From 6129189d0b0cc858b2d8a911841d62e569bc86d4 Mon Sep 17 00:00:00 2001 From: Patrick Wardle Date: Wed, 2 Mar 2022 18:52:39 -1000 Subject: [PATCH] v2.1.3 improved 'find app bundle' algorithm notarization mode will now allow iOS/App Store apps --- .../Application.xcodeproj/project.pbxproj | 16 ++++----- Daemon/Daemon.xcodeproj/project.pbxproj | 8 ++--- Daemon/Daemon/Plugins/Processes.m | 36 ++++++++++++++++--- Installer/Installer.xcodeproj/project.pbxproj | 16 ++++----- Installer/Source/main.m | 10 ++++++ Shared/patrons.txt | 2 +- Shared/utilities.m | 30 +++++++++++----- 7 files changed, 83 insertions(+), 35 deletions(-) diff --git a/Application/Application.xcodeproj/project.pbxproj b/Application/Application.xcodeproj/project.pbxproj index 7dc9d6b..461cbeb 100644 --- a/Application/Application.xcodeproj/project.pbxproj +++ b/Application/Application.xcodeproj/project.pbxproj @@ -31,7 +31,6 @@ CD2F801724468A8C009C3D77 /* patrons.txt in Resources */ = {isa = PBXBuildFile; fileRef = CD2F801624468A8C009C3D77 /* patrons.txt */; }; CD32C2352094062D009CADF6 /* SigningInfoViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = CD32C2332094062C009CADF6 /* SigningInfoViewController.m */; }; CD6836682391DB6F00CF19C1 /* security.plist in Resources */ = {isa = PBXBuildFile; fileRef = CD6836672391DB6F00CF19C1 /* security.plist */; }; - CD80B7E527C6E4A300AD7BC1 /* BlockBlock Installer.app in Resources */ = {isa = PBXBuildFile; fileRef = CD80B7E427C6E4A300AD7BC1 /* BlockBlock Installer.app */; }; CD8FD5D523BAE2D200EFE0FB /* Preferences.xib in Resources */ = {isa = PBXBuildFile; fileRef = CD8FD5D323BAE2D100EFE0FB /* Preferences.xib */; }; CD8FD5D623BAE2D200EFE0FB /* PrefsWindowController.m in Sources */ = {isa = PBXBuildFile; fileRef = CD8FD5D423BAE2D200EFE0FB /* PrefsWindowController.m */; }; CD8FD5F623C05AD900EFE0FB /* RuleRow.m in Sources */ = {isa = PBXBuildFile; fileRef = CD8FD5F023C05AD800EFE0FB /* RuleRow.m */; }; @@ -40,6 +39,7 @@ CD8FD5FA23C05AD900EFE0FB /* Rules.xib in Resources */ = {isa = PBXBuildFile; fileRef = CD8FD5F523C05AD900EFE0FB /* Rules.xib */; }; CD8FD5FD23C05C6900EFE0FB /* Rule.m in Sources */ = {isa = PBXBuildFile; fileRef = CD8FD5FC23C05C6900EFE0FB /* Rule.m */; }; CDA88A792537CE2400C469BF /* Sentry.framework in CopyFiles */ = {isa = PBXBuildFile; fileRef = CD21501B20AD2EE000CEF17B /* Sentry.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; + CDB964CE27D0774800A9674E /* BlockBlock Installer.app in Resources */ = {isa = PBXBuildFile; fileRef = CDB964CD27D0774800A9674E /* BlockBlock Installer.app */; }; CDFA08E1214900BF0089758C /* XPCUser.m in Sources */ = {isa = PBXBuildFile; fileRef = CDFA08DF214900BF0089758C /* XPCUser.m */; }; /* End PBXBuildFile section */ @@ -101,7 +101,6 @@ CD32C2332094062C009CADF6 /* SigningInfoViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SigningInfoViewController.m; sourceTree = ""; }; CD32C2342094062C009CADF6 /* SigningInfoViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SigningInfoViewController.h; sourceTree = ""; }; CD6836672391DB6F00CF19C1 /* security.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = security.plist; sourceTree = ""; }; - CD80B7E427C6E4A300AD7BC1 /* BlockBlock Installer.app */ = {isa = PBXFileReference; lastKnownFileType = wrapper.application; name = "BlockBlock Installer.app"; path = "../DerivedData/BlockBlock/Build/Products/Release/BlockBlock Installer.app"; sourceTree = ""; }; CD8FD5D123B585FE00EFE0FB /* FileMonitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FileMonitor.h; path = ../Shared/Libraries/FileMonitor.h; sourceTree = ""; }; CD8FD5D223BAE2D100EFE0FB /* PrefsWindowController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PrefsWindowController.h; sourceTree = ""; }; CD8FD5D323BAE2D100EFE0FB /* Preferences.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = Preferences.xib; sourceTree = ""; }; @@ -115,6 +114,7 @@ CD8FD5F523C05AD900EFE0FB /* Rules.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = Rules.xib; sourceTree = ""; }; CD8FD5FB23C05C6900EFE0FB /* Rule.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Rule.h; path = ../Shared/Rule.h; sourceTree = ""; }; CD8FD5FC23C05C6900EFE0FB /* Rule.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Rule.m; path = ../Shared/Rule.m; sourceTree = ""; }; + CDB964CD27D0774800A9674E /* BlockBlock Installer.app */ = {isa = PBXFileReference; lastKnownFileType = wrapper.application; name = "BlockBlock Installer.app"; path = "../DerivedData/BlockBlock/Build/Products/Release/BlockBlock Installer.app"; sourceTree = ""; }; CDFA08D7214606DB0089758C /* XPCDaemonProto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XPCDaemonProto.h; path = ../Shared/XPCDaemonProto.h; sourceTree = ""; }; CDFA08DB21460A400089758C /* XPCUserProto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XPCUserProto.h; path = ../Shared/XPCUserProto.h; sourceTree = ""; }; CDFA08DF214900BF0089758C /* XPCUser.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = XPCUser.m; path = ../Shared/XPCUser.m; sourceTree = ""; }; @@ -244,7 +244,7 @@ CD80B7E327C6E49100AD7BC1 /* Uninstaller */ = { isa = PBXGroup; children = ( - CD80B7E427C6E4A300AD7BC1 /* BlockBlock Installer.app */, + CDB964CD27D0774800A9674E /* BlockBlock Installer.app */, ); name = Uninstaller; sourceTree = ""; @@ -346,7 +346,7 @@ CD2F801724468A8C009C3D77 /* patrons.txt in Resources */, CD8FD5FA23C05AD900EFE0FB /* Rules.xib in Resources */, 7D7755F01F02E05B00D0017D /* MainMenu.xib in Resources */, - CD80B7E527C6E4A300AD7BC1 /* BlockBlock Installer.app in Resources */, + CDB964CE27D0774800A9674E /* BlockBlock Installer.app in Resources */, 7DD25FF01F23B73C00277EC4 /* Assets.xcassets in Resources */, ); runOnlyForDeploymentPostprocessing = 0; @@ -516,7 +516,7 @@ ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; CODE_SIGN_IDENTITY = "Developer ID Application"; COMBINE_HIDPI_IMAGES = YES; - CURRENT_PROJECT_VERSION = 2.1.2; + CURRENT_PROJECT_VERSION = 2.1.3; DEVELOPMENT_TEAM = VBG97UB4TA; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "$(PROJECT_DIR)/../Carthage/Build/Mac"; @@ -524,7 +524,7 @@ LD_RUNPATH_SEARCH_PATHS = "$(LD_RUNPATH_SEARCH_PATHS_$(IS_MACCATALYST)) @executable_path/../Frameworks"; LIBRARY_SEARCH_PATHS = ""; MACOSX_DEPLOYMENT_TARGET = 10.15; - MARKETING_VERSION = 2.1.2; + MARKETING_VERSION = 2.1.3; ONLY_ACTIVE_ARCH = NO; PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.blockblock.helper"; PRODUCT_NAME = "BlockBlock Helper"; @@ -538,7 +538,7 @@ ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; CODE_SIGN_IDENTITY = "Developer ID Application"; COMBINE_HIDPI_IMAGES = YES; - CURRENT_PROJECT_VERSION = 2.1.2; + CURRENT_PROJECT_VERSION = 2.1.3; DEVELOPMENT_TEAM = VBG97UB4TA; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "$(PROJECT_DIR)/../Carthage/Build/Mac"; @@ -546,7 +546,7 @@ LD_RUNPATH_SEARCH_PATHS = "$(LD_RUNPATH_SEARCH_PATHS_$(IS_MACCATALYST)) @executable_path/../Frameworks"; LIBRARY_SEARCH_PATHS = ""; MACOSX_DEPLOYMENT_TARGET = 10.15; - MARKETING_VERSION = 2.1.2; + MARKETING_VERSION = 2.1.3; ONLY_ACTIVE_ARCH = NO; PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.blockblock.helper"; PRODUCT_NAME = "BlockBlock Helper"; diff --git a/Daemon/Daemon.xcodeproj/project.pbxproj b/Daemon/Daemon.xcodeproj/project.pbxproj index 91972a5..ad232e9 100644 --- a/Daemon/Daemon.xcodeproj/project.pbxproj +++ b/Daemon/Daemon.xcodeproj/project.pbxproj @@ -520,7 +520,7 @@ CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/Daemon/BlockBlock.entitlements"; CODE_SIGN_IDENTITY = "Developer ID Application"; COMBINE_HIDPI_IMAGES = YES; - CURRENT_PROJECT_VERSION = 2.1.2; + CURRENT_PROJECT_VERSION = 2.1.3; DEVELOPMENT_TEAM = VBG97UB4TA; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "$(PROJECT_DIR)/../Carthage/Build/Mac"; @@ -532,7 +532,7 @@ "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 10.15; - MARKETING_VERSION = 2.1.2; + MARKETING_VERSION = 2.1.3; ONLY_ACTIVE_ARCH = NO; OTHER_CFLAGS = "-DDAEMON_BUILD=1"; PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.blockblock"; @@ -549,7 +549,7 @@ CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/Daemon/BlockBlock.entitlements"; CODE_SIGN_IDENTITY = "Developer ID Application"; COMBINE_HIDPI_IMAGES = YES; - CURRENT_PROJECT_VERSION = 2.1.2; + CURRENT_PROJECT_VERSION = 2.1.3; DEVELOPMENT_TEAM = VBG97UB4TA; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "$(PROJECT_DIR)/../Carthage/Build/Mac"; @@ -561,7 +561,7 @@ "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 10.15; - MARKETING_VERSION = 2.1.2; + MARKETING_VERSION = 2.1.3; ONLY_ACTIVE_ARCH = NO; OTHER_CFLAGS = "-DDAEMON_BUILD=1"; PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.blockblock"; diff --git a/Daemon/Daemon/Plugins/Processes.m b/Daemon/Daemon/Plugins/Processes.m index c70fb4e..ab6f2b0 100644 --- a/Daemon/Daemon/Plugins/Processes.m +++ b/Daemon/Daemon/Plugins/Processes.m @@ -57,6 +57,9 @@ -(BOOL)shouldIgnore:(Process*)process //item path NSString* path = nil; + //app bundle + NSBundle* appBundle = nil; + //app's path NSString* appPath = nil; @@ -123,7 +126,7 @@ -(BOOL)shouldIgnore:(Process*)process } //not a script - // ignore apple / notarized processes + // ignore here if it's an apple or notarized processes else if( (YES == process.isPlatformBinary.boolValue) || (YES == [process.signingInfo[KEY_SIGNING_IS_NOTARIZED] boolValue]) ) { @@ -133,9 +136,33 @@ -(BOOL)shouldIgnore:(Process*)process //done goto bail; } - + //dbg msg logMsg(LOG_DEBUG, [NSString stringWithFormat:@"using path: %@", path]); + + //not a script? + // grab app bundle (for subsequent checks) + if(YES != isScript) + { + //find app bundle + appBundle = findAppBundle(path); + if(nil != appBundle) + { + //dbg msg + logMsg(LOG_DEBUG, @"is app, with bundle..."); + } + } + + //is from app store? + // ignore, as it's trusted (though not 'notarized' per se) + if(nil != appBundle.appStoreReceiptURL) + { + //dbg msg + logMsg(LOG_DEBUG, [NSString stringWithFormat:@"%@ has an app store receipt, will allow", process.name]); + + //done + goto bail; + } //not translocated // ...if quarantined, make sure it's user approved @@ -169,9 +196,8 @@ -(BOOL)shouldIgnore:(Process*)process goto bail; } - - //get app bundle - appPath = findAppBundle(path).bundlePath; + //get app path + appPath = appBundle.bundlePath; //also check app bundle // to see if it has been approved diff --git a/Installer/Installer.xcodeproj/project.pbxproj b/Installer/Installer.xcodeproj/project.pbxproj index 230d12e..871866c 100644 --- a/Installer/Installer.xcodeproj/project.pbxproj +++ b/Installer/Installer.xcodeproj/project.pbxproj @@ -403,14 +403,14 @@ CODE_SIGN_ENTITLEMENTS = ""; CODE_SIGN_IDENTITY = "Developer ID Application"; CODE_SIGN_STYLE = Manual; - CURRENT_PROJECT_VERSION = 2.1.2; + CURRENT_PROJECT_VERSION = 2.1.3; DEVELOPMENT_TEAM = VBG97UB4TA; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "$(PROJECT_DIR)/../Carthage/Build/Mac"; GCC_WARN_ABOUT_MISSING_FIELD_INITIALIZERS = NO; INFOPLIST_FILE = Helper/Info.plist; MACOSX_DEPLOYMENT_TARGET = 10.15; - MARKETING_VERSION = 2.1.2; + MARKETING_VERSION = 2.1.3; ONLY_ACTIVE_ARCH = NO; OTHER_CODE_SIGN_FLAGS = ""; OTHER_LDFLAGS = ( @@ -438,14 +438,14 @@ CODE_SIGN_ENTITLEMENTS = ""; CODE_SIGN_IDENTITY = "Developer ID Application"; CODE_SIGN_STYLE = Manual; - CURRENT_PROJECT_VERSION = 2.1.2; + CURRENT_PROJECT_VERSION = 2.1.3; DEVELOPMENT_TEAM = VBG97UB4TA; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "$(PROJECT_DIR)/../Carthage/Build/Mac"; GCC_WARN_ABOUT_MISSING_FIELD_INITIALIZERS = NO; INFOPLIST_FILE = Helper/Info.plist; MACOSX_DEPLOYMENT_TARGET = 10.15; - MARKETING_VERSION = 2.1.2; + MARKETING_VERSION = 2.1.3; ONLY_ACTIVE_ARCH = NO; OTHER_CODE_SIGN_FLAGS = ""; OTHER_LDFLAGS = ( @@ -474,7 +474,7 @@ CODE_SIGN_IDENTITY = "Developer ID Application"; CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; - CURRENT_PROJECT_VERSION = 2.1.2; + CURRENT_PROJECT_VERSION = 2.1.3; DEVELOPMENT_TEAM = VBG97UB4TA; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "$(PROJECT_DIR)/../Carthage/Build/Mac"; @@ -483,7 +483,7 @@ LD_RUNPATH_SEARCH_PATHS = "$(LD_RUNPATH_SEARCH_PATHS_$(IS_MACCATALYST)) @executable_path/../Frameworks"; LIBRARY_SEARCH_PATHS = ""; MACOSX_DEPLOYMENT_TARGET = 10.15; - MARKETING_VERSION = 2.1.2; + MARKETING_VERSION = 2.1.3; ONLY_ACTIVE_ARCH = NO; OTHER_CODE_SIGN_FLAGS = ""; PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.blockblock.installer"; @@ -501,7 +501,7 @@ CODE_SIGN_IDENTITY = "Developer ID Application"; CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; - CURRENT_PROJECT_VERSION = 2.1.2; + CURRENT_PROJECT_VERSION = 2.1.3; DEVELOPMENT_TEAM = VBG97UB4TA; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "$(PROJECT_DIR)/../Carthage/Build/Mac"; @@ -510,7 +510,7 @@ LD_RUNPATH_SEARCH_PATHS = "$(LD_RUNPATH_SEARCH_PATHS_$(IS_MACCATALYST)) @executable_path/../Frameworks"; LIBRARY_SEARCH_PATHS = ""; MACOSX_DEPLOYMENT_TARGET = 10.15; - MARKETING_VERSION = 2.1.2; + MARKETING_VERSION = 2.1.3; OTHER_CODE_SIGN_FLAGS = ""; PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.blockblock.installer"; PRODUCT_NAME = "BlockBlock Installer"; diff --git a/Installer/Source/main.m b/Installer/Source/main.m index a2c5ab5..de29dbf 100644 --- a/Installer/Source/main.m +++ b/Installer/Source/main.m @@ -16,6 +16,16 @@ #import "utilities.h" #import "Configure.h" +/* To build: + + 1. Comment out Installer's 'Run Script' (no need to copy in app/helper) + 2. Build Installer in 'Release Mode' + 3. Copy Installer to Application + 4. Comment in Installer's 'Run Script' + 5. Build Installer in 'Achive Mode' + + */ + //main interface int main(int argc, char *argv[]) { diff --git a/Shared/patrons.txt b/Shared/patrons.txt index 7935167..3677e26 100644 --- a/Shared/patrons.txt +++ b/Shared/patrons.txt @@ -2,4 +2,4 @@ Patrons (2^6+): Jan Koum, Christian Blümlein, MikeyH Friends of Objective-See: -Jamf, Mosyle, Kandji, CleanMyMac X, Kolide, SmugMug, Guardian Mobile Firewall, iVerify, Halo Privacy, uberAgent +Jamf, Mosyle, Kandji, CleanMyMac X, Kolide, Fleet, SmugMug, Guardian Mobile Firewall, iVerify, Halo Privacy, uberAgent diff --git a/Shared/utilities.m b/Shared/utilities.m index d6db874..16ddaee 100644 --- a/Shared/utilities.m +++ b/Shared/utilities.m @@ -436,42 +436,54 @@ OSStatus verifyApp(NSString* path, NSString* signingAuth) //given a path to binary // parse it back up to find app's bundle -NSBundle* findAppBundle(NSString* binaryPath) +NSBundle* findAppBundle(NSString* path) { //app's bundle NSBundle* appBundle = nil; + //standarized path + NSString* standardedPath = nil; + //app's path NSString* appPath = nil; + //standardize path + standardedPath = [[path stringByStandardizingPath] stringByResolvingSymlinksInPath]; + //first just try full path - appPath = [[binaryPath stringByStandardizingPath] stringByResolvingSymlinksInPath]; + appPath = standardedPath; - //try to find the app's bundle/info dictionary + //try to find the app's bundle do { //try to load app's bundle appBundle = [NSBundle bundleWithPath:appPath]; + //was an app passed in? + if(YES == [appBundle.bundlePath isEqualToString:standardedPath]) + { + //all done + break; + } + //check for match - // ->binary path's match + // binary path's match if( (nil != appBundle) && - (YES == [appBundle.executablePath isEqualToString:binaryPath])) + (YES == [appBundle.executablePath isEqualToString:standardedPath])) { //all done break; } - //always unset bundle var since it's being returned - // ->and at this point, its not a match + //unset appBundle = nil; //remove last part - // ->will try this next + // will try this next appPath = [appPath stringByDeletingLastPathComponent]; //scan until we get to root - // ->of course, loop will exit if app info dictionary is found/loaded + // of course, loop will exit if app info dictionary is found/loaded } while( (nil != appPath) && (YES != [appPath isEqualToString:@"/"]) && (YES != [appPath isEqualToString:@""]) );