Security-58286.251.4.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / csprocess.cpp

diff --git a/OSX/libsecurity_codesigning/lib/csprocess.cpp b/OSX/libsecurity_codesigning/lib/csprocess.cpp
index bc406aa3f79d65cf99a8f6e5b0aa00e678277948..26ee9005c1b818cb953f310171326c8b421af53f 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/csprocess.cpp
+++ b/OSX/libsecurity_codesigning/lib/csprocess.cpp
@@ -36,9 +36,13 @@ namespace CodeSigning {
 //
 // Construct a running process representation
 //
-ProcessCode::ProcessCode(pid_t pid, PidDiskRep *pidDiskRep /*= NULL */)
+ProcessCode::ProcessCode(pid_t pid, const audit_token_t* token, PidDiskRep *pidDiskRep /*= NULL */)
        : GenericCode(KernelCode::active()), mPid(pid), mPidBased(pidDiskRep)
 {
+       if (token)
+               mAudit = new audit_token_t(*token);
+       else
+               mAudit = NULL;
 }
 
 
@@ -46,6 +50,17 @@ mach_port_t ProcessCode::getHostingPort()
 {
        return SecurityServer::ClientSession().hostingPort(pid());
 }
+       
+       
+int ProcessCode::csops(unsigned int ops, void *addr, size_t size)
+{
+       // pass pid and audit token both if we have it, or just the pid if we don't
+       if (mAudit)
+               return ::csops_audittoken(mPid, ops, addr, size, mAudit);
+       else
+               return ::csops(mPid, ops, addr, size);
+}
+
 
 /*
  *
@@ -69,7 +84,10 @@ CFDictionaryRef ProcessDynamicCode::infoDictionary()
 {
         if (mGuest->pidBased()->supportInfoPlist())
                 return SecStaticCode::infoDictionary();
-        return makeCFDictionary(0);
+        if (!mEmptyInfoDict) {
+                mEmptyInfoDict.take(makeCFDictionary(0));
+        }
+        return mEmptyInfoDict;
 }
 
 void ProcessDynamicCode::validateComponent(CodeDirectory::SpecialSlot slot, OSStatus fail /* = errSecCSSignatureFailed */)