namespace CodeSigning {
class ResourceBuilder;
+class SecCodeSigner;
//
virtual CFURLRef copyCanonicalPath() = 0; // path to whole code
virtual std::string resourcesRootPath(); // resource directory if any [none]
virtual void adjustResources(ResourceBuilder &builder); // adjust resource rule set [no change]
+ virtual void prepareForSigning(SigningContext& context); // pre-adjust signing defaults before argument preparation [none]
virtual Universal *mainExecutableImage(); // Mach-O image if Mach-O based [null]
virtual size_t signingBase(); // start offset of signed area in main executable [zero]
virtual size_t signingLimit() = 0; // size of signed area in main executable
+
+ // The executable segment, if present, denotes which part of the image can be mapped
+ // into a virtual address space as executable. Not all platforms check this.
+ virtual size_t execSegBase(const Architecture *arch); // start offset of executable segment in main executable [zero]
+ virtual size_t execSegLimit(const Architecture *arch) = 0; // size of executable segment in main executable
+
virtual std::string format() = 0; // human-readable type string
virtual CFArrayRef modifiedFiles(); // list of files modified by signing [main execcutable only]
virtual UnixPlusPlus::FileDesc &fd() = 0; // a cached file descriptor for main executable file
virtual void flush(); // flush caches (refetch as needed)
+ virtual CFDictionaryRef diskRepInformation(); // information from diskrep
// default values for signing operations
virtual std::string recommendedIdentifier(const SigningContext &ctx) = 0; // default identifier
const SigningContext &ctx); // default internal requirements [none]
virtual size_t pageSize(const SigningContext &ctx); // default main executable page size [infinite, i.e. no paging]
- virtual void strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated); // perform strict validation
+ virtual void strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated, SecCSFlags flags); // perform strict validation
virtual CFArrayRef allowedResourceOmissions(); // allowed (default) resource omission rules
bool mainExecutableIsMachO() { return mainExecutableImage() != NULL; }
// shorthands
- CFDataRef codeDirectory() { return component(cdCodeDirectorySlot); }
CFDataRef signature() { return component(cdSignatureSlot); }
public:
virtual std::string sdkPath(const std::string &path) const = 0;
virtual bool isAdhoc() const = 0;
virtual SecCSFlags signingFlags() const = 0;
+
+ virtual const CodeDirectory::HashAlgorithms &digestAlgorithms() const = 0;
+ virtual void setDigestAlgorithms(CodeDirectory::HashAlgorithms types) = 0;
+
+ void setDigestAlgorithm(CodeDirectory::HashAlgorithm type)
+ {
+ CodeDirectory::HashAlgorithms types;
+ types.insert(type);
+ setDigestAlgorithms(types);
+ }
};
protected:
bool attribute(uint32_t attr) const { return mAttributes & attr; }
void signature(CFDataRef data) { component(cdSignatureSlot, data); }
- void codeDirectory(const CodeDirectory *cd)
- { component(cdCodeDirectorySlot, CFTempData(cd->data(), cd->length())); }
+ void codeDirectory(const CodeDirectory *cd, CodeDirectory::SpecialSlot slot)
+ { component(slot, CFTempData(cd->data(), cd->length())); }
private:
Architecture mArch;
Universal *mainExecutableImage() { return mOriginal->mainExecutableImage(); }
size_t signingBase() { return mOriginal->signingBase(); }
size_t signingLimit() { return mOriginal->signingLimit(); }
+ size_t execSegBase(const Architecture *arch) { return mOriginal->execSegBase(arch); }
+ size_t execSegLimit(const Architecture *arch) { return mOriginal->execSegLimit(arch); }
std::string format() { return mOriginal->format(); }
CFArrayRef modifiedFiles() { return mOriginal->modifiedFiles(); }
UnixPlusPlus::FileDesc &fd() { return mOriginal->fd(); }
{ return mOriginal->defaultRequirements(arch, ctx); }
size_t pageSize(const SigningContext &ctx) { return mOriginal->pageSize(ctx); }
- void strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated) { mOriginal->strictValidate(cd, tolerated); }
+ void strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated, SecCSFlags flags) { mOriginal->strictValidate(cd, tolerated, flags); }
CFArrayRef allowedResourceOmissions() { return mOriginal->allowedResourceOmissions(); }
private:
projects / apple / security.git / blobdiff