VirtualBox

Ignore:
Timestamp:
Oct 24, 2018 4:40:28 PM (6 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
126099
Message:

SUPDrv: Made the sketches for bugref:9232 compile.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostDrivers/Support/darwin/SUPDrv-darwin.cpp

    r75050 r75052  
    3434#include "../SUPDrvInternal.h"
    3535#include <VBox/version.h>
     36#include <iprt/assert.h>
    3637#include <iprt/asm.h>
    3738#include <iprt/asm-amd64-x86.h>
     39#include <iprt/ctype.h>
     40#include <iprt/dbg.h>
    3841#include <iprt/initterm.h>
    39 #include <iprt/assert.h>
     42#include <iprt/file.h>
     43#include <iprt/ldr.h>
     44#include <iprt/mem.h>
     45#include <iprt/power.h>
     46#include <iprt/process.h>
    4047#include <iprt/spinlock.h>
    4148#include <iprt/semaphore.h>
    42 #include <iprt/process.h>
    43 #include <iprt/alloc.h>
    44 #include <iprt/power.h>
    45 #include <iprt/dbg.h>
    4649#include <iprt/x86.h>
     50#include <iprt/crypto/applecodesign.h>
     51#include <iprt/crypto/store.h>
     52#include <iprt/crypto/pkcs7.h>
     53#include <iprt/crypto/x509.h>
    4754#include <VBox/err.h>
    4855#include <VBox/log.h>
     
    94101static kern_return_t    VBoxDrvDarwinStart(struct kmod_info *pKModInfo, void *pvData);
    95102static kern_return_t    VBoxDrvDarwinStop(struct kmod_info *pKModInfo, void *pvData);
     103#ifdef SUPDRV_WITH_DARWIN_IMAGE_VERIFICATION
     104static int              supdrvDarwinInitCertStores(PSUPDRVDEVEXT pDevExt);
     105static void             supdrvDarwinDestroyCertStores(PSUPDRVDEVEXT pDevExt);
     106#endif
    96107
    97108static int              VBoxDrvDarwinOpen(dev_t Dev, int fFlags, int fDevType, struct proc *pProcess);
     
    275286        if (RT_SUCCESS(rc))
    276287        {
     288#ifdef SUPDRV_WITH_DARWIN_IMAGE_VERIFICATION
     289            supdrvDarwinInitCertStores(&g_DevExt);
     290#endif
     291
    277292            /*
    278293             * Initialize the session hash table.
     
    338353                        LogRel(("VBoxDrv: cdevsw_add failed (%d)\n", g_iMajorDeviceNo));
    339354                }
     355#ifdef SUPDRV_WITH_DARWIN_IMAGE_VERIFICATION
     356                supdrvDarwinDestroyCertStores(&g_DevExt);
     357#endif
    340358                RTSpinlockDestroy(g_Spinlock);
    341359                g_Spinlock = NIL_RTSPINLOCK;
     
    421439
    422440
     441#ifdef SUPDRV_WITH_DARWIN_IMAGE_VERIFICATION
     442
     443/**
     444 * Initalizes the certificate stores (code signing) in the device extension.
     445 */
     446static int supdrvDarwinInitCertStores(PSUPDRVDEVEXT pDevExt)
     447{
     448    pDevExt->hAdditionalStore = NIL_RTCRSTORE;
     449
     450    pDevExt->hRootStore       = NIL_RTCRSTORE;
     451    int rc = RTCrStoreCreateInMem(&pDevExt->hRootStore, g_cSUPTrustedTAs + 1);
     452    if (RT_SUCCESS(rc))
     453    {
     454        for (uint32_t i = 0; i < g_cSUPTrustedTAs; i++)
     455        {
     456            int rc2 = RTCrStoreCertAddEncoded(pDevExt->hRootStore, RTCRCERTCTX_F_ENC_TAF_DER,
     457                                              g_aSUPTrustedTAs[i].pch, g_aSUPTrustedTAs[i].cb, NULL);
     458            if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
     459            {
     460                printf("VBoxDrv: Error loading g_aSUPTrustedTAs[%u]: %d\n", i, rc);
     461                rc = rc2;
     462            }
     463        }
     464
     465        /* We implicitly trust the build certificate. */
     466        int rc2 = RTCrStoreCertAddEncoded(pDevExt->hRootStore, RTCRCERTCTX_F_ENC_X509_DER,
     467                                          g_abSUPBuildCert, g_cbSUPBuildCert, NULL);
     468        if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
     469        {
     470            printf("VBoxDrv: Error loading g_cbSUPBuildCert: %d\n", rc);
     471            rc = rc2;
     472        }
     473    }
     474    return rc;
     475}
     476
     477
     478/**
     479 * Releases the certificate stores in the device extension.
     480 */
     481static void supdrvDarwinDestroyCertStores(PSUPDRVDEVEXT pDevExt)
     482{
     483    if (pDevExt->hRootStore != NIL_RTCRSTORE)
     484    {
     485        uint32_t cRefs = RTCrStoreRelease(pDevExt->hRootStore);
     486        Assert(cRefs == 0); RT_NOREF(cRefs);
     487        pDevExt->hRootStore = NIL_RTCRSTORE;
     488    }
     489    if (pDevExt->hAdditionalStore != NIL_RTCRSTORE)
     490    {
     491        uint32_t cRefs = RTCrStoreRelease(pDevExt->hAdditionalStore);
     492        Assert(cRefs == 0); RT_NOREF(cRefs);
     493        pDevExt->hAdditionalStore = NIL_RTCRSTORE;
     494    }
     495}
     496
     497#endif /* SUPDRV_WITH_DARWIN_IMAGE_VERIFICATION */
     498
    423499/**
    424500 * Stop the kernel module.
     
    457533    AssertRC(rc);
    458534    g_Spinlock = NIL_RTSPINLOCK;
     535
     536#ifdef SUPDRV_WITH_DARWIN_IMAGE_VERIFICATION
     537    supdrvDarwinDestroyCertStores(&g_DevExt);
     538#endif
    459539
    460540    RTR0TermForced();
     
    11671247     * Check already loaded modules.
    11681248     */
    1169     for (PSUPDRVLDRIMAGE pImage = pDevExt->pLdrImages; pImage; pImage = pImage->pNext);
     1249    for (PSUPDRVLDRIMAGE pImage = pDevExt->pLdrImages; pImage; pImage = pImage->pNext)
    11701250        if (   pImage->uState == SUP_IOCTL_LDR_LOAD
    11711251            && pImage->hLdrMod != NIL_RTLDRMOD)
     
    11801260     */
    11811261    printf("VBoxDrv: Unable to resolve symbol '%s'.\n", pszSymbol);
     1262    RT_NOREF(hLdrMod, pszModule, uSymbol);
    11821263    return VERR_SYMBOL_NOT_FOUND;
    11831264}
     
    12361317            rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
    12371318                               "Certificate is missing the 'Dev ID Application' extension");
    1238         if (cDevIdKext == 0 && pState->fKernel)
     1319        if (cDevIdKext == 0)
    12391320            rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
    12401321                               "Certificate is missing the 'Dev ID kext' extension");
     
    12541335{
    12551336    PSUPDRVDEVEXT pDevExt = (PSUPDRVDEVEXT)pvUser;
     1337    RT_NOREF_PV(hLdrMod); RT_NOREF_PV(cbSignature);
     1338
    12561339    switch (enmSignature)
    12571340    {
     
    12611344                PCRTCRPKCS7CONTENTINFO pContentInfo = (PCRTCRPKCS7CONTENTINFO)pvSignature;
    12621345                RTTIMESPEC             ValidationTime;
    1263                 RTTimeNow(&ValidationTime)
     1346                RTTimeNow(&ValidationTime);
    12641347
    12651348                return RTCrPkcs7VerifySignedDataWithExternalData(pContentInfo,
     
    12681351                                                                 | RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_MS_TIMESTAMP_IF_PRESENT,
    12691352                                                                 pDevExt->hAdditionalStore, pDevExt->hRootStore, &ValidationTime,
    1270                                                                  supdrvDarwinLdrOpenVerifyCertificatCallback, pDevExt
     1353                                                                 supdrvDarwinLdrOpenVerifyCertificatCallback, pDevExt,
    12711354                                                                 pvExternalData, cbExternalData, pErrInfo);
    12721355            }
     
    12741357
    12751358        default:
    1276             RT_NOREF_PV(hLdrMod); RT_NOREF_PV(cbSignature);
    12771359            return RTErrInfoSetF(pErrInfo, VERR_NOT_SUPPORTED, "Unsupported signature type: %d", enmSignature);
    12781360    }
     
    12981380     *       freed via the RTFileReadAllFree callback when the loader module is closed.
    12991381     */
    1300     void     *pvFile  = NULL;
    1301     size_t   *pcbFile = 0;
     1382    void     *pvFile = NULL;
     1383    size_t    cbFile = 0;
    13021384    int rc = RTFileReadAllEx(pszFilename, 0, _32M, RTFILE_RDALL_O_DENY_WRITE, &pvFile, &cbFile);
    13031385    if (RT_SUCCESS(rc))
     
    13431425                        }
    13441426
    1345                         RTR0MemObjFree(hMemObj, true /*fFreeMappings*/);
     1427                        RTR0MemObjFree(hMemAlloc, true /*fFreeMappings*/);
    13461428                    }
    13471429                    else
    1348                         printf("VBoxDrv: Failed to allocate %u bytes for %s: %d\n", (unsigned)cbImage, rc);
     1430                        printf("VBoxDrv: Failed to allocate %u bytes for %s: %d\n", (unsigned)cbImage, pszFilename, rc);
    13491431                }
    13501432                else
    13511433                {
    13521434                    printf("VBoxDrv: Image size mismatch for %s: %#x, ring-3 says %#x\n",
    1353                            pszFilename, cbImage, pImage->cbImageBits);
     1435                           pszFilename, (unsigned)cbImage, (unsigned)pImage->cbImageBits);
    13541436                    rc = VERR_LDR_MISMATCH_NATIVE;
    13551437                }
     
    13841466{
    13851467    RT_NOREF(hLdrMod, pszSymbol, uSymbol);
    1386     if (uValue == (uintptr_t)pvUser)
     1468    if (Value == (uintptr_t)pvUser)
    13871469        return VINF_CALLBACK_RETURN;
    13881470    return VINF_SUCCESS;
     
    14171499        }
    14181500        else
    1419             SUPR0Printf("SUPDrv: No export named %s (%p) in %s!\n", pszSymbol, uRvaToValidate, pImage->szName);
     1501            SUPR0Printf("SUPDrv: No export named %s (%p) in %s!\n", pszSymbol, pv, pImage->szName);
    14201502    }
    14211503    /*
     
    14591541    if (!memcmp(pImage->pvImage, pbImageBits, pImage->cbImageBits))
    14601542        return VINF_SUCCESS;
     1543
     1544    RT_NOREF(pDevExt, pReq);
    14611545    return VERR_LDR_MISMATCH_NATIVE;
    14621546
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette