X-Git-Url: https://git.saurik.com/apple/libsecurity_codesigning.git/blobdiff_plain/d1c1ab47a3465a37e4c243f7a5b11b92737d5b76..935e692843d9c528f9a4c5eee98e00961ca5f4a4:/lib/StaticCode.h diff --git a/lib/StaticCode.h b/lib/StaticCode.h index 8350ddb..edb92a1 100644 --- a/lib/StaticCode.h +++ b/lib/StaticCode.h @@ -80,6 +80,7 @@ protected: CollectingContext(SecStaticCode &c) : code(c), mStatus(noErr) { } void reportProblem(OSStatus rc, CFStringRef type, CFTypeRef value); + OSStatus osStatus() { return mStatus; } operator OSStatus () const { return mStatus; } void throwMe() __attribute__((noreturn)); @@ -135,9 +136,13 @@ public: bool validated() const { return mValidated; } bool valid() const { assert(validated()); return mValidated && (mValidationResult == noErr); } + bool validatedExecutable() const { return mExecutableValidated; } + bool validatedResources() const { return mResourcesValidated; } + void validateDirectory(); void validateComponent(CodeDirectory::SpecialSlot slot, OSStatus fail = errSecCSSignatureFailed); + void validateNonResourceComponents(); void validateResources(); void validateExecutable(); @@ -163,11 +168,12 @@ public: protected: CFDictionaryRef getDictionary(CodeDirectory::SpecialSlot slot, OSStatus fail); // component value as a dictionary bool verifySignature(); - SecPolicyRef verificationPolicy(); + CFTypeRef verificationPolicy(SecCSFlags flags); void defaultDesignatedAppleAnchor(Requirement::Maker &maker); void defaultDesignatedNonAppleAnchor(Requirement::Maker &maker); bool isAppleSDKSignature(); + bool isAppleCaspianSignature(); static void checkOptionalResource(CFTypeRef key, CFTypeRef value, void *context); @@ -181,7 +187,12 @@ private: // static executable validation state (nested within mValidated/mValid) bool mExecutableValidated; // tried to validate executable file - bool mExecutableValid; // outcome if mExecutableValidated + OSStatus mExecutableValidResult; // outcome if mExecutableValidated + + // static resource validation state (nested within mValidated/mValid) + bool mResourcesValidated; // tried to validate resources + OSStatus mResourcesValidResult; // outcome if mResourceValidated or.. + CollectingContext *mResourcesValidContext; // other outcome // cached contents CFRef mDir; // code directory data @@ -203,9 +214,6 @@ private: CFRef mTrust; // outcome of crypto validation (valid or not) CFRef mCertChain; CSSM_TP_APPLE_EVIDENCE_INFO *mEvalDetails; - - // cached verification policy - CFRef mPolicy; };