SecStaticCode *hostDisk = this->host()->staticCode();
// check my static state
- myDisk->validateDirectory();
+ myDisk->validateNonResourceComponents(); // also validates the CodeDirectory
+ if (flags & kSecCSStrictValidate)
+ myDisk->diskRep()->strictValidate(myDisk->codeDirectory(), DiskRep::ToleratedErrors(), flags);
// check my own dynamic state
if (!(this->host()->getGuestStatus(this) & kSecCodeStatusValid))
if (CFDictionaryGetCount(attributes) == 0)
return KernelCode::active()->retain();
- // main logic: we need a pid, and we'll take a canonical guest id as an option
- int pid = 0;
- if (!cfscan(attributes, "{%O=%d}", kSecGuestAttributePid, &pid))
+ // main logic: we need a pid or audit trailer; everything else goes to the guests
+ if (CFDictionaryGetValue(attributes, kSecGuestAttributePid) == NULL
+ && CFDictionaryGetValue(attributes, kSecGuestAttributeAudit) == NULL)
CSError::throwMe(errSecCSUnsupportedGuestAttributes, kSecCFErrorGuestAttributes, attributes);
if (SecCode *process =
KernelCode::active()->locateGuest(attributes)) {
// might be a code host. Let's find out
CFRef<CFMutableDictionaryRef> rest = makeCFMutableDictionary(attributes);
CFDictionaryRemoveValue(rest, kSecGuestAttributePid);
+ CFDictionaryRemoveValue(rest, kSecGuestAttributeAudit);
if (SecCode *guest = code->locateGuest(rest))
return guest;
}
projects / apple / security.git / blobdiff