/* ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- */ static Boolean hasEntitlement(audit_token_t audit_token, CFStringRef entitlement, CFStringRef vpntype) { Boolean hasEntitlement = FALSE; SecTaskRef task; /* Create the security task from the audit token. */ task = SecTaskCreateWithAuditToken(NULL, audit_token); if (task != NULL) { CFErrorRef error = NULL; CFTypeRef value; /* Get the value for the entitlement. */ value = SecTaskCopyValueForEntitlement(task, entitlement, &error); if (value != NULL) { if (isA_CFBoolean(value)) { if (CFBooleanGetValue(value)) { /* if client DOES have entitlement */ hasEntitlement = TRUE; } } else if (isA_CFArray(value)){ if (vpntype == NULL){ /* we don't care about subtype */ hasEntitlement = TRUE; }else { if (CFArrayContainsValue(value, CFRangeMake(0, CFArrayGetCount(value)), vpntype)) { // if client DOES have entitlement hasEntitlement = TRUE; } } } else { SCLog(TRUE, LOG_ERR, CFSTR("SCNC Controller: entitlement not valid: %@"), entitlement); } CFRelease(value); } else if (error != NULL) { SCLog(TRUE, LOG_ERR, CFSTR("SCNC Controller: SecTaskCopyValueForEntitlement() failed, error=%@: %@"), error, entitlement); CFRelease(error); } CFRelease(task); } else { SCLog(TRUE, LOG_ERR, CFSTR("SCNC Controller: SecTaskCreateWithAuditToken() failed: %@"), entitlement); } return hasEntitlement; }
static CFStringRef SecTaskCopyStringForEntitlement(SecTaskRef task, CFStringRef entitlement) { CFStringRef value = (CFStringRef)SecTaskCopyValueForEntitlement(task, entitlement, NULL); if (value && CFGetTypeID(value) != CFStringGetTypeID()) { CFRelease(value); value = NULL; } return value; }
static bool SecTaskGetBooleanValueForEntitlement(SecTaskRef task, CFStringRef entitlement) { #if CHECK_ENTITLEMENTS CFStringRef canModify = (CFStringRef)SecTaskCopyValueForEntitlement(task, entitlement, NULL); if (!canModify) return false; CFTypeID canModifyType = CFGetTypeID(canModify); bool ok = (CFBooleanGetTypeID() == canModifyType) && CFBooleanGetValue((CFBooleanRef)canModify); CFRelease(canModify); return ok; #else return true; #endif /* !CHECK_ENTITLEMENTS */ }
int sectask_11_sectask_audittoken(int argc, char *const *argv) { SecTaskRef task=NULL; CFStringRef appId=NULL; CFStringRef signingIdentifier=NULL; plan_tests(6); init_self_audittoken(); ok(task=SecTaskCreateWithAuditToken(kCFAllocatorDefault, g_self_audittoken), "SecTaskCreateFromAuditToken"); require(task, out); /* TODO: remove the todo once xcode signs simulator binaries */ SKIP: { #if TARGET_IPHONE_SIMULATOR todo("no entitlements in the simulator binaries yet, until <rdar://problem/12194625>"); #endif ok(appId=SecTaskCopyValueForEntitlement(task, kSecEntitlementApplicationIdentifier, NULL), "SecTaskCopyValueForEntitlement"); skip("appId is NULL", 1, appId); ok(CFEqual(appId, CFSTR("com.apple.security.regressions")), "Application Identifier match"); ok(signingIdentifier=SecTaskCopySigningIdentifier(task, NULL), "SecTaskCopySigningIdentifier"); ok(CFEqual(signingIdentifier, CFBundleGetIdentifier(CFBundleGetMainBundle())), "CodeSigning Identifier match"); } pid_t pid = getpid(); CFStringRef name = copyProcName(pid); CFStringRef pidstr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("[%d]"), pid); CFStringRef desc = CFCopyDescription(task); ok(CFStringFind(desc, name, 0).location != kCFNotFound, "didn't find name: %@ vs %@", desc, name); ok(CFStringFind(desc, pidstr, 0).location != kCFNotFound, "didn't find pidstr: %@ vs %@", desc, pidstr); CFReleaseSafe(name); CFReleaseSafe(desc); CFReleaseSafe(pidstr); out: CFReleaseSafe(task); CFReleaseSafe(appId); CFReleaseSafe(signingIdentifier); return 0; }
static CFArrayRef SecTaskCopyArrayOfStringsForEntitlement(SecTaskRef task, CFStringRef entitlement) { CFArrayRef value = (CFArrayRef)SecTaskCopyValueForEntitlement(task, entitlement, NULL); if (value) { if (CFGetTypeID(value) == CFArrayGetTypeID()) { CFIndex ix, count = CFArrayGetCount(value); for (ix = 0; ix < count; ++ix) { CFStringRef string = (CFStringRef)CFArrayGetValueAtIndex(value, ix); if (CFGetTypeID(string) != CFStringGetTypeID()) { CFRelease(value); value = NULL; break; } } } else { CFRelease(value); value = NULL; } } return value; }