Security-59306.61.1.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / policyengine.h

diff --git a/OSX/libsecurity_codesigning/lib/policyengine.h b/OSX/libsecurity_codesigning/lib/policyengine.h
index 46083083622e87d9c3c4b4548d7619e32daaba59..87b10df774852124bbbf2f131cbfebecdf8edb46 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/policyengine.h
+++ b/OSX/libsecurity_codesigning/lib/policyengine.h
@@ -65,7 +65,7 @@ public:
        void recordFailure(CFDictionaryRef info);
 
 public:
-       static void addAuthority(SecAssessmentFlags flags, CFMutableDictionaryRef parent, const char *label, SQLite::int64 row = 0, CFTypeRef cacheInfo = NULL, bool weak = false);
+       static void addAuthority(SecAssessmentFlags flags, CFMutableDictionaryRef parent, const char *label, SQLite::int64 row = 0, CFTypeRef cacheInfo = NULL, bool weak = false, uint64_t ruleFlags = 0);
        static void addToAuthority(CFMutableDictionaryRef parent, CFStringRef key, CFTypeRef value);
 
 private:
@@ -88,7 +88,10 @@ private:
        void recordOutcome(SecStaticCodeRef code, bool allow, AuthorityType type, double expires, SQLite::int64 authority);
 
 private:
-       OpaqueWhitelist mOpaqueWhitelist;
+       OpaqueWhitelist* mOpaqueWhitelist;
+       CFDictionaryRef opaqueWhitelistValidationConditionsFor(SecStaticCodeRef code);
+       bool opaqueWhiteListContains(SecStaticCodeRef code, SecAssessmentFeedback feedback, OSStatus reason);
+       void opaqueWhitelistAdd(SecStaticCodeRef code);
 
     friend class EvaluationManager;
     friend class EvaluationTask;