static pascal void NavEventProc( NavEventCallbackMessage inSelector, NavCBRecPtr ioParams, NavCallBackUserData ioUserData ) { OpenUserDataRec * data = ( OpenUserDataRec *) ioUserData ; if (inSelector == kNavCBEvent) { } else if ( inSelector == kNavCBStart ) { if (data && !(data->defaultLocation).empty()) { // Set default location for the modern Navigation APIs // Apple Technical Q&A 1151 FSRef theFile; wxMacPathToFSRef(data->defaultLocation, &theFile); AEDesc theLocation = { typeNull, NULL }; if (noErr == ::AECreateDesc(typeFSRef, &theFile, sizeof(FSRef), &theLocation)) ::NavCustomControl(ioParams->context, kNavCtlSetLocation, (void *) &theLocation); } if( data->extensions.GetCount() > 0 ) { NavMenuItemSpec menuItem; memset( &menuItem, 0, sizeof(menuItem) ); menuItem.version = kNavMenuItemSpecVersion; menuItem.menuType = data->currentfilter; ::NavCustomControl(ioParams->context, kNavCtlSelectCustomType, &menuItem); } } else if ( inSelector == kNavCBPopupMenuSelect ) { NavMenuItemSpec * menu = (NavMenuItemSpec *) ioParams->eventData.eventDataParms.param ; const size_t numFilters = data->extensions.GetCount(); if ( menu->menuType < numFilters ) { data->currentfilter = menu->menuType ; if ( data->saveMode ) { int i = menu->menuType ; wxString extension = data->extensions[i].AfterLast('.') ; wxString sfilename ; wxMacCFStringHolder cfString( NavDialogGetSaveFileName( ioParams->context ) , false ); sfilename = cfString.AsString() ; int pos = sfilename.Find('.', true) ; if ( pos != wxNOT_FOUND && extension != wxT("*") ) { sfilename = sfilename.Left(pos+1)+extension ; cfString.Assign( sfilename , wxFONTENCODING_DEFAULT ) ; NavDialogSetSaveFileName( ioParams->context , cfString ) ; } } } } }
static void dumpCode(SecCodeRef code) { CFRef<CFURLRef> path; if (OSStatus rc = SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref())) Debug::dump("unknown(rc=%d)", int32_t(rc)); else Debug::dump("%s", cfString(path).c_str()); }
void Bundle::resources(vector<string> &paths, const char *type, const char *subdir) { CFRef<CFArrayRef> cfList = CFBundleCopyResourceURLsOfType(cfBundle(), CFTempString(type), CFTempString(subdir)); CFIndex size = CFArrayGetCount(cfList); paths.reserve(size); for (CFIndex n = 0; n < size; n++) paths.push_back(cfString(CFURLRef(CFArrayGetValueAtIndex(cfList, n)))); }
/*! * Create a new SecAccessRef that is set to the default configuration * of a (newly created) security object. */ OSStatus SecAccessCreate(CFStringRef descriptor, CFArrayRef trustedList, SecAccessRef *accessRef) { BEGIN_SECAPI Required(descriptor); SecPointer<Access> access; if (trustedList) { CFIndex length = CFArrayGetCount(trustedList); ACL::ApplicationList trusted; for (CFIndex n = 0; n < length; n++) trusted.push_back(TrustedApplication::required( SecTrustedApplicationRef(CFArrayGetValueAtIndex(trustedList, n)))); access = new Access(cfString(descriptor), trusted); } else { access = new Access(cfString(descriptor)); } Required(accessRef) = access->handle(); END_SECAPI }
// // Perform common argument normalizations for update operations // static void normalizeTarget(CFRef<CFTypeRef> &target, CFDictionary &context, std::string *signUnsigned) { // turn CFURLs into (designated) SecRequirements if (target && CFGetTypeID(target) == CFURLGetTypeID()) { CFRef<SecStaticCodeRef> code; MacOSError::check(SecStaticCodeCreateWithPath(target.as<CFURLRef>(), kSecCSDefaultFlags, &code.aref())); switch (OSStatus rc = SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, (SecRequirementRef *)&target.aref())) { case noErr: { // use the *default* DR to avoid unreasonably wide DRs opening up Gatekeeper to attack CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(code, kSecCSRequirementInformation, &info.aref())); target = CFDictionaryGetValue(info, kSecCodeInfoImplicitDesignatedRequirement); } break; case errSecCSUnsigned: if (signUnsigned) { // Ad-hoc sign the code temporarily so we can get its code requirement CFRef<CFDataRef> signature = CFDataCreateMutable(NULL, 0); CFRef<SecCodeSignerRef> signer; CFTemp<CFDictionaryRef> arguments("{%O=%O, %O=#N}", kSecCodeSignerDetached, signature.get(), kSecCodeSignerIdentity); MacOSError::check(SecCodeSignerCreate(arguments, kSecCSDefaultFlags, &signer.aref())); MacOSError::check(SecCodeSignerAddSignature(signer, code, kSecCSDefaultFlags)); MacOSError::check(SecCodeSetDetachedSignature(code, signature, kSecCSDefaultFlags)); MacOSError::check(SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, (SecRequirementRef *)&target.aref())); CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(code, kSecCSInternalInformation, &info.aref())); if (CFDataRef cdData = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoCodeDirectory))) *signUnsigned = ((const CodeDirectory *)CFDataGetBytePtr(cdData))->screeningCode(); break; } MacOSError::check(rc); case errSecCSSignatureFailed: // recover certain cases of broken signatures (well, try) if (codeInvalidityExceptions(code, NULL)) { // Ad-hoc sign the code in place (requiring a writable subject). This requires root privileges. CFRef<SecCodeSignerRef> signer; CFTemp<CFDictionaryRef> arguments("{%O=#N}", kSecCodeSignerIdentity); MacOSError::check(SecCodeSignerCreate(arguments, kSecCSDefaultFlags, &signer.aref())); MacOSError::check(SecCodeSignerAddSignature(signer, code, kSecCSDefaultFlags)); MacOSError::check(SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, (SecRequirementRef *)&target.aref())); break; } MacOSError::check(rc); default: MacOSError::check(rc); } if (context.get(kSecAssessmentUpdateKeyRemarks) == NULL) { // no explicit remarks; add one with the path CFRef<CFURLRef> path; MacOSError::check(SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref())); CFMutableDictionaryRef dict = makeCFMutableDictionary(context.get()); CFDictionaryAddValue(dict, kSecAssessmentUpdateKeyRemarks, CFTempString(cfString(path))); context.take(dict); } } }
// // CFURLAccess wrappers for specific purposes // CFDataRef cfLoadFile(CFURLRef url) { assert(url); CFDataRef data; SInt32 error; if (CFURLCreateDataAndPropertiesFromResource(NULL, url, &data, NULL, NULL, &error)) { return data; } else { secdebug("cfloadfile", "failed to fetch %s error=%d", cfString(url).c_str(), int(error)); return NULL; } }
CFDictionaryRef PolicyEngine::remove(CFTypeRef target, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context) { if (type == kAuthorityOpenDoc) { // handle document-open differently: use quarantine flags for whitelisting authorizeUpdate(flags, context); if (!target || CFGetTypeID(target) != CFURLGetTypeID()) MacOSError::throwMe(errSecCSInvalidObjectRef); std::string spath = cfString(CFURLRef(target)).c_str(); FileQuarantine qtn(spath.c_str()); qtn.clearFlag(QTN_FLAG_ASSESSMENT_OK); qtn.applyTo(spath.c_str()); return NULL; } return manipulateRules("DELETE FROM authority", target, type, flags, context); }
// // Process % scan forms. // This delivers the object value, scanf-style, somehow. // bool CFScan::scanformat(CFTypeRef obj) { switch (*++format) { case F_OBJECT: store<CFTypeRef>(obj); return true; case F_ARRAY: // %a* return typescan(obj, CFArrayGetTypeID()) == done; case F_BOOLEAN: if (Typescan rc = typescan(obj, CFBooleanGetTypeID())) return rc == done; switch (*format) { case 'f': // %Bf - two arguments (value, &variable) { unsigned flag = va_arg(args, unsigned); unsigned *value = va_arg(args, unsigned *); if (obj == kCFBooleanTrue && !suppress) *value |= flag; return true; } default: // %b - CFBoolean as int boolean store<int>(obj == kCFBooleanTrue); return true; } case F_DICTIONARY: return typescan(obj, CFDictionaryGetTypeID()) == done; case 'd': // %d - int return scannumber<int>(obj); case F_NUMBER: return typescan(obj, CFNumberGetTypeID()) == done; case F_STRING: case 's': if (Typescan rc = typescan(obj, CFStringGetTypeID())) return rc == done; // %s store<std::string>(cfString(CFStringRef(obj))); return true; case 'u': return scannumber<unsigned int>(obj); case F_DATA: return typescan(obj, CFDataGetTypeID()) == done; default: assert(false); return false; } }
wxString wxMacFSRefToPath( const FSRef *fsRef , CFStringRef additionalPathComponent ) { CFURLRef fullURLRef; fullURLRef = CFURLCreateFromFSRef(NULL, fsRef); if ( fullURLRef == NULL) return wxEmptyString; if ( additionalPathComponent ) { CFURLRef parentURLRef = fullURLRef ; fullURLRef = CFURLCreateCopyAppendingPathComponent(NULL, parentURLRef, additionalPathComponent,false); CFRelease( parentURLRef ) ; } wxCFStringRef cfString( CFURLCopyFileSystemPath(fullURLRef, kDefaultPathStyle )); CFRelease( fullURLRef ) ; return wxCFStringRef::AsStringWithNormalizationFormC(cfString); }
// // Construct and prepare an SQL query on the authority table, operating on some set of existing authority records. // In essence, this appends a suitable WHERE clause to the stanza passed and prepares it on the statement given. // void PolicyEngine::selectRules(SQLite::Statement &action, std::string phrase, std::string table, CFTypeRef inTarget, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context, std::string suffix /* = "" */) { CFDictionary ctx(context, errSecCSInvalidAttributeValues); CFCopyRef<CFTypeRef> target = inTarget; std::string filter_unsigned; // ignored; used just to trigger ad-hoc signing normalizeTarget(target, ctx, &filter_unsigned); string label; if (CFStringRef lab = ctx.get<CFStringRef>(kSecAssessmentUpdateKeyLabel)) label = cfString(CFStringRef(lab)); if (!target) { if (label.empty()) { if (type == kAuthorityInvalid) { action.query(phrase + suffix); } else { action.query(phrase + " WHERE " + table + ".type = :type" + suffix); action.bind(":type").integer(type); } } else { // have label if (type == kAuthorityInvalid) { action.query(phrase + " WHERE " + table + ".label = :label" + suffix); } else { action.query(phrase + " WHERE " + table + ".type = :type AND " + table + ".label = :label" + suffix); action.bind(":type").integer(type); } action.bind(":label") = label; } } else if (CFGetTypeID(target) == CFNumberGetTypeID()) { action.query(phrase + " WHERE " + table + ".id = :id" + suffix); action.bind(":id").integer(cfNumber<uint64_t>(target.as<CFNumberRef>())); } else if (CFGetTypeID(target) == SecRequirementGetTypeID()) { if (type == kAuthorityInvalid) type = kAuthorityExecute; CFRef<CFStringRef> requirementText; MacOSError::check(SecRequirementCopyString(target.as<SecRequirementRef>(), kSecCSDefaultFlags, &requirementText.aref())); action.query(phrase + " WHERE " + table + ".type = :type AND " + table + ".requirement = :requirement" + suffix); action.bind(":type").integer(type); action.bind(":requirement") = requirementText.get(); } else MacOSError::throwMe(errSecCSInvalidObjectRef); }
CFDictionaryRef xpcEngineUpdate(CFTypeRef target, uint flags, CFDictionaryRef context) { Message msg("update"); // target can be NULL, a CFURLRef, a SecRequirementRef, or a CFNumberRef if (target) { if (CFGetTypeID(target) == CFNumberGetTypeID()) xpc_dictionary_set_uint64(msg, "rule", cfNumber<int64_t>(CFNumberRef(target))); else if (CFGetTypeID(target) == CFURLGetTypeID()) xpc_dictionary_set_string(msg, "url", cfString(CFURLRef(target)).c_str()); else if (CFGetTypeID(target) == SecRequirementGetTypeID()) { CFRef<CFDataRef> data; MacOSError::check(SecRequirementCopyData(SecRequirementRef(target), kSecCSDefaultFlags, &data.aref())); xpc_dictionary_set_data(msg, "requirement", CFDataGetBytePtr(data), CFDataGetLength(data)); } else MacOSError::throwMe(errSecCSInvalidObjectRef); } xpc_dictionary_set_int64(msg, "flags", flags); CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary(); if (context) CFDictionaryApplyFunction(context, copyCFDictionary, ctx); AuthorizationRef localAuthorization = NULL; if (CFDictionaryGetValue(ctx, kSecAssessmentUpdateKeyAuthorization) == NULL) { // no caller-provided authorization MacOSError::check(AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &localAuthorization)); AuthorizationExternalForm extForm; MacOSError::check(AuthorizationMakeExternalForm(localAuthorization, &extForm)); CFDictionaryAddValue(ctx, kSecAssessmentUpdateKeyAuthorization, CFTempData(&extForm, sizeof(extForm))); } CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx)); xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData)); msg.send(); if (localAuthorization) AuthorizationFree(localAuthorization, kAuthorizationFlagDefaults); if (int64_t error = xpc_dictionary_get_int64(msg, "error")) MacOSError::throwMe(error); size_t resultLength; const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength); return makeCFDictionaryFrom(resultData, resultLength); }
/*! */ OSStatus SecACLCreateFromSimpleContents(SecAccessRef accessRef, CFArrayRef applicationList, CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector, SecACLRef *newAcl) { BEGIN_SECAPI SecPointer<Access> access = Access::required(accessRef); SecPointer<ACL> acl = new ACL(cfString(description), *promptSelector); if (applicationList) { // application-list + prompt acl->form(ACL::appListForm); setApplications(acl, applicationList); } else { // allow-any acl->form(ACL::allowAllForm); } access->add(acl.get()); Required(newAcl) = acl->handle(); END_SECAPI }
void xpcEngineAssess(CFURLRef path, uint flags, CFDictionaryRef context, CFMutableDictionaryRef result) { Message msg("assess"); xpc_dictionary_set_string(msg, "path", cfString(path).c_str()); xpc_dictionary_set_int64(msg, "flags", flags); CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary(); if (context) CFDictionaryApplyFunction(context, copyCFDictionary, ctx); CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx)); xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData)); msg.send(); if (int64_t error = xpc_dictionary_get_int64(msg, "error")) MacOSError::throwMe(error); size_t resultLength; const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength); CFRef<CFDictionaryRef> resultDict = makeCFDictionaryFrom(resultData, resultLength); CFDictionaryApplyFunction(resultDict, copyCFDictionary, result); CFDictionaryAddValue(result, CFSTR("assessment:remote"), kCFBooleanTrue); }
// // LaunchServices-layer document open. // We don't cache those at present. If we ever do, we need to authenticate CoreServicesUIAgent as the source of its risk assessment. // void PolicyEngine::evaluateDocOpen(CFURLRef path, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result) { if (context) { if (CFStringRef riskCategory = CFStringRef(CFDictionaryGetValue(context, kLSDownloadRiskCategoryKey))) { FileQuarantine qtn(cfString(path).c_str()); if (CFEqual(riskCategory, kLSRiskCategorySafe) || CFEqual(riskCategory, kLSRiskCategoryNeutral) || CFEqual(riskCategory, kLSRiskCategoryUnknown) || CFEqual(riskCategory, kLSRiskCategoryMayContainUnsafeExecutable)) { cfadd(result, "{%O=#T}", kSecAssessmentAssessmentVerdict); addAuthority(result, "_XProtect"); } else if (qtn.flag(QTN_FLAG_HARD)) { MacOSError::throwMe(errSecCSFileHardQuarantined); } else if (qtn.flag(QTN_FLAG_ASSESSMENT_OK)) { cfadd(result, "{%O=#T}", kSecAssessmentAssessmentVerdict); addAuthority(result, "Prior Assessment"); } else if (!overrideAssessment()) { // no need to do more work if we're off try { evaluateCode(path, kAuthorityExecute, flags, context, result, false); } catch (...) { // some documents can't be code signed, so this may be quite benign } if (CFDictionaryGetValue(result, kSecAssessmentAssessmentVerdict) == NULL) { // no code signature to help us out cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict); addAuthority(result, "_XProtect"); } } addToAuthority(result, kLSDownloadRiskCategoryKey, riskCategory); return; } } // insufficient information from LS - deny by default cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict); addAuthority(result, "Insufficient Context"); }
// // Take an assessment outcome and record it in the object cache // void PolicyEngine::recordOutcome(SecStaticCodeRef code, bool allow, AuthorityType type, double expires, SQLite::int64 authority) { CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(code, kSecCSDefaultFlags, &info.aref())); CFDataRef cdHash = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoUnique)); assert(cdHash); // was signed CFRef<CFURLRef> path; MacOSError::check(SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref())); assert(expires); SQLite::Transaction xact(*this, SQLite3::Transaction::deferred, "caching"); SQLite::Statement insert(*this, "INSERT OR REPLACE INTO object (type, allow, hash, expires, path, authority)" " VALUES (:type, :allow, :hash, :expires, :path," " CASE :authority WHEN 0 THEN (SELECT id FROM authority WHERE label = 'No Matching Rule') ELSE :authority END" " );"); insert.bind(":type").integer(type); insert.bind(":allow").integer(allow); insert.bind(":hash") = cdHash; insert.bind(":expires") = expires; insert.bind(":path") = cfString(path); insert.bind(":authority").integer(authority); insert.execute(); xact.commit(); }
string cfStringRelease(CFStringRef inStr) { CFRef<CFStringRef> str(inStr); return cfString(str); }
// // Contemplate the object-to-be-signed and set up the Signer state accordingly. // void SecCodeSigner::Signer::prepare(SecCSFlags flags) { // get the Info.plist out of the rep for some creative defaulting CFRef<CFDictionaryRef> infoDict; if (CFRef<CFDataRef> infoData = rep->component(cdInfoSlot)) infoDict.take(makeCFDictionaryFrom(infoData)); // work out the canonical identifier identifier = state.mIdentifier; if (identifier.empty()) { identifier = rep->recommendedIdentifier(state); if (identifier.find('.') == string::npos) identifier = state.mIdentifierPrefix + identifier; if (identifier.find('.') == string::npos && state.isAdhoc()) identifier = identifier + "-" + uniqueName(); secdebug("signer", "using default identifier=%s", identifier.c_str()); } else secdebug("signer", "using explicit identifier=%s", identifier.c_str()); // work out the CodeDirectory flags word if (state.mCdFlagsGiven) { cdFlags = state.mCdFlags; secdebug("signer", "using explicit cdFlags=0x%x", cdFlags); } else { cdFlags = 0; if (infoDict) if (CFTypeRef csflags = CFDictionaryGetValue(infoDict, CFSTR("CSFlags"))) { if (CFGetTypeID(csflags) == CFNumberGetTypeID()) { cdFlags = cfNumber<uint32_t>(CFNumberRef(csflags)); secdebug("signer", "using numeric cdFlags=0x%x from Info.plist", cdFlags); } else if (CFGetTypeID(csflags) == CFStringGetTypeID()) { cdFlags = cdTextFlags(cfString(CFStringRef(csflags))); secdebug("signer", "using text cdFlags=0x%x from Info.plist", cdFlags); } else MacOSError::throwMe(errSecCSBadDictionaryFormat); } } if (state.mSigner == SecIdentityRef(kCFNull)) // ad-hoc signing requested... cdFlags |= kSecCodeSignatureAdhoc; // ... so note that // prepare the resource directory, if any string rpath = rep->resourcesRootPath(); if (!rpath.empty()) { // explicitly given resource rules always win CFCopyRef<CFDictionaryRef> resourceRules = state.mResourceRules; // embedded resource rules come next if (!resourceRules && infoDict) if (CFTypeRef spec = CFDictionaryGetValue(infoDict, _kCFBundleResourceSpecificationKey)) { if (CFGetTypeID(spec) == CFStringGetTypeID()) if (CFRef<CFDataRef> data = cfLoadFile(rpath + "/" + cfString(CFStringRef(spec)))) if (CFDictionaryRef dict = makeCFDictionaryFrom(data)) resourceRules.take(dict); if (!resourceRules) // embedded rules present but unacceptable MacOSError::throwMe(errSecCSResourceRulesInvalid); } // finally, ask the DiskRep for its default if (!resourceRules) resourceRules.take(rep->defaultResourceRules(state)); // build the resource directory ResourceBuilder resources(rpath, cfget<CFDictionaryRef>(resourceRules, "rules"), digestAlgorithm()); rep->adjustResources(resources); // DiskRep-specific adjustments CFRef<CFDictionaryRef> rdir = resources.build(); resourceDirectory.take(CFPropertyListCreateXMLData(NULL, rdir)); } // screen and set the signing time CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); if (state.mSigningTime == CFDateRef(kCFNull)) { signingTime = 0; // no time at all } else if (!state.mSigningTime) { signingTime = now; // default } else { CFAbsoluteTime time = CFDateGetAbsoluteTime(state.mSigningTime); if (time > now) // not allowed to post-date a signature MacOSError::throwMe(errSecCSBadDictionaryFormat); signingTime = time; } pagesize = state.mPageSize ? cfNumber<size_t>(state.mPageSize) : rep->pageSize(state); // Timestamping setup CFRef<SecIdentityRef> mTSAuth; // identity for client-side authentication to the Timestamp server }
static pascal void NavEventProc( NavEventCallbackMessage inSelector, NavCBRecPtr ioParams, NavCallBackUserData ioUserData ) { OpenUserDataRec * data = ( OpenUserDataRec *) ioUserData ; if (inSelector == kNavCBEvent) { #if TARGET_CARBON #else wxTheApp->MacHandleOneEvent(ioParams->eventData.eventDataParms.event); #endif } else if ( inSelector == kNavCBStart ) { #if TARGET_CARBON if (data && !(data->defaultLocation).IsEmpty()) { // Set default location for the modern Navigation APIs // Apple Technical Q&A 1151 FSSpec theFSSpec; wxMacFilename2FSSpec(data->defaultLocation, &theFSSpec); AEDesc theLocation = {typeNull, NULL}; if (noErr == ::AECreateDesc(typeFSS, &theFSSpec, sizeof(FSSpec), &theLocation)) ::NavCustomControl(ioParams->context, kNavCtlSetLocation, (void *) &theLocation); } #else if ( data->menuitems ) NavCustomControl(ioParams->context, kNavCtlSelectCustomType, &(*data->menuitems)[data->currentfilter]); #endif } else if ( inSelector == kNavCBPopupMenuSelect ) { NavMenuItemSpec * menu = (NavMenuItemSpec *) ioParams->eventData.eventDataParms.param ; #if TARGET_CARBON #else if ( menu->menuCreator == 'WXNG' ) #endif { data->currentfilter = menu->menuType ; if ( data->saveMode ) { int i = menu->menuType ; wxString extension = data->extensions[i].AfterLast('.') ; extension.MakeLower() ; wxString sfilename ; #if TARGET_CARBON wxMacCFStringHolder cfString( NavDialogGetSaveFileName( ioParams->context ) , false ); sfilename = cfString.AsString() ; #else Str255 filename ; // get the current filename NavCustomControl(ioParams->context, kNavCtlGetEditFileName, &filename); sfilename = wxMacMakeStringFromPascal( filename ) ; #endif int pos = sfilename.Find('.', true) ; if ( pos != wxNOT_FOUND ) { sfilename = sfilename.Left(pos+1)+extension ; #if TARGET_CARBON cfString.Assign( sfilename , wxFONTENCODING_DEFAULT ) ; NavDialogSetSaveFileName( ioParams->context , cfString ) ; #else wxMacStringToPascal( sfilename , filename ) ; NavCustomControl(ioParams->context, kNavCtlSetEditFileName, &filename); #endif } } } } }
static void HandleCustomMouseDown(NavCBRecPtr callBackParms, CustomData *data) { EventRecord *evt = callBackParms->eventData.eventDataParms.event; Point where = evt->where; GlobalToLocal(&where); ControlRef control = FindControlUnderMouse(where, callBackParms->window, NULL); if (control != NULL) { ControlID cid; GetControlID(control, &cid); HandleControlClick(control, where, evt->modifiers, (ControlActionUPP)-1L); if (cid.signature == kCustom) { switch (cid.id) { case kChoice: { MenuRef menu; UInt32 v; menu = GetControlPopupMenuRef(control); v = GetControl32BitValue(control) - 1; const size_t numFilters = data->extensions.GetCount(); if (v < numFilters) { data->currentfilter = v; if (data->saveMode) { int i = data->currentfilter; wxString extension = data->extensions[i].AfterLast('.') ; extension.MakeLower() ; wxString sfilename ; wxMacCFStringHolder cfString(NavDialogGetSaveFileName(callBackParms->context), false); sfilename = cfString.AsString() ; #if 0 int pos = sfilename.Find('.', true) ; if (pos != wxNOT_FOUND) { sfilename = sfilename.Left(pos + 1) + extension; cfString.Assign(sfilename, wxFONTENCODING_DEFAULT); NavDialogSetSaveFileName(callBackParms->context, cfString); } #endif } NavCustomControl(callBackParms->context, kNavCtlBrowserRedraw, NULL); } break; } case kButton: { data->me->ClickButton(GetControl32BitValue(data->choice) - 1); break; } } } } }
bool PolicyEngine::temporarySigning(SecStaticCodeRef code, AuthorityType type, CFURLRef path, SecAssessmentFlags matchFlags) { if (matchFlags == 0) { // playback; consult authority table for matches DiskRep *rep = SecStaticCode::requiredStatic(code)->diskRep(); std::string screen; if (CFRef<CFDataRef> info = rep->component(cdInfoSlot)) { SHA1 hash; hash.update(CFDataGetBytePtr(info), CFDataGetLength(info)); screen = createWhitelistScreen('I', hash); } else if (rep->mainExecutableImage()) { screen = "N"; } else { SHA1 hash; hashFileData(rep->mainExecutablePath().c_str(), &hash); screen = createWhitelistScreen('M', hash); } SQLite::Statement query(*this, "SELECT flags FROM authority " "WHERE type = :type" " AND NOT flags & :flag" " AND CASE WHEN filter_unsigned IS NULL THEN remarks = :remarks ELSE filter_unsigned = :screen END"); query.bind(":type").integer(type); query.bind(":flag").integer(kAuthorityFlagDefault); query.bind(":screen") = screen; query.bind(":remarks") = cfString(path); if (!query.nextRow()) // guaranteed no matching rule return false; matchFlags = SQLite3::int64(query[0]); } try { // ad-hoc sign the code and attach the signature CFRef<CFDataRef> signature = CFDataCreateMutable(NULL, 0); CFTemp<CFDictionaryRef> arguments("{%O=%O, %O=#N}", kSecCodeSignerDetached, signature.get(), kSecCodeSignerIdentity); CFRef<SecCodeSignerRef> signer; MacOSError::check(SecCodeSignerCreate(arguments, (matchFlags & kAuthorityFlagWhitelistV2) ? kSecCSSignOpaque : kSecCSSignV1, &signer.aref())); MacOSError::check(SecCodeSignerAddSignature(signer, code, kSecCSDefaultFlags)); MacOSError::check(SecCodeSetDetachedSignature(code, signature, kSecCSDefaultFlags)); SecRequirementRef dr = NULL; SecCodeCopyDesignatedRequirement(code, kSecCSDefaultFlags, &dr); CFStringRef drs = NULL; SecRequirementCopyString(dr, kSecCSDefaultFlags, &drs); // if we're in GKE recording mode, save that signature and report its location if (SYSPOLICY_RECORDER_MODE_ENABLED()) { int status = recorder_code_unable; // ephemeral signature (not recorded) if (geteuid() == 0) { CFRef<CFUUIDRef> uuid = CFUUIDCreate(NULL); std::string sigfile = RECORDER_DIR + cfStringRelease(CFUUIDCreateString(NULL, uuid)) + ".tsig"; try { UnixPlusPlus::AutoFileDesc fd(sigfile, O_WRONLY | O_CREAT); fd.write(CFDataGetBytePtr(signature), CFDataGetLength(signature)); status = recorder_code_adhoc; // recorded signature SYSPOLICY_RECORDER_MODE_ADHOC_PATH(cfString(path).c_str(), type, sigfile.c_str()); } catch (...) { } } // now report the D probe itself CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(code, kSecCSDefaultFlags, &info.aref())); CFDataRef cdhash = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoUnique)); SYSPOLICY_RECORDER_MODE(cfString(path).c_str(), type, "", cdhash ? CFDataGetBytePtr(cdhash) : NULL, status); } return true; // it worked; we're now (well) signed } catch (...) { } return false; }
// // Executable code. // Read from disk, evaluate properly, cache as indicated. The whole thing, so far. // void PolicyEngine::evaluateCode(CFURLRef path, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result, bool handleUnsignedCode /* = true */) { FileQuarantine qtn(cfString(path).c_str()); if (qtn.flag(QTN_FLAG_HARD)) MacOSError::throwMe(errSecCSFileHardQuarantined); CFRef<SecStaticCodeRef> code; MacOSError::check(SecStaticCodeCreateWithPath(path, kSecCSDefaultFlags, &code.aref())); OSStatus rc = noErr; // last validation error const SecCSFlags validationFlags = kSecCSEnforceRevocationChecks; WhitelistPrescreen whitelistScreen(code); // pre-screening filter for whitelist pre-screening (only) SQLite::Statement query(*this, "SELECT allow, requirement, id, label, expires, flags, disabled, filter_unsigned, remarks FROM scan_authority" " WHERE type = :type" " ORDER BY priority DESC;"); query.bind(":type").integer(type); SQLite3::int64 latentID = 0; // first (highest priority) disabled matching ID std::string latentLabel; // ... and associated label, if any while (query.nextRow()) { bool allow = int(query[0]); const char *reqString = query[1]; SQLite3::int64 id = query[2]; const char *label = query[3]; double expires = query[4]; sqlite3_int64 ruleFlags = query[5]; SQLite3::int64 disabled = query[6]; const char *filter = query[7]; const char *remarks = query[8]; CFRef<SecRequirementRef> requirement; MacOSError::check(SecRequirementCreateWithString(CFTempString(reqString), kSecCSDefaultFlags, &requirement.aref())); rc = SecStaticCodeCheckValidity(code, validationFlags, requirement); // ad-hoc sign unsigned code, skip of Gatekeeper is off or the rule is disabled; but always do it for whitelist recording if (rc == errSecCSUnsigned && handleUnsignedCode && (!(disabled || overrideAssessment()) || SYSPOLICY_RECORDER_MODE_ENABLED())) { if (!SYSPOLICY_RECORDER_MODE_ENABLED()) { // apply whitelist pre-screening to speed things up for non-matches if (ruleFlags & kAuthorityFlagDefault) // can't ever match standard rules with unsigned code continue; if (whitelistScreen.reject(filter, remarks)) // apply whitelist pre-filter continue; } try { // ad-hoc sign the code and attach the signature CFRef<CFDataRef> signature = CFDataCreateMutable(NULL, 0); CFTemp<CFDictionaryRef> arguments("{%O=%O, %O=#N}", kSecCodeSignerDetached, signature.get(), kSecCodeSignerIdentity); CFRef<SecCodeSignerRef> signer; MacOSError::check(SecCodeSignerCreate(arguments, kSecCSDefaultFlags, &signer.aref())); MacOSError::check(SecCodeSignerAddSignature(signer, code, kSecCSDefaultFlags)); MacOSError::check(SecCodeSetDetachedSignature(code, signature, kSecCSDefaultFlags)); // if we're in GKE recording mode, save that signature and report its location if (SYSPOLICY_RECORDER_MODE_ENABLED()) { int status = recorder_code_unable; // ephemeral signature (not recorded) if (geteuid() == 0) { CFRef<CFUUIDRef> uuid = CFUUIDCreate(NULL); std::string sigfile = RECORDER_DIR + cfStringRelease(CFUUIDCreateString(NULL, uuid)) + ".tsig"; try { UnixPlusPlus::AutoFileDesc fd(sigfile, O_WRONLY | O_CREAT); fd.write(CFDataGetBytePtr(signature), CFDataGetLength(signature)); status = recorder_code_adhoc; // recorded signature SYSPOLICY_RECORDER_MODE_ADHOC_PATH(cfString(path).c_str(), type, sigfile.c_str()); } catch (...) { } } // now report the D probe itself CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(code, kSecCSDefaultFlags, &info.aref())); CFDataRef cdhash = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoUnique)); SYSPOLICY_RECORDER_MODE(cfString(path).c_str(), type, "", cdhash ? CFDataGetBytePtr(cdhash) : NULL, status); } // rerun the validation to update state rc = SecStaticCodeCheckValidity(code, validationFlags | kSecCSBasicValidateOnly, requirement); } catch (...) { } } switch (rc) { case noErr: // well signed and satisfies requirement... break; // ... continue below case errSecCSSignatureFailed: if (!codeInvalidityExceptions(code, result)) { if (SYSPOLICY_ASSESS_OUTCOME_BROKEN_ENABLED()) SYSPOLICY_ASSESS_OUTCOME_BROKEN(cfString(path).c_str(), type, false); MacOSError::throwMe(rc); } if (SYSPOLICY_ASSESS_OUTCOME_BROKEN_ENABLED()) SYSPOLICY_ASSESS_OUTCOME_BROKEN(cfString(path).c_str(), type, true); // treat as unsigned to fix problems in the field case errSecCSUnsigned: if (handleUnsignedCode) { cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict); addAuthority(result, "no usable signature"); } return; case errSecCSReqFailed: // requirement missed, but otherwise okay continue; default: // broken in some way; all tests will fail like this so bail out MacOSError::throwMe(rc); } if (disabled) { if (latentID == 0) { latentID = id; if (label) latentLabel = label; } continue; // the loop } CFRef<CFDictionaryRef> info; // as needed if (flags & kSecAssessmentFlagRequestOrigin) { if (!info) MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); if (CFArrayRef chain = CFArrayRef(CFDictionaryGetValue(info, kSecCodeInfoCertificates))) setOrigin(chain, result); } if (!(ruleFlags & kAuthorityFlagInhibitCache) && !(flags & kSecAssessmentFlagNoCache)) { // cache inhibit if (!info) MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); if (SecTrustRef trust = SecTrustRef(CFDictionaryGetValue(info, kSecCodeInfoTrust))) { CFRef<CFDictionaryRef> xinfo; MacOSError::check(SecTrustCopyExtendedResult(trust, &xinfo.aref())); if (CFDateRef limit = CFDateRef(CFDictionaryGetValue(xinfo, kSecTrustExpirationDate))) { this->recordOutcome(code, allow, type, min(expires, dateToJulian(limit)), id); } } } if (allow) { if (SYSPOLICY_ASSESS_OUTCOME_ACCEPT_ENABLED()) { if (!info) MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); CFDataRef cdhash = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoUnique)); SYSPOLICY_ASSESS_OUTCOME_ACCEPT(cfString(path).c_str(), type, label, cdhash ? CFDataGetBytePtr(cdhash) : NULL); } } else { if (SYSPOLICY_ASSESS_OUTCOME_DENY_ENABLED() || SYSPOLICY_RECORDER_MODE_ENABLED()) { if (!info) MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); CFDataRef cdhash = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoUnique)); std::string cpath = cfString(path); const void *hashp = cdhash ? CFDataGetBytePtr(cdhash) : NULL; SYSPOLICY_ASSESS_OUTCOME_DENY(cpath.c_str(), type, label, hashp); SYSPOLICY_RECORDER_MODE(cpath.c_str(), type, label, hashp, recorder_code_untrusted); } } cfadd(result, "{%O=%B}", kSecAssessmentAssessmentVerdict, allow); addAuthority(result, label, id); return; } if (rc == errSecCSUnsigned) { // skipped all applicable rules due to pre-screening cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict); addAuthority(result, "no usable signature"); return; } // no applicable authority (but signed, perhaps temporarily). Deny by default CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); if (flags & kSecAssessmentFlagRequestOrigin) { if (CFArrayRef chain = CFArrayRef(CFDictionaryGetValue(info, kSecCodeInfoCertificates))) setOrigin(chain, result); } if (SYSPOLICY_ASSESS_OUTCOME_DEFAULT_ENABLED() || SYSPOLICY_RECORDER_MODE_ENABLED()) { CFDataRef cdhash = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoUnique)); const void *hashp = cdhash ? CFDataGetBytePtr(cdhash) : NULL; std::string cpath = cfString(path); SYSPOLICY_ASSESS_OUTCOME_DEFAULT(cpath.c_str(), type, latentLabel.c_str(), hashp); SYSPOLICY_RECORDER_MODE(cpath.c_str(), type, latentLabel.c_str(), hashp, 0); } if (!(flags & kSecAssessmentFlagNoCache)) this->recordOutcome(code, false, type, this->julianNow() + NEGATIVE_HOLD, latentID); cfadd(result, "{%O=%B}", kSecAssessmentAssessmentVerdict, false); addAuthority(result, latentLabel.c_str(), latentID); }
// // Installer archive. // Hybrid policy: If we detect an installer signature, use and validate that. // If we don't, check for a code signature instead. // void PolicyEngine::evaluateInstall(CFURLRef path, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result) { const AuthorityType type = kAuthorityInstall; Xar xar(cfString(path).c_str()); if (!xar) { // follow the code signing path evaluateCode(path, type, flags, context, result); return; } SQLite3::int64 latentID = 0; // first (highest priority) disabled matching ID std::string latentLabel; // ... and associated label, if any if (!xar.isSigned()) { // unsigned xar if (SYSPOLICY_ASSESS_OUTCOME_UNSIGNED_ENABLED()) SYSPOLICY_ASSESS_OUTCOME_UNSIGNED(cfString(path).c_str(), type); cfadd(result, "{%O=%B}", kSecAssessmentAssessmentVerdict, false); addAuthority(result, "no usable signature"); return; } if (CFRef<CFArrayRef> certs = xar.copyCertChain()) { CFRef<CFTypeRef> policy = installerPolicy(); CFRef<SecTrustRef> trust; MacOSError::check(SecTrustCreateWithCertificates(certs, policy, &trust.aref())); // MacOSError::check(SecTrustSetAnchorCertificates(trust, cfEmptyArray())); // no anchors MacOSError::check(SecTrustSetOptions(trust, kSecTrustOptionAllowExpired | kSecTrustOptionImplicitAnchors)); SecTrustResultType trustResult; MacOSError::check(SecTrustEvaluate(trust, &trustResult)); CFRef<CFArrayRef> chain; CSSM_TP_APPLE_EVIDENCE_INFO *info; MacOSError::check(SecTrustGetResult(trust, &trustResult, &chain.aref(), &info)); if (flags & kSecAssessmentFlagRequestOrigin) setOrigin(chain, result); switch (trustResult) { case kSecTrustResultProceed: case kSecTrustResultUnspecified: break; default: { OSStatus rc; MacOSError::check(SecTrustGetCssmResultCode(trust, &rc)); MacOSError::throwMe(rc); } } SQLite::Statement query(*this, "SELECT allow, requirement, id, label, flags, disabled FROM scan_authority" " WHERE type = :type" " ORDER BY priority DESC;"); query.bind(":type").integer(type); while (query.nextRow()) { bool allow = int(query[0]); const char *reqString = query[1]; SQLite3::int64 id = query[2]; const char *label = query[3]; //sqlite_uint64 ruleFlags = query[4]; SQLite3::int64 disabled = query[5]; CFRef<SecRequirementRef> requirement; MacOSError::check(SecRequirementCreateWithString(CFTempString(reqString), kSecCSDefaultFlags, &requirement.aref())); switch (OSStatus rc = SecRequirementEvaluate(requirement, chain, NULL, kSecCSDefaultFlags)) { case noErr: // success break; case errSecCSReqFailed: // requirement missed, but otherwise okay continue; default: // broken in some way; all tests will fail like this so bail out MacOSError::throwMe(rc); } if (disabled) { if (latentID == 0) { latentID = id; if (label) latentLabel = label; } continue; // the loop } if (SYSPOLICY_ASSESS_OUTCOME_ACCEPT_ENABLED() || SYSPOLICY_ASSESS_OUTCOME_DENY_ENABLED()) { if (allow) SYSPOLICY_ASSESS_OUTCOME_ACCEPT(cfString(path).c_str(), type, label, NULL); else SYSPOLICY_ASSESS_OUTCOME_DENY(cfString(path).c_str(), type, label, NULL); } // not adding to the object cache - we could, but it's not likely to be worth it cfadd(result, "{%O=%B}", kSecAssessmentAssessmentVerdict, allow); addAuthority(result, label, id); return; } } if (SYSPOLICY_ASSESS_OUTCOME_DEFAULT_ENABLED()) SYSPOLICY_ASSESS_OUTCOME_DEFAULT(cfString(path).c_str(), type, latentLabel.c_str(), NULL); // no applicable authority. Deny by default cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict); addAuthority(result, latentLabel.c_str(), latentID); }
string cfStringRelease(CFURLRef inUrl) { CFRef<CFURLRef> bundle(inUrl); return cfString(bundle); }
string cfStringRelease(CFBundleRef inBundle) { CFRef<CFBundleRef> bundle(inBundle); return cfString(bundle); }
// // Add a rule to the policy database // CFDictionaryRef PolicyEngine::add(CFTypeRef inTarget, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context) { // default type to execution if (type == kAuthorityInvalid) type = kAuthorityExecute; authorizeUpdate(flags, context); CFDictionary ctx(context, errSecCSInvalidAttributeValues); CFCopyRef<CFTypeRef> target = inTarget; CFRef<CFDataRef> bookmark = NULL; std::string filter_unsigned; switch (type) { case kAuthorityExecute: normalizeTarget(target, ctx, &filter_unsigned); // bookmarks are untrusted and just a hint to callers bookmark = ctx.get<CFDataRef>(kSecAssessmentRuleKeyBookmark); break; case kAuthorityInstall: if (inTarget && CFGetTypeID(inTarget) == CFURLGetTypeID()) { // no good way to turn an installer file into a requirement. Pretend to succeeed so caller proceeds return cfmake<CFDictionaryRef>("{%O=%O}", kSecAssessmentAssessmentAuthorityOverride, CFSTR("virtual install")); } break; case kAuthorityOpenDoc: // handle document-open differently: use quarantine flags for whitelisting if (!target || CFGetTypeID(target) != CFURLGetTypeID()) // can only "add" file paths MacOSError::throwMe(errSecCSInvalidObjectRef); try { std::string spath = cfString(target.as<CFURLRef>()); FileQuarantine qtn(spath.c_str()); qtn.setFlag(QTN_FLAG_ASSESSMENT_OK); qtn.applyTo(spath.c_str()); } catch (const CommonError &error) { // could not set quarantine flag - report qualified success return cfmake<CFDictionaryRef>("{%O=%O,'assessment:error'=%d}", kSecAssessmentAssessmentAuthorityOverride, CFSTR("error setting quarantine"), error.osStatus()); } catch (...) { return cfmake<CFDictionaryRef>("{%O=%O}", kSecAssessmentAssessmentAuthorityOverride, CFSTR("unable to set quarantine")); } return NULL; } // if we now have anything else, we're busted if (!target || CFGetTypeID(target) != SecRequirementGetTypeID()) MacOSError::throwMe(errSecCSInvalidObjectRef); double priority = 0; string label; bool allow = true; double expires = never; string remarks; if (CFNumberRef pri = ctx.get<CFNumberRef>(kSecAssessmentUpdateKeyPriority)) CFNumberGetValue(pri, kCFNumberDoubleType, &priority); if (CFStringRef lab = ctx.get<CFStringRef>(kSecAssessmentUpdateKeyLabel)) label = cfString(lab); if (CFDateRef time = ctx.get<CFDateRef>(kSecAssessmentUpdateKeyExpires)) // we're using Julian dates here; convert from CFDate expires = dateToJulian(time); if (CFBooleanRef allowing = ctx.get<CFBooleanRef>(kSecAssessmentUpdateKeyAllow)) allow = allowing == kCFBooleanTrue; if (CFStringRef rem = ctx.get<CFStringRef>(kSecAssessmentUpdateKeyRemarks)) remarks = cfString(rem); CFRef<CFStringRef> requirementText; MacOSError::check(SecRequirementCopyString(target.as<SecRequirementRef>(), kSecCSDefaultFlags, &requirementText.aref())); SQLite::Transaction xact(*this, SQLite3::Transaction::deferred, "add_rule"); SQLite::Statement insert(*this, "INSERT INTO authority (type, allow, requirement, priority, label, expires, filter_unsigned, remarks)" " VALUES (:type, :allow, :requirement, :priority, :label, :expires, :filter_unsigned, :remarks);"); insert.bind(":type").integer(type); insert.bind(":allow").integer(allow); insert.bind(":requirement") = requirementText.get(); insert.bind(":priority") = priority; if (!label.empty()) insert.bind(":label") = label; insert.bind(":expires") = expires; insert.bind(":filter_unsigned") = filter_unsigned.empty() ? NULL : filter_unsigned.c_str(); if (!remarks.empty()) insert.bind(":remarks") = remarks; insert.execute(); SQLite::int64 newRow = this->lastInsert(); if (bookmark) { SQLite::Statement bi(*this, "INSERT INTO bookmarkhints (bookmark, authority) VALUES (:bookmark, :authority)"); bi.bind(":bookmark") = CFDataRef(bookmark); bi.bind(":authority").integer(newRow); bi.execute(); } this->purgeObjects(priority); xact.commit(); notify_post(kNotifySecAssessmentUpdate); return cfmake<CFDictionaryRef>("{%O=%d}", kSecAssessmentUpdateKeyRow, newRow); }
int FileDialog::ShowModal() { OSErr err; NavDialogCreationOptions dialogCreateOptions; // set default options ::NavGetDefaultDialogCreationOptions(&dialogCreateOptions); // this was always unset in the old code dialogCreateOptions.optionFlags &= ~kNavSelectDefaultLocation; wxMacCFStringHolder message(m_message, GetFont().GetEncoding()); dialogCreateOptions.windowTitle = message; wxMacCFStringHolder defaultFileName(m_fileName, GetFont().GetEncoding()); dialogCreateOptions.saveFileName = defaultFileName; NavDialogRef dialog; NavObjectFilterUPP navFilterUPP = NULL; CustomData myData; SetRect(&myData.bounds, 0, 0, 0, 0); myData.me = this; myData.window = NULL; myData.defaultLocation = m_dir; myData.userpane = NULL; myData.choice = NULL; myData.button = NULL; myData.saveMode = false; myData.showing = true; Rect r; SInt16 base; SInt16 margin = 3; SInt16 gap = 0; MakeUserDataRec(&myData , m_wildCard); myData.currentfilter = m_filterIndex; size_t numFilters = myData.extensions.GetCount(); if (numFilters) { CreateNewMenu(0, 0, &myData.menu); for ( size_t i = 0 ; i < numFilters ; ++i ) { ::AppendMenuItemTextWithCFString(myData.menu, wxMacCFStringHolder(myData.name[i], GetFont().GetEncoding()), 4, i, NULL); } SetRect(&r, 0, margin, 0, 0); CreatePopupButtonControl(NULL, &r, CFSTR("Format:"), -12345, true, -1, teJustLeft, normal, &myData.choice); SetControlID(myData.choice, &kChoiceID); SetControlPopupMenuRef(myData.choice, myData.menu); SetControl32BitMinimum(myData.choice, 1); SetControl32BitMaximum(myData.choice, myData.name.GetCount()); SetControl32BitValue(myData.choice, myData.currentfilter + 1); GetBestControlRect(myData.choice, &r, &base); SizeControl(myData.choice, r.right - r.left, r.bottom - r.top); UnionRect(&myData.bounds, &r, &myData.bounds); gap = 15; HIObjectSetAuxiliaryAccessibilityAttribute((HIObjectRef)myData.choice, 0, kAXDescriptionAttribute, CFSTR("Format")); } if (!m_buttonlabel.IsEmpty()) { wxMacCFStringHolder cfString(wxStripMenuCodes(m_buttonlabel).c_str(), wxFONTENCODING_DEFAULT); SetRect(&r, myData.bounds.right + gap, margin, 0, 0); CreatePushButtonControl(NULL, &r, cfString, &myData.button); SetControlID(myData.button, &kButtonID); GetBestControlRect(myData.button, &r, &base); SizeControl(myData.button, r.right - r.left, r.bottom - r.top); UnionRect(&myData.bounds, &r, &myData.bounds); } // Expand bounding rectangle to include a top and bottom margin myData.bounds.top -= margin; myData.bounds.bottom += margin; dialogCreateOptions.optionFlags |= kNavNoTypePopup; if (m_dialogStyle & wxFD_SAVE) { dialogCreateOptions.modality = kWindowModalityWindowModal; dialogCreateOptions.parentWindow = (WindowRef) GetParent()->MacGetTopLevelWindowRef(); myData.saveMode = true; if (!numFilters) { dialogCreateOptions.optionFlags |= kNavNoTypePopup; } dialogCreateOptions.optionFlags |= kNavDontAutoTranslate; dialogCreateOptions.optionFlags |= kNavDontAddTranslateItems; // The extension is important if (numFilters < 2) dialogCreateOptions.optionFlags |= kNavPreserveSaveFileExtension; #if TARGET_API_MAC_OSX if (!(m_dialogStyle & wxFD_OVERWRITE_PROMPT)) { dialogCreateOptions.optionFlags |= kNavDontConfirmReplacement; } #endif err = ::NavCreatePutFileDialog(&dialogCreateOptions, // Suppresses the 'Default' (top) menu item kNavGenericSignature, kNavGenericSignature, sStandardNavEventFilter, &myData, // for defaultLocation &dialog); } else { //let people select bundles/programs in dialogs dialogCreateOptions.optionFlags |= kNavSupportPackages; navFilterUPP = NewNavObjectFilterUPP(CrossPlatformFilterCallback); err = ::NavCreateGetFileDialog(&dialogCreateOptions, NULL, // NavTypeListHandle sStandardNavEventFilter, NULL, // NavPreviewUPP navFilterUPP, (void *) &myData, // inClientData &dialog); } if (err == noErr) err = ::NavDialogRun(dialog); if (err == noErr) { myData.window = NavDialogGetWindow(dialog); Rect r; // This creates our "fake" dialog with the same dimensions as the sheet so // that Options dialogs will center properly on the sheet. The "fake" dialog // is never actually seen. GetWindowBounds(myData.window, kWindowStructureRgn, &r); wxDialog::Create(NULL, // no parent...otherwise strange things happen wxID_ANY, wxEmptyString, wxPoint(r.left, r.top), wxSize(r.right - r.left, r.bottom - r.top)); BeginAppModalStateForWindow(myData.window); while (myData.showing) { wxTheApp->MacDoOneEvent(); } EndAppModalStateForWindow(myData.window); } // clean up filter related data, etc. if (navFilterUPP) ::DisposeNavObjectFilterUPP(navFilterUPP); if (err != noErr) return wxID_CANCEL; NavReplyRecord navReply; err = ::NavDialogGetReply(dialog, &navReply); if (err == noErr && navReply.validRecord) { AEKeyword theKeyword; DescType actualType; Size actualSize; FSRef theFSRef; wxString thePath ; m_filterIndex = myData.currentfilter; long count; ::AECountItems(&navReply.selection , &count); for (long i = 1; i <= count; ++i) { err = ::AEGetNthPtr(&(navReply.selection), i, typeFSRef, &theKeyword, &actualType, &theFSRef, sizeof(theFSRef), &actualSize); if (err != noErr) break; if (m_dialogStyle & wxFD_SAVE) thePath = wxMacFSRefToPath( &theFSRef , navReply.saveFileName ) ; else thePath = wxMacFSRefToPath( &theFSRef ) ; if (!thePath) { ::NavDisposeReply(&navReply); return wxID_CANCEL; } m_path = ConvertSlashInFileName(thePath); m_paths.Add(m_path); m_fileName = wxFileNameFromPath(m_path); m_fileNames.Add(m_fileName); } // set these to the first hit m_path = m_paths[0]; m_fileName = wxFileNameFromPath(m_path); m_dir = wxPathOnly(m_path); } ::NavDisposeReply(&navReply); return (err == noErr) ? wxID_OK : wxID_CANCEL; }
// // Bonus function: get the path out of a SecCodeRef // std::string codePath(SecStaticCodeRef code) { CFRef<CFURLRef> path; MacOSError::check(SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref())); return cfString(path); }
// // The executable path is a bit annoying to get, but not quite // annoying enough to cache the result. // string OSXCodeWrap::executablePath() const { CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(mCode, kSecCSDefaultFlags, &info.aref())); return cfString(CFURLRef(CFDictionaryGetValue(info, kSecCodeInfoMainExecutable))); }
void PolicyEngine::evaluateCodeItem(SecStaticCodeRef code, CFURLRef path, AuthorityType type, SecAssessmentFlags flags, bool nested, CFMutableDictionaryRef result) { SQLite::Statement query(*this, "SELECT allow, requirement, id, label, expires, flags, disabled, filter_unsigned, remarks FROM scan_authority" " WHERE type = :type" " ORDER BY priority DESC;"); query.bind(":type").integer(type); SQLite3::int64 latentID = 0; // first (highest priority) disabled matching ID std::string latentLabel; // ... and associated label, if any while (query.nextRow()) { bool allow = int(query[0]); const char *reqString = query[1]; SQLite3::int64 id = query[2]; const char *label = query[3]; double expires = query[4]; sqlite3_int64 ruleFlags = query[5]; SQLite3::int64 disabled = query[6]; // const char *filter = query[7]; // const char *remarks = query[8]; CFRef<SecRequirementRef> requirement; MacOSError::check(SecRequirementCreateWithString(CFTempString(reqString), kSecCSDefaultFlags, &requirement.aref())); switch (OSStatus rc = SecStaticCodeCheckValidity(code, kSecCSBasicValidateOnly, requirement)) { case errSecSuccess: break; // rule match; process below case errSecCSReqFailed: continue; // rule does not apply case errSecCSVetoed: return; // nested code has failed to pass default: MacOSError::throwMe(rc); // general error; pass to caller } // if this rule is disabled, skip it but record the first matching one for posterity if (disabled && latentID == 0) { latentID = id; latentLabel = label ? label : ""; continue; } // current rule is first rule (in priority order) that matched. Apply it if (nested) // success, nothing to record return; CFRef<CFDictionaryRef> info; // as needed if (flags & kSecAssessmentFlagRequestOrigin) { if (!info) MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); if (CFArrayRef chain = CFArrayRef(CFDictionaryGetValue(info, kSecCodeInfoCertificates))) setOrigin(chain, result); } if (!(ruleFlags & kAuthorityFlagInhibitCache) && !(flags & kSecAssessmentFlagNoCache)) { // cache inhibit if (!info) MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); if (SecTrustRef trust = SecTrustRef(CFDictionaryGetValue(info, kSecCodeInfoTrust))) { CFRef<CFDictionaryRef> xinfo; MacOSError::check(SecTrustCopyExtendedResult(trust, &xinfo.aref())); if (CFDateRef limit = CFDateRef(CFDictionaryGetValue(xinfo, kSecTrustExpirationDate))) { this->recordOutcome(code, allow, type, min(expires, dateToJulian(limit)), id); } } } if (allow) { if (SYSPOLICY_ASSESS_OUTCOME_ACCEPT_ENABLED()) { if (!info) MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); CFDataRef cdhash = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoUnique)); SYSPOLICY_ASSESS_OUTCOME_ACCEPT(cfString(path).c_str(), type, label, cdhash ? CFDataGetBytePtr(cdhash) : NULL); } } else { if (SYSPOLICY_ASSESS_OUTCOME_DENY_ENABLED() || SYSPOLICY_RECORDER_MODE_ENABLED()) { if (!info) MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); CFDataRef cdhash = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoUnique)); std::string cpath = cfString(path); const void *hashp = cdhash ? CFDataGetBytePtr(cdhash) : NULL; SYSPOLICY_ASSESS_OUTCOME_DENY(cpath.c_str(), type, label, hashp); SYSPOLICY_RECORDER_MODE(cpath.c_str(), type, label, hashp, recorder_code_untrusted); } } cfadd(result, "{%O=%B}", kSecAssessmentAssessmentVerdict, allow); addAuthority(flags, result, label, id); return; } // no applicable authority (but signed, perhaps temporarily). Deny by default CFRef<CFDictionaryRef> info; MacOSError::check(SecCodeCopySigningInformation(code, kSecCSSigningInformation, &info.aref())); if (flags & kSecAssessmentFlagRequestOrigin) { if (CFArrayRef chain = CFArrayRef(CFDictionaryGetValue(info, kSecCodeInfoCertificates))) setOrigin(chain, result); } if (SYSPOLICY_ASSESS_OUTCOME_DEFAULT_ENABLED() || SYSPOLICY_RECORDER_MODE_ENABLED()) { CFDataRef cdhash = CFDataRef(CFDictionaryGetValue(info, kSecCodeInfoUnique)); const void *hashp = cdhash ? CFDataGetBytePtr(cdhash) : NULL; std::string cpath = cfString(path); SYSPOLICY_ASSESS_OUTCOME_DEFAULT(cpath.c_str(), type, latentLabel.c_str(), hashp); SYSPOLICY_RECORDER_MODE(cpath.c_str(), type, latentLabel.c_str(), hashp, 0); } if (!(flags & kSecAssessmentFlagNoCache)) this->recordOutcome(code, false, type, this->julianNow() + NEGATIVE_HOLD, latentID); cfadd(result, "{%O=%B}", kSecAssessmentAssessmentVerdict, false); addAuthority(flags, result, latentLabel.c_str(), latentID); }