Security-55471.14.18.tar.gz

[apple/security.git] / libsecurity_codesigning / lib / SecStaticCode.cpp

diff --git a/libsecurity_codesigning/lib/SecStaticCode.cpp b/libsecurity_codesigning/lib/SecStaticCode.cpp
index f0a67ccccc0894367b6ef817107a8f25054bdf31..ee14ed9cdbb78a3feac0902a56ab1a6df4518b94 100644 (file)
--- a/libsecurity_codesigning/lib/SecStaticCode.cpp
+++ b/libsecurity_codesigning/lib/SecStaticCode.cpp
@@ -112,7 +112,8 @@ OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, Se
                | kSecCSDoNotValidateResources
                | kSecCSConsiderExpiration
                | kSecCSEnforceRevocationChecks
-               | kSecCSCheckNestedCode);
+               | kSecCSCheckNestedCode
+               | kSecCSStrictValidate);
 
        SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(staticCodeRef);
        const SecRequirement *req = SecRequirement::optional(requirementRef);
@@ -141,7 +142,7 @@ OSStatus SecCodeCopyPath(SecStaticCodeRef staticCodeRef, SecCSFlags flags, CFURL
        
        checkFlags(flags);
        SecPointer<SecStaticCode> staticCode = SecStaticCode::requiredStatic(staticCodeRef);
-       CodeSigning::Required(path) = staticCode->canonicalPath();
+       CodeSigning::Required(path) = staticCode->copyCanonicalPath();
 
        END_CSAPI
 }
@@ -233,3 +234,15 @@ OSStatus SecStaticCodeSetCallback(SecStaticCodeRef codeRef, SecCSFlags flags, Se
 
        END_CSAPI
 }
+
+
+OSStatus SecStaticCodeSetValidationConditions(SecStaticCodeRef codeRef, CFDictionaryRef conditions)
+{
+       BEGIN_CSAPI
+       
+       checkFlags(0);
+       SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
+       code->setValidationModifiers(conditions);
+       
+       END_CSAPI
+}