Security-58286.20.16.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / SecAssessment.cpp

diff --git a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
index c6129c7996a193ef61f54ae27189e2f231bd50ac..f3395e63b6a7318b7781c4b036ce29a6fc77f86d 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
@@ -27,6 +27,7 @@
 #include "xpcengine.h"
 #include "csutilities.h"
 #include <CoreFoundation/CFRuntime.h>
+#include <CoreFoundation/CFBundlePriv.h>
 #include <security_utilities/globalizer.h>
 #include <security_utilities/unix++.h>
 #include <security_utilities/cfmunge.h>
@@ -126,11 +127,15 @@ ModuleNexus<PolicyEngine> gEngine;
 //
 // Policy evaluation ("assessment") operations
 //
+CFStringRef kSecAssessmentContextKeyUTI = CFSTR("context:uti");
+
 CFStringRef kSecAssessmentContextKeyFeedback = CFSTR("context:feedback");
 CFStringRef kSecAssessmentFeedbackProgress = CFSTR("feedback:progress");
 CFStringRef kSecAssessmentFeedbackInfoCurrent = CFSTR("current");
 CFStringRef kSecAssessmentFeedbackInfoTotal = CFSTR("total");
 
+CFStringRef kSecAssessmentContextKeyPrimarySignature = CFSTR("context:primary-signature");
+
 CFStringRef kSecAssessmentAssessmentVerdict = CFSTR("assessment:verdict");
 CFStringRef kSecAssessmentAssessmentOriginator = CFSTR("assessment:originator");
 CFStringRef kSecAssessmentAssessmentAuthority = CFSTR("assessment:authority");
@@ -138,6 +143,7 @@ CFStringRef kSecAssessmentAssessmentSource = CFSTR("assessment:authority:source"
 CFStringRef kSecAssessmentAssessmentAuthorityRow = CFSTR("assessment:authority:row");
 CFStringRef kSecAssessmentAssessmentAuthorityOverride = CFSTR("assessment:authority:override");
 CFStringRef kSecAssessmentAssessmentAuthorityOriginalVerdict = CFSTR("assessment:authority:verdict");
+CFStringRef kSecAssessmentAssessmentAuthorityFlags = CFSTR("assessment:authority:flags");
 CFStringRef kSecAssessmentAssessmentFromCache = CFSTR("assessment:authority:cached");
 CFStringRef kSecAssessmentAssessmentWeakSignature = CFSTR("assessment:authority:weak");
 CFStringRef kSecAssessmentAssessmentCodeSigningError = CFSTR("assessment:cserror");
@@ -236,7 +242,7 @@ static void traceResult(CFURLRef target, MessageTrace &trace, std::string &sanit
 
        string identifier = "UNBUNDLED";
        string version = "UNKNOWN";
-       if (CFRef<CFBundleRef> bundle = CFBundleCreate(NULL, target)) {
+       if (CFRef<CFBundleRef> bundle = _CFBundleCreateUnique(NULL, target)) {
                if (CFStringRef ident = CFBundleGetIdentifier(bundle))
                        identifier = cfString(ident);
                if (CFStringRef vers = CFStringRef(CFBundleGetValueForInfoDictionaryKey(bundle, CFSTR("CFBundleShortVersionString"))))
@@ -421,12 +427,7 @@ CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
        CFRef<CFDictionaryRef> result;
 
        // make context exist and writable
-       CFMutableDictionaryRef mcontext;
-       if (context == NULL) {
-               mcontext = makeCFMutableDictionary();
-       } else {
-               mcontext = makeCFMutableDictionary(context);
-       }
+       CFRef<CFMutableDictionaryRef> mcontext = context ? makeCFMutableDictionary(context) : makeCFMutableDictionary();
        
        if (CFDictionaryGetValue(mcontext, kSecAssessmentUpdateKeyAuthorization) == NULL) {
                // no authorization passed in. Make an empty one in this context
@@ -462,7 +463,7 @@ CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
        traceUpdate(target, context, result);
        return result.yield();
 
-       END_CSAPI_ERRORS1(false)
+       END_CSAPI_ERRORS1(NULL)
 }
 
 
@@ -495,20 +496,21 @@ Boolean SecAssessmentControl(CFStringRef control, void *arguments, CFErrorRef *e
                        result = kCFBooleanTrue;
                return true;
        } else if (CFEqual(control, CFSTR("ui-enable-devid"))) {
-               CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
-               if (CFDictionaryRef result = gEngine().enable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx, false))
-                       CFRelease(result);
+               CFTemp<CFDictionaryRef> ctx("{%O=%s, %O=%O}", kSecAssessmentUpdateKeyLabel, "Developer ID", kSecAssessmentContextKeyUpdate, kSecAssessmentUpdateOperationEnable);
+        SecAssessmentUpdate(NULL, kSecCSDefaultFlags, ctx, errors);
                MessageTrace trace("com.apple.security.assessment.state", "enable-devid");
                trace.send("enable Developer ID approval");
                return true;
        } else if (CFEqual(control, CFSTR("ui-disable-devid"))) {
-               CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
-               if (CFDictionaryRef result = gEngine().disable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx, false))
-                       CFRelease(result);
+        CFTemp<CFDictionaryRef> ctx("{%O=%s, %O=%O}", kSecAssessmentUpdateKeyLabel, "Developer ID", kSecAssessmentContextKeyUpdate, kSecAssessmentUpdateOperationDisable);
+        SecAssessmentUpdate(NULL, kSecCSDefaultFlags, ctx, errors);
                MessageTrace trace("com.apple.security.assessment.state", "disable-devid");
                trace.send("disable Developer ID approval");
                return true;
-       } else if (CFEqual(control, CFSTR("ui-get-devid"))) {
+    } else if (CFEqual(control, CFSTR("ui-get-devid"))) {
+        xpcEngineCheckDevID((CFBooleanRef*)(arguments));
+        return true;
+    } else if (CFEqual(control, CFSTR("ui-get-devid-local"))) {
                CFBooleanRef &result = *(CFBooleanRef*)(arguments);
                if (gEngine().value<int>("SELECT disabled FROM authority WHERE label = 'Developer ID';", true))
                        result = kCFBooleanFalse;