/*
- * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
#include "cs.h"
#include "Code.h"
#include "cskernel.h"
-#include <security_codesigning/cfmunge.h>
-#include <sys/codesign.h>
+#include <security_utilities/cfmunge.h>
using namespace CodeSigning;
//
// CFError user info keys
//
+const CFStringRef kSecCFErrorArchitecture = CFSTR("SecCSArchitecture");
const CFStringRef kSecCFErrorPattern = CFSTR("SecCSPattern");
const CFStringRef kSecCFErrorResourceSeal = CFSTR("SecCSResourceSeal");
-const CFStringRef kSecCFErrorResourceAdded = CFSTR("SecCSResourceAdded");
+const CFStringRef kSecCFErrorResourceAdded = CFSTR("SecCSResourceAdded");
const CFStringRef kSecCFErrorResourceAltered = CFSTR("SecCSResourceAltered");
const CFStringRef kSecCFErrorResourceMissing = CFSTR("SecCSResourceMissing");
-const CFStringRef kSecCFErrorInfoPlist = CFSTR("SecCSInfoPlist");
+const CFStringRef kSecCFErrorInfoPlist = CFSTR("SecCSInfoPlist");
const CFStringRef kSecCFErrorGuestAttributes = CFSTR("SecCSGuestAttributes");
const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax");
+const CFStringRef kSecCFErrorPath = CFSTR("SecComponentPath");
+
//
// CF-standard type code functions
//
-// Get the root of trust Code
+// Get a reference to the calling code.
//
-SecCodeRef SecGetRootCode(SecCSFlags flags)
+OSStatus SecCodeCopySelf(SecCSFlags flags, SecCodeRef *selfRef)
{
BEGIN_CSAPI
checkFlags(flags);
- return KernelCode::active()->handle();
+ CFRef<CFMutableDictionaryRef> attributes = makeCFMutableDictionary(1,
+ kSecGuestAttributePid, CFTempNumber(getpid()).get());
+ CodeSigning::Required(selfRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
- END_CSAPI1(NULL)
+ END_CSAPI
}
//
-// Get a reference to the calling code.
+// Get the dynamic status of a code.
//
-OSStatus SecCodeCopySelf(SecCSFlags flags, SecCodeRef *selfRef)
+OSStatus SecCodeGetStatus(SecCodeRef codeRef, SecCSFlags flags, SecCodeStatus *status)
{
BEGIN_CSAPI
checkFlags(flags);
- CFRef<CFMutableDictionaryRef> attributes = makeCFMutableDictionary(1,
- kSecGuestAttributePid, CFTempNumber(getpid()).get());
- Required(selfRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
+ CodeSigning::Required(status) = SecCode::required(codeRef)->status();
+
+ END_CSAPI
+}
+
+
+//
+// Change the dynamic status of a code
+//
+OSStatus SecCodeSetStatus(SecCodeRef codeRef, SecCodeStatusOperation operation,
+ CFDictionaryRef arguments, SecCSFlags flags)
+{
+ BEGIN_CSAPI
+
+ checkFlags(flags);
+ SecCode::required(codeRef)->status(operation, arguments);
END_CSAPI
}
checkFlags(flags);
SecPointer<SecStaticCode> staticCode = SecCode::required(codeRef)->staticCode();
- Required(staticCodeRef) = staticCode ? staticCode->handle() : NULL;
+ CodeSigning::Required(staticCodeRef) = staticCode ? staticCode->handle() : NULL;
END_CSAPI
}
checkFlags(flags);
SecPointer<SecCode> host = SecCode::required(guestRef)->host();
- Required(hostRef) = host ? host->handle() : NULL;
+ CodeSigning::Required(hostRef) = host ? host->handle() : NULL;
END_CSAPI
}
//
// Find a guest by attribute(s)
//
-const CFStringRef kSecGuestAttributePid = CFSTR("pid");
const CFStringRef kSecGuestAttributeCanonical = CFSTR("canonical");
+const CFStringRef kSecGuestAttributeHash = CFSTR("codedirectory-hash");
const CFStringRef kSecGuestAttributeMachPort = CFSTR("mach-port");
+const CFStringRef kSecGuestAttributePid = CFSTR("pid");
+const CFStringRef kSecGuestAttributeArchitecture = CFSTR("architecture");
+const CFStringRef kSecGuestAttributeSubarchitecture = CFSTR("subarchitecture");
OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef,
CFDictionaryRef attributes, SecCSFlags flags, SecCodeRef *guestRef)
checkFlags(flags);
if (hostRef) {
if (SecCode *guest = SecCode::required(hostRef)->locateGuest(attributes))
- Required(guestRef) = guest->handle(false);
+ CodeSigning::Required(guestRef) = guest->handle(false);
else
return errSecCSNoSuchCode;
} else
- Required(guestRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
+ CodeSigning::Required(guestRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
END_CSAPI
}
checkFlags(flags);
if (SecCode *guest = KernelCode::active()->locateGuest(CFTemp<CFDictionaryRef>("{%O=%d}", kSecGuestAttributePid, pid)))
- Required(processRef) = guest->handle(false);
+ CodeSigning::Required(processRef) = guest->handle(false);
else
return errSecCSNoSuchCode;
BEGIN_CSAPI
checkFlags(flags,
- kSecCSConsiderExpiration);
+ kSecCSConsiderExpiration
+ | kSecCSEnforceRevocationChecks);
SecPointer<SecCode> code = SecCode::required(codeRef);
code->checkValidity(flags);
if (const SecRequirement *req = SecRequirement::optional(requirementRef))
- code->staticCode()->validateRequirements(req->requirement(), errSecCSReqFailed);
+ code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed);
END_CSAPI_ERRORS
}
const CFStringRef kSecCodeInfoChangedFiles = CFSTR("changed-files");
const CFStringRef kSecCodeInfoCMS = CFSTR("cms");
const CFStringRef kSecCodeInfoDesignatedRequirement = CFSTR("designated-requirement");
-const CFStringRef kSecCodeInfoTime = CFSTR("signing-time");
+const CFStringRef kSecCodeInfoEntitlements = CFSTR("entitlements");
+const CFStringRef kSecCodeInfoEntitlementsDict = CFSTR("entitlements-dict");
const CFStringRef kSecCodeInfoFormat = CFSTR("format");
+const CFStringRef kSecCodeInfoDigestAlgorithm = CFSTR("digest-algorithm");
const CFStringRef kSecCodeInfoIdentifier = CFSTR("identifier");
const CFStringRef kSecCodeInfoImplicitDesignatedRequirement = CFSTR("implicit-requirement");
const CFStringRef kSecCodeInfoMainExecutable = CFSTR("main-executable");
const CFStringRef kSecCodeInfoPList = CFSTR("info-plist");
const CFStringRef kSecCodeInfoRequirements = CFSTR("requirements");
+const CFStringRef kSecCodeInfoRequirementData = CFSTR("requirement-data");
+const CFStringRef kSecCodeInfoSource = CFSTR("source");
const CFStringRef kSecCodeInfoStatus = CFSTR("status");
+const CFStringRef kSecCodeInfoTime = CFSTR("signing-time");
+const CFStringRef kSecCodeInfoTimestamp = CFSTR("signing-timestamp");
const CFStringRef kSecCodeInfoTrust = CFSTR("trust");
+const CFStringRef kSecCodeInfoUnique = CFSTR("unique");
+
+const CFStringRef kSecCodeInfoCodeDirectory = CFSTR("CodeDirectory");
+const CFStringRef kSecCodeInfoCodeOffset = CFSTR("CodeOffset");
+const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory");
+
OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags,
CFDictionaryRef *infoRef)
CFRef<CFDictionaryRef> info = code->signingInformation(flags);
if (flags & kSecCSDynamicInformation)
- if (SecPointer<SecCode> dcode = SecStaticCode::optionalDynamic(codeRef)) {
- uint32_t status;
- if (SecPointer<SecCode> host = dcode->host())
- status = host->getGuestStatus(dcode);
- else
- status = CS_VALID; // root of trust, presumed valid
- info = cfmake<CFDictionaryRef>("{+%O,%O=%u}", info.get(),
- kSecCodeInfoStatus, status);
- }
-
- Required(infoRef) = info.yield();
+ if (SecPointer<SecCode> dcode = SecStaticCode::optionalDynamic(codeRef))
+ info.take(cfmake<CFDictionaryRef>("{+%O,%O=%u}", info.get(), kSecCodeInfoStatus, dcode->status()));
+
+ CodeSigning::Required(infoRef) = info.yield();
END_CSAPI
}
projects / apple / libsecurity_codesigning.git / blobdiff