- END_CSAPI_ERRORS
-#else
-#warning resolve before enabling SECTRUST_OSX: <rdar://21328880>
- OSStatus result = errSecSuccess;
- const char *func = "SecStaticCodeCheckValidity";
- CFErrorRef localErrors = NULL;
- if (!errors) { errors = &localErrors; }
- try {
- checkFlags(flags,
- kSecCSReportProgress
- | kSecCSCheckAllArchitectures
- | kSecCSDoNotValidateExecutable
- | kSecCSDoNotValidateResources
- | kSecCSConsiderExpiration
- | kSecCSEnforceRevocationChecks
- | kSecCSNoNetworkAccess
- | kSecCSCheckNestedCode
- | kSecCSStrictValidate
- | kSecCSCheckGatekeeperArchitectures
- );
-
- if (errors)
- flags |= kSecCSFullReport; // internal-use flag
-
- SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(staticCodeRef);
- code->setValidationFlags(flags);
- const SecRequirement *req = SecRequirement::optional(requirementRef);
- DTRACK(CODESIGN_EVAL_STATIC, code, (char*)code->mainExecutablePath().c_str());
- code->staticValidate(flags, req);
- }
- catch (...) {
- // the actual error being thrown is not being caught by any of the
- // type-specific blocks contained in the END_CSAPI_ERRORS macro,
- // so we only have the catch-all block here for now.
- result = errSecCSInternalError;
- }
+#if TARGET_OS_IPHONE
+ // Everything checked out correctly but we need to make sure that when
+ // we validated the code directory, we trusted the signer. We defer this
+ // until now because the caller may still trust the signer via a
+ // provisioning profile so if we prematurely throw an error when validating
+ // the directory, we potentially skip resource validation even though the
+ // caller will go on to trust the signature
+ // <rdar://problem/6075501> Applications that are validated against a provisioning profile do not have their resources checked
+ if (code->trustedSigningCertChain() == false) {
+ return CSError::cfError(errors, errSecCSSignatureUntrusted);
+ }
+#endif