Security-58286.251.4.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / reqinterp.cpp

diff --git a/OSX/libsecurity_codesigning/lib/reqinterp.cpp b/OSX/libsecurity_codesigning/lib/reqinterp.cpp
index b685802b5c6568d2a7f82dfb9cd18b8056f5df81..80a6ae136e39ad3f658f7a9efa2d55f540c70512 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/reqinterp.cpp
+++ b/OSX/libsecurity_codesigning/lib/reqinterp.cpp
@@ -34,6 +34,7 @@
 #include <IOKit/IOKitLib.h>
 #include <IOKit/IOCFUnserialize.h>
 #include "csutilities.h"
+#include "notarization.h"
 
 namespace Security {
 namespace CodeSigning {
@@ -178,6 +179,10 @@ bool Requirement::Interpreter::eval(int depth)
                        int32_t targetPlatform = get<int32_t>();
                        return mContext->directory && mContext->directory->platform == targetPlatform;
                }
+       case opNotarized:
+               {
+                       return isNotarized(mContext);
+               }
        default:
                // opcode not recognized - handle generically if possible, fail otherwise
                if (op & (opGenericFalse | opGenericSkip)) {
@@ -371,6 +376,10 @@ bool Requirement::Interpreter::appleLocalAnchored()
     if (csr_check(CSR_ALLOW_APPLE_INTERNAL))
         return false;
 
+       if (mContext->forcePlatform) {
+               return true;
+       }
+
     static dispatch_once_t onceToken;
     dispatch_once(&onceToken, ^{
         additionalTrustedCertificates = getAdditionalTrustedAnchors();
@@ -399,7 +408,7 @@ bool Requirement::Interpreter::appleSigned()
                                return true;
     } else if (appleLocalAnchored()) {
         return true;
-    }
+       }
        return false;
 }