X-Git-Url: https://git.saurik.com/apple/libsecurity_codesigning.git/blobdiff_plain/5b2e6316f7268e59122858fb32e84a896ab43f2b..HEAD:/lib/SecCode.cpp diff --git a/lib/SecCode.cpp b/lib/SecCode.cpp index d952405..f5b300f 100644 --- a/lib/SecCode.cpp +++ b/lib/SecCode.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved. + * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -39,14 +39,17 @@ using namespace CodeSigning; // // CFError user info keys // +const CFStringRef kSecCFErrorArchitecture = CFSTR("SecCSArchitecture"); const CFStringRef kSecCFErrorPattern = CFSTR("SecCSPattern"); const CFStringRef kSecCFErrorResourceSeal = CFSTR("SecCSResourceSeal"); -const CFStringRef kSecCFErrorResourceAdded = CFSTR("SecCSResourceAdded"); +const CFStringRef kSecCFErrorResourceAdded = CFSTR("SecCSResourceAdded"); const CFStringRef kSecCFErrorResourceAltered = CFSTR("SecCSResourceAltered"); const CFStringRef kSecCFErrorResourceMissing = CFSTR("SecCSResourceMissing"); -const CFStringRef kSecCFErrorInfoPlist = CFSTR("SecCSInfoPlist"); +const CFStringRef kSecCFErrorInfoPlist = CFSTR("SecCSInfoPlist"); const CFStringRef kSecCFErrorGuestAttributes = CFSTR("SecCSGuestAttributes"); const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax"); +const CFStringRef kSecCFErrorPath = CFSTR("SecComponentPath"); + // // CF-standard type code functions @@ -69,7 +72,7 @@ OSStatus SecCodeCopySelf(SecCSFlags flags, SecCodeRef *selfRef) checkFlags(flags); CFRef attributes = makeCFMutableDictionary(1, kSecGuestAttributePid, CFTempNumber(getpid()).get()); - Required(selfRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false); + CodeSigning::Required(selfRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false); END_CSAPI } @@ -83,7 +86,7 @@ OSStatus SecCodeGetStatus(SecCodeRef codeRef, SecCSFlags flags, SecCodeStatus *s BEGIN_CSAPI checkFlags(flags); - Required(status) = SecCode::required(codeRef)->status(); + CodeSigning::Required(status) = SecCode::required(codeRef)->status(); END_CSAPI } @@ -113,7 +116,7 @@ OSStatus SecCodeCopyStaticCode(SecCodeRef codeRef, SecCSFlags flags, SecStaticCo checkFlags(flags); SecPointer staticCode = SecCode::required(codeRef)->staticCode(); - Required(staticCodeRef) = staticCode ? staticCode->handle() : NULL; + CodeSigning::Required(staticCodeRef) = staticCode ? staticCode->handle() : NULL; END_CSAPI } @@ -128,7 +131,7 @@ OSStatus SecCodeCopyHost(SecCodeRef guestRef, SecCSFlags flags, SecCodeRef *host checkFlags(flags); SecPointer host = SecCode::required(guestRef)->host(); - Required(hostRef) = host ? host->handle() : NULL; + CodeSigning::Required(hostRef) = host ? host->handle() : NULL; END_CSAPI } @@ -152,11 +155,11 @@ OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef, checkFlags(flags); if (hostRef) { if (SecCode *guest = SecCode::required(hostRef)->locateGuest(attributes)) - Required(guestRef) = guest->handle(false); + CodeSigning::Required(guestRef) = guest->handle(false); else return errSecCSNoSuchCode; } else - Required(guestRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false); + CodeSigning::Required(guestRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false); END_CSAPI } @@ -171,7 +174,7 @@ OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRe checkFlags(flags); if (SecCode *guest = KernelCode::active()->locateGuest(CFTemp("{%O=%d}", kSecGuestAttributePid, pid))) - Required(processRef) = guest->handle(false); + CodeSigning::Required(processRef) = guest->handle(false); else return errSecCSNoSuchCode; @@ -194,11 +197,12 @@ OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags, BEGIN_CSAPI checkFlags(flags, - kSecCSConsiderExpiration); + kSecCSConsiderExpiration + | kSecCSEnforceRevocationChecks); SecPointer code = SecCode::required(codeRef); code->checkValidity(flags); if (const SecRequirement *req = SecRequirement::optional(requirementRef)) - code->staticCode()->validateRequirements(req->requirement(), errSecCSReqFailed); + code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed); END_CSAPI_ERRORS } @@ -217,7 +221,9 @@ const CFStringRef kSecCodeInfoChangedFiles = CFSTR("changed-files"); const CFStringRef kSecCodeInfoCMS = CFSTR("cms"); const CFStringRef kSecCodeInfoDesignatedRequirement = CFSTR("designated-requirement"); const CFStringRef kSecCodeInfoEntitlements = CFSTR("entitlements"); +const CFStringRef kSecCodeInfoEntitlementsDict = CFSTR("entitlements-dict"); const CFStringRef kSecCodeInfoFormat = CFSTR("format"); +const CFStringRef kSecCodeInfoDigestAlgorithm = CFSTR("digest-algorithm"); const CFStringRef kSecCodeInfoIdentifier = CFSTR("identifier"); const CFStringRef kSecCodeInfoImplicitDesignatedRequirement = CFSTR("implicit-requirement"); const CFStringRef kSecCodeInfoMainExecutable = CFSTR("main-executable"); @@ -227,6 +233,7 @@ const CFStringRef kSecCodeInfoRequirementData = CFSTR("requirement-data"); const CFStringRef kSecCodeInfoSource = CFSTR("source"); const CFStringRef kSecCodeInfoStatus = CFSTR("status"); const CFStringRef kSecCodeInfoTime = CFSTR("signing-time"); +const CFStringRef kSecCodeInfoTimestamp = CFSTR("signing-timestamp"); const CFStringRef kSecCodeInfoTrust = CFSTR("trust"); const CFStringRef kSecCodeInfoUnique = CFSTR("unique"); @@ -252,10 +259,9 @@ OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flag if (flags & kSecCSDynamicInformation) if (SecPointer dcode = SecStaticCode::optionalDynamic(codeRef)) - info = cfmake("{+%O,%O=%u}", info.get(), - kSecCodeInfoStatus, dcode->status()); + info.take(cfmake("{+%O,%O=%u}", info.get(), kSecCodeInfoStatus, dcode->status())); - Required(infoRef) = info.yield(); + CodeSigning::Required(infoRef) = info.yield(); END_CSAPI }