File: signature_evaluator_mac.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (70 lines) | stat: -rw-r--r-- 2,652 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_SAFE_BROWSING_SIGNATURE_EVALUATOR_MAC_H_
#define CHROME_BROWSER_SAFE_BROWSING_SIGNATURE_EVALUATOR_MAC_H_

#include <Security/Security.h>

#include <string>

#include "base/apple/scoped_cftyperef.h"
#include "base/files/file_path.h"
#include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incident.h"

namespace safe_browsing {

// Wraps the macOS SecStaticCode API, to evaluate a given file object
// with a given code requirement, and produce a list of incident reports
// for files that fail code signature validity checks.
class MacSignatureEvaluator {
 public:
  explicit MacSignatureEvaluator(const base::FilePath& signed_object_path);

  // The requirement string must be a valid "Code Signing Requirement Language
  // string, which describes the identity of the signer.
  MacSignatureEvaluator(const base::FilePath& signed_object_path,
                        const std::string& requirement);

  MacSignatureEvaluator(const MacSignatureEvaluator&) = delete;
  MacSignatureEvaluator& operator=(const MacSignatureEvaluator&) = delete;

  ~MacSignatureEvaluator();

  // Creates the static code object and requirement string, and returns
  // true if the object creation succeeds, else false.
  bool Initialize();

  // Evaluate the signature and return a list of any binary integrity incident
  // reports. Returns true if and only if the signed code object is valid.
  bool PerformEvaluation(
      ClientIncidentReport_IncidentData_BinaryIntegrityIncident* incident);

  // Returns relative path component between a parent and a child.
  // For example, /foo/bar and /foo/bar/y returns y. Note that
  // this knows nothing about symlinks. Exposed for testing.
  static bool GetRelativePathComponent(const base::FilePath& parent,
                                       const base::FilePath& child,
                                       std::string* out);

 private:
  // The path to the code object on disk.
  base::FilePath path_;

  // A Code Signing Requirement string.
  std::string requirement_str_;

  // Records whether or not a requirement string was specified.
  bool has_requirement_;

  // The static code object constructed from the code object on disk.
  base::apple::ScopedCFTypeRef<SecStaticCodeRef> code_;

  // The requirement object constructed from the requirement string.
  base::apple::ScopedCFTypeRef<SecRequirementRef> requirement_;
};

}  // namespace safe_browsing

#endif  // CHROME_BROWSER_SAFE_BROWSING_SIGNATURE_EVALUATOR_MAC_H_