index (plus one) into the gItems CFArray that represents // the login items list. property is the column in the list; these values // are set in the .nib file. When asked for data, the routine looks up // the item'th element of gItems and then extracts the appropriate key // from that dictionary. { OSStatus err; CFDictionaryRef dict; CFBooleanRef hidden; CFURLRef url; CFStringRef str; assert(browser == gDataControl); assert( (item != kDataBrowserNoItem) && (item <= CFArrayGetCount(gItems)) ); assert( (property < 1024) || (property == 'hidn') || (property == 'URL ') ); assert( ! setValue ); // gItems can only be NULL before the first call to DoRefresh as the // application starts up. Data browser should never be calling us to // get information about items during that time, because we haven't // added any items to the data browser. Thus, we shouldn't be called // when gItems is NULL. assert( gItems != NULL ); switch (property) { case 'hidn': dict = (CFDictionaryRef) CFArrayGetValueAtIndex(gItems, (CFIndex) (item - 1)); assert( (dict != NULL) && (CFGetTypeID(dict) == CFDictionaryGetTypeID()) ); hidden = (CFBooleanRef) CFDictionaryGetValue(dict, kLIAEHidden); assert( (hidden != NULL) && (CFGetTypeID(hidden) == CFBooleanGetTypeID()) ); err = SetDataBrowserItemDataText( itemData, (CFBooleanGetValue(hidden) ? CFSTR("yes") : CFSTR("no")) ); break; case 'URL ': dict = (CFDictionaryRef) CFArrayGetValueAtIndex(gItems, (CFIndex) (item - 1)); assert( (dict != NULL) && (CFGetTypeID(dict) == CFDictionaryGetTypeID()) ); url = (CFURLRef) CFDictionaryGetValue(dict, kLIAEURL); assert( (url != NULL) && (CFGetTypeID(url) == CFURLGetTypeID()) ); str = CFURLGetString(url); err = SetDataBrowserItemDataText(itemData, str); break; default: err = noErr; break; } assert(err == noErr); return err; }
bool UserObjectImp::toBoolean(ExecState *exec) const { bool result = false; JSUserObject* jsObjPtr = KJSValueToJSObject(toObject(exec), exec); CFTypeRef cfValue = jsObjPtr ? jsObjPtr->CopyCFValue() : 0; if (cfValue) { CFTypeID cfType = CFGetTypeID(cfValue); // toPrimitive if (cfValue == GetCFNull()) { // } else if (cfType == CFBooleanGetTypeID()) { if (cfValue == kCFBooleanTrue) { result = true; } } else if (cfType == CFStringGetTypeID()) { if (CFStringGetLength((CFStringRef)cfValue)) { result = true; } } else if (cfType == CFNumberGetTypeID()) { if (cfValue != kCFNumberNaN) { double d; if (CFNumberGetValue((CFNumberRef)cfValue, kCFNumberDoubleType, &d)) { if (d != 0) { result = true; } } } } else if (cfType == CFArrayGetTypeID()) { if (CFArrayGetCount((CFArrayRef)cfValue)) { result = true; } } else if (cfType == CFDictionaryGetTypeID()) { if (CFDictionaryGetCount((CFDictionaryRef)cfValue)) { result = true; } } else if (cfType == CFSetGetTypeID()) { if (CFSetGetCount((CFSetRef)cfValue)) { result = true; } } else if (cfType == CFURLGetTypeID()) { CFURLRef absURL = CFURLCopyAbsoluteURL((CFURLRef)cfValue); if (absURL) { CFStringRef cfStr = CFURLGetString(absURL); if (cfStr && CFStringGetLength(cfStr)) { result = true; } ReleaseCFType(absURL); } } } if (jsObjPtr) jsObjPtr->Release(); ReleaseCFType(cfValue); return result; }
static void processProxyServers(Vector<ProxyServer>& proxyServers, CFArrayRef proxies, CFURLRef url) { CFIndex numProxies = CFArrayGetCount(proxies); for (CFIndex i = 0; i < numProxies; ++i) { CFDictionaryRef proxyDictionary = static_cast<CFDictionaryRef>(CFArrayGetValueAtIndex(proxies, i)); ProxyServer::Type type = ProxyServer::Direct; CFStringRef typeString = static_cast<CFStringRef>(CFDictionaryGetValue(proxyDictionary, kCFProxyTypeKey)); if (!url) { // If we have no URL then we're processing an auto-configuration response. // It isn't sensible to receive another auto-configured proxy in such a response. ASSERT(!CFEqual(typeString, kCFProxyTypeAutoConfigurationURL)); } if (CFEqual(typeString, kCFProxyTypeAutoConfigurationURL)) { if (!url) continue; // FIXME: We should restructure to allow this to happen asynchronously. CFURLRef scriptURL = static_cast<CFURLRef>(CFDictionaryGetValue(proxyDictionary, kCFProxyAutoConfigurationURLKey)); if (!scriptURL || CFGetTypeID(scriptURL) != CFURLGetTypeID()) continue; CFStreamClientContext context = { 0, (void*)&proxyServers, 0, 0, 0 }; RetainPtr<CFRunLoopSourceRef> runLoopSource(AdoptCF, CFNetworkExecuteProxyAutoConfigurationURL(scriptURL, url, proxyAutoConfigurationResultCallback, &context)); CFStringRef privateRunLoopMode = CFSTR("com.apple.WebKit.ProxyAutoConfiguration"); CFTimeInterval timeout = 5; CFRunLoopAddSource(CFRunLoopGetCurrent(), runLoopSource.get(), privateRunLoopMode); CFRunLoopRunInMode(privateRunLoopMode, timeout, 0); CFRunLoopRemoveSource(CFRunLoopGetCurrent(), runLoopSource.get(), privateRunLoopMode); CFRunLoopSourceInvalidate(runLoopSource.get()); // The proxyAutoConfigurationResultCallback has added any relevant ProxyServers to proxyServers. continue; } if (CFEqual(typeString, kCFProxyTypeNone)) { proxyServers.append(ProxyServer(ProxyServer::Direct, String(), -1)); continue; } if (CFEqual(typeString, kCFProxyTypeHTTP)) type = ProxyServer::HTTP; else if (CFEqual(typeString, kCFProxyTypeHTTPS)) type = ProxyServer::HTTPS; else if (CFEqual(typeString, kCFProxyTypeSOCKS)) type = ProxyServer::SOCKS; else { // We don't know how to handle this type. continue; } CFStringRef host = static_cast<CFStringRef>(CFDictionaryGetValue(proxyDictionary, kCFProxyHostNameKey)); CFNumberRef port = static_cast<CFNumberRef>(CFDictionaryGetValue(proxyDictionary, kCFProxyPortNumberKey)); SInt32 portValue; CFNumberGetValue(port, kCFNumberSInt32Type, &portValue); proxyServers.append(ProxyServer(type, host, portValue)); } }
CFTypeID URL::GetTypeID( void ) const { return CFURLGetTypeID(); }
bool Type::IsURL( void ) const { return this->GetTypeID() == CFURLGetTypeID(); }
CFStringRef FSCopyFormatNameForFSType(CFStringRef fsType, int16_t fsSubtype, bool localized, bool encrypted) { CFTypeRef formatName; CFStringRef formatNameTableKey; CFIndex indx; if (NULL == fsType) return NULL; // Create a key for cache localized name table (i.e. "0hfs0") formatNameTableKey = CFStringCreateWithFormat(NULL, NULL, CFSTR("%d%@%d"), (localized ? 1 : 0), fsType, fsSubtype); // Use OSSpinLock to protect the table accessed from multiple threads OSSpinLockLock(&__FSLocalizedNameTableLock); formatName = (void*)((NULL == __FSLocalizedNameTable) ? NULL : CFDictionaryGetValue(__FSLocalizedNameTable, (const void *)formatNameTableKey)); OSSpinLockUnlock(&__FSLocalizedNameTableLock); if (NULL == formatName) { // not in the cache CFBundleRef bundle = NULL; CFURLRef bundleURL; CFStringRef fsTypeName; static CFArrayRef searchPaths = NULL; /* Construct a bundle path URL from the fsType argument and create a CFBundle. We search (using CFCopySearchPathForDirectoriesInDomains) /Network/Library/Filesystems, /Library/Filesystems, and /System/Library/Filesystems. */ // Create CFURL for /System/Library/Filesystems and cache it if (NULL == searchPaths) { CFArrayRef tmpPaths = CFCopySearchPathForDirectoriesInDomains(kCFLibraryDirectory, kCFSystemDomainMask | kCFNetworkDomainMask | kCFLocalDomainMask, true); CFMutableArrayRef tmpStrings; CFIndex i; if (NULL == tmpPaths) return NULL; // No directories to search?!?! tmpStrings = CFArrayCreateMutable(NULL, CFArrayGetCount(tmpPaths), NULL); if (tmpStrings == NULL) goto done; for (i = 0; i < CFArrayGetCount(tmpPaths); i++) { CFStringRef tStr; CFURLRef tURL; char path[PATH_MAX + 1]; CFTypeRef tobject = CFArrayGetValueAtIndex(tmpPaths, i); if (CFGetTypeID(tobject) == CFURLGetTypeID()) { if (false == CFURLGetFileSystemRepresentation( tobject, false, (UInt8*)path, sizeof(path))) { goto done; } } else if (CFGetTypeID(tobject) == CFStringGetTypeID()) { CFStringGetCString(tobject, path, sizeof(path), kCFStringEncodingUTF8); } else { goto done; } strlcat(path, "/Filesystems", sizeof(path)); tStr = CFStringCreateWithCString(NULL, path, kCFStringEncodingUTF8); if (tStr == NULL) goto done; tURL = CFURLCreateWithFileSystemPath(NULL, tStr, kCFURLPOSIXPathStyle, true); if (tURL) { CFArrayAppendValue(tmpStrings, tURL); } CFRelease(tStr); } searchPaths = CFArrayCreateCopy(NULL, tmpStrings); done: CFRelease(tmpStrings); CFRelease(tmpPaths); if (searchPaths == NULL) return NULL; } for (indx = 0; indx < CFArrayGetCount(searchPaths); indx++) { CFURLRef libRef = CFArrayGetValueAtIndex(searchPaths, indx); fsTypeName = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@.fs"), fsType); bundleURL = CFURLCreateWithFileSystemPathRelativeToBase(NULL, fsTypeName, kCFURLPOSIXPathStyle, true, libRef); bundle = CFBundleCreate(NULL, bundleURL); CFRelease(fsTypeName); CFRelease(bundleURL); if (NULL != bundle) { break; } } if (NULL != bundle) { // the bundle exists at path CFDictionaryRef localPersonalities = NULL; // Access the Info dictionary in the bundle CFDictionaryRef bundleDict = CFBundleGetInfoDictionary(bundle); // Get localized FSPersonalities only if we want localized name if (localized == true) { localPersonalities = CFBundleGetValueForInfoDictionaryKey(bundle, KEY_FS_PERSONALITIES); //NSLog(CFSTR("localPersonalities = %@\n"), localPersonalities); } /* Get global FSPersonalities. We need to access this since FSSubType exists only * in global FSPersonalities */ CFDictionaryRef globalPersonalities = CFDictionaryGetValue(bundleDict, (const void *) KEY_FS_PERSONALITIES); //NSLog(CFSTR("globalPersonalities = %@\n"), globalPersonalities); CFIndex numPersonalities; if (((NULL != localPersonalities) || (localized == false)) && // localPersonalities or we don't want localizations (NULL != globalPersonalities) && ((numPersonalities = CFDictionaryGetCount(globalPersonalities)) > 0)) { // read all FSPersonalities keys and values CFDictionaryRef valuesBuffer[MAX_FS_SUBTYPES]; CFStringRef keysBuffer[MAX_FS_SUBTYPES]; CFDictionaryRef *values = ((numPersonalities > MAX_FS_SUBTYPES) ? (CFDictionaryRef *)malloc(sizeof(CFDictionaryRef) * numPersonalities) : valuesBuffer); CFStringRef *keys = ((numPersonalities > MAX_FS_SUBTYPES) ? (CFStringRef *)malloc(sizeof(CFStringRef) * numPersonalities) : keysBuffer); CFDictionaryGetKeysAndValues(globalPersonalities, (const void **)keys, (const void **)values); // create CFNumberRef for the FSSubType CFNumberRef subTypeID = CFNumberCreate(NULL, kCFNumberSInt16Type, (const void *)&fsSubtype); CFStringRef FSNameKey = NULL; // search for valid FSSubType - we will use its key from global FSPersonalties to // access FSName from localized FSPersonalities CFIndex index; CFNumberRef readSubTypeID; for (index = 0; index < numPersonalities; index++) { if ((true == CFDictionaryGetValueIfPresent(values[index], (const void *)KEY_FS_SUBTYPE, (const void **)&readSubTypeID)) && (CFNumberCompare(subTypeID, readSubTypeID, NULL) == 0)) { FSNameKey = keys[index]; break; } } CFRelease(subTypeID); /* If a personality hasn't been found, use the last value in the dictionary (note the content of CFDictionary is unordered so choosing the last doesn't produce consistent result) */ if (NULL == FSNameKey) { FSNameKey = keys[numPersonalities - 1]; // is selecting the last entry right ? } // Get FSName from the FSPersonalities entry CFDictionaryRef FSNameDict; if (localized == true) { FSNameDict = CFDictionaryGetValue(localPersonalities, FSNameKey); } else { FSNameDict = CFDictionaryGetValue(globalPersonalities, FSNameKey); } if (NULL != FSNameDict) { CFStringRef tempName = CFDictionaryGetValue(FSNameDict, (const void *)KEY_FS_NAME); CFStringRef encrName = CFDictionaryGetValue(FSNameDict, CFSTR(kFSCoreStorageEncryptNameKey)); if (tempName) { if (encrName) { formatName = (void*)CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); if (formatName != NULL) { (void)CFDictionarySetValue((void*)formatName, tempName, encrName); } } else { formatName = tempName; } } } if (values != valuesBuffer) free(values); if (keys != keysBuffer) free(keys); } } // If all failed, return "Unknown format (f_fstypename)" as the last resort if (NULL == formatName) { static CFStringRef unknownTypeString = NULL; CFStringRef unknownFSNameString = NULL; // This should use the framework bundle this code resides. CarbonCore ??? */ if (NULL == unknownTypeString) unknownTypeString = CFCopyLocalizedString(UNKNOWN_FS_NAME, "This string is displayed when localized file system name cannot be determined."); unknownFSNameString = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@ (%@)"), unknownTypeString, fsType); formatName = (void*)unknownFSNameString; } // Cache the result OSSpinLockLock(&__FSLocalizedNameTableLock); if (NULL == __FSLocalizedNameTable) __FSLocalizedNameTable = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); // NSLog(CFSTR("Setting value %@ for key %@\n"), formatName, formatNameTableKey); CFDictionarySetValue(__FSLocalizedNameTable, (const void *)formatNameTableKey, (const void *)formatName); OSSpinLockUnlock(&__FSLocalizedNameTableLock); // NSLog(CFSTR("Localized Name Table = %@\n"), __FSLocalizedNameTable); if (NULL != bundle) CFRelease(bundle); // it has to be released here since formatName might be owned by the bundle } CFRelease(formatNameTableKey); if (CFGetTypeID(formatName) == CFStringGetTypeID()) { return CFRetain(formatName); } else if (CFGetTypeID(formatName) == CFDictionaryGetTypeID()) { // Dictionary with the (possibly localized) name as the key, and the encrypted name as the value // If we want the encrypted name, we return the value, else we return the key size_t numEntries = CFDictionaryGetCount((void*)formatName); void *keyNames[numEntries]; void *values[numEntries]; CFDictionaryGetKeysAndValues((void*)formatName, (const void**)&keyNames, (const void**)&values); if (encrypted) return CFRetain(values[0]); else return CFRetain(keyNames[0]); } return CFRetain(formatName); }
UString UserObjectImp::toString(ExecState *exec) const { UString result; JSUserObject* jsObjPtr = KJSValueToJSObject(toObject(exec), exec); CFTypeRef cfValue = jsObjPtr ? jsObjPtr->CopyCFValue() : 0; if (cfValue) { CFTypeID cfType = CFGetTypeID(cfValue); if (cfValue == GetCFNull()) { // } else if (cfType == CFBooleanGetTypeID()) { if (cfValue == kCFBooleanTrue) { result = "true"; } else { result = "false"; } } else if (cfType == CFStringGetTypeID()) { result = CFStringToUString((CFStringRef)cfValue); } else if (cfType == CFNumberGetTypeID()) { if (cfValue == kCFNumberNaN) { result = "Nan"; } else if (CFNumberCompare(kCFNumberPositiveInfinity, (CFNumberRef)cfValue, 0) == 0) { result = "Infinity"; } else if (CFNumberCompare(kCFNumberNegativeInfinity, (CFNumberRef)cfValue, 0) == 0) { result = "-Infinity"; } else { CFStringRef cfNumStr; double d = 0; CFNumberGetValue((CFNumberRef)cfValue, kCFNumberDoubleType, &d); if (CFNumberIsFloatType((CFNumberRef)cfValue)) { cfNumStr = CFStringCreateWithFormat(0, 0, CFSTR("%f"), d); } else { cfNumStr = CFStringCreateWithFormat(0, 0, CFSTR("%.0f"), d); } result = CFStringToUString(cfNumStr); ReleaseCFType(cfNumStr); } } else if (cfType == CFArrayGetTypeID()) { // } else if (cfType == CFDictionaryGetTypeID()) { // } else if (cfType == CFSetGetTypeID()) { // } else if (cfType == CFURLGetTypeID()) { CFURLRef absURL = CFURLCopyAbsoluteURL((CFURLRef)cfValue); if (absURL) { CFStringRef cfStr = CFURLGetString(absURL); if (cfStr) { result = CFStringToUString(cfStr); } ReleaseCFType(absURL); } } } ReleaseCFType(cfValue); if (jsObjPtr) jsObjPtr->Release(); return result; }
// // Add a rule to the policy database // CFDictionaryRef PolicyEngine::add(CFTypeRef inTarget, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context) { // default type to execution if (type == kAuthorityInvalid) type = kAuthorityExecute; authorizeUpdate(flags, context); CFDictionary ctx(context, errSecCSInvalidAttributeValues); CFCopyRef<CFTypeRef> target = inTarget; CFRef<CFDataRef> bookmark = NULL; std::string filter_unsigned; switch (type) { case kAuthorityExecute: normalizeTarget(target, ctx, &filter_unsigned); // bookmarks are untrusted and just a hint to callers bookmark = ctx.get<CFDataRef>(kSecAssessmentRuleKeyBookmark); break; case kAuthorityInstall: if (inTarget && CFGetTypeID(inTarget) == CFURLGetTypeID()) { // no good way to turn an installer file into a requirement. Pretend to succeeed so caller proceeds return cfmake<CFDictionaryRef>("{%O=%O}", kSecAssessmentAssessmentAuthorityOverride, CFSTR("virtual install")); } break; case kAuthorityOpenDoc: // handle document-open differently: use quarantine flags for whitelisting if (!target || CFGetTypeID(target) != CFURLGetTypeID()) // can only "add" file paths MacOSError::throwMe(errSecCSInvalidObjectRef); try { std::string spath = cfString(target.as<CFURLRef>()); FileQuarantine qtn(spath.c_str()); qtn.setFlag(QTN_FLAG_ASSESSMENT_OK); qtn.applyTo(spath.c_str()); } catch (const CommonError &error) { // could not set quarantine flag - report qualified success return cfmake<CFDictionaryRef>("{%O=%O,'assessment:error'=%d}", kSecAssessmentAssessmentAuthorityOverride, CFSTR("error setting quarantine"), error.osStatus()); } catch (...) { return cfmake<CFDictionaryRef>("{%O=%O}", kSecAssessmentAssessmentAuthorityOverride, CFSTR("unable to set quarantine")); } return NULL; } // if we now have anything else, we're busted if (!target || CFGetTypeID(target) != SecRequirementGetTypeID()) MacOSError::throwMe(errSecCSInvalidObjectRef); double priority = 0; string label; bool allow = true; double expires = never; string remarks; if (CFNumberRef pri = ctx.get<CFNumberRef>(kSecAssessmentUpdateKeyPriority)) CFNumberGetValue(pri, kCFNumberDoubleType, &priority); if (CFStringRef lab = ctx.get<CFStringRef>(kSecAssessmentUpdateKeyLabel)) label = cfString(lab); if (CFDateRef time = ctx.get<CFDateRef>(kSecAssessmentUpdateKeyExpires)) // we're using Julian dates here; convert from CFDate expires = dateToJulian(time); if (CFBooleanRef allowing = ctx.get<CFBooleanRef>(kSecAssessmentUpdateKeyAllow)) allow = allowing == kCFBooleanTrue; if (CFStringRef rem = ctx.get<CFStringRef>(kSecAssessmentUpdateKeyRemarks)) remarks = cfString(rem); CFRef<CFStringRef> requirementText; MacOSError::check(SecRequirementCopyString(target.as<SecRequirementRef>(), kSecCSDefaultFlags, &requirementText.aref())); SQLite::Transaction xact(*this, SQLite3::Transaction::deferred, "add_rule"); SQLite::Statement insert(*this, "INSERT INTO authority (type, allow, requirement, priority, label, expires, filter_unsigned, remarks)" " VALUES (:type, :allow, :requirement, :priority, :label, :expires, :filter_unsigned, :remarks);"); insert.bind(":type").integer(type); insert.bind(":allow").integer(allow); insert.bind(":requirement") = requirementText.get(); insert.bind(":priority") = priority; if (!label.empty()) insert.bind(":label") = label; insert.bind(":expires") = expires; insert.bind(":filter_unsigned") = filter_unsigned.empty() ? NULL : filter_unsigned.c_str(); if (!remarks.empty()) insert.bind(":remarks") = remarks; insert.execute(); SQLite::int64 newRow = this->lastInsert(); if (bookmark) { SQLite::Statement bi(*this, "INSERT INTO bookmarkhints (bookmark, authority) VALUES (:bookmark, :authority)"); bi.bind(":bookmark") = CFDataRef(bookmark); bi.bind(":authority").integer(newRow); bi.execute(); } this->purgeObjects(priority); xact.commit(); notify_post(kNotifySecAssessmentUpdate); return cfmake<CFDictionaryRef>("{%O=%d}", kSecAssessmentUpdateKeyRow, newRow); }