]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_codesigning/lib/SecCode.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59306.140.5.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / SecCode.cpp
diff --git a/OSX/libsecurity_codesigning/lib/SecCode.cpp b/OSX/libsecurity_codesigning/lib/SecCode.cpp
index 47d1cc162cc69a774ee684f8494760b12febe36f..2a494dc7e0b8fb11668339aaf64c786f91126f75 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/SecCode.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecCode.cpp
@@ -179,7 +179,8 @@ OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef,
 
 
 //
-// Shorthand for getting the SecCodeRef for a UNIX process
+// Deprecated since 10.6, DO NOT USE. This can be raced.
+// Use SecCodeCreateWithAuditToken instead.
 //
 OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRef)
 {
@@ -193,6 +194,25 @@ OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRe
 
        END_CSAPI
 }
+
+//
+// Shorthand for getting the SecCodeRef for a UNIX process
+//
+OSStatus SecCodeCreateWithAuditToken(const audit_token_t *audit,
+                                                                        SecCSFlags flags, SecCodeRef *processRef)
+{
+       BEGIN_CSAPI
+       
+       checkFlags(flags);
+       CFRef<CFDataRef> auditData = makeCFData(audit, sizeof(audit_token_t));
+       if (SecCode *guest = KernelCode::active()->locateGuest(CFTemp<CFDictionaryRef>("{%O=%O}", kSecGuestAttributeAudit, auditData.get()))) {
+               CodeSigning::Required(processRef) = guest->handle(false);
+       } else {
+               return errSecCSNoSuchCode;
+       }
+       
+       END_CSAPI
+}
 #endif // TARGET_OS_OSX
 
 
@@ -213,6 +233,7 @@ OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags,
        checkFlags(flags,
                  kSecCSConsiderExpiration
                | kSecCSStrictValidate
+               | kSecCSStrictValidateStructure
                | kSecCSRestrictSidebandData
                | kSecCSEnforceRevocationChecks
        );
@@ -258,13 +279,16 @@ const CFStringRef kSecCodeInfoTimestamp =         CFSTR("signing-timestamp");
 const CFStringRef kSecCodeInfoTrust =                  CFSTR("trust");
 const CFStringRef kSecCodeInfoUnique =                 CFSTR("unique");
 const CFStringRef kSecCodeInfoCdHashes =        CFSTR("cdhashes");
+const CFStringRef kSecCodeInfoCdHashesFull =   CFSTR("cdhashes-full");
 const CFStringRef kSecCodeInfoRuntimeVersion =         CFSTR("runtime-version");
 
-
 const CFStringRef kSecCodeInfoCodeDirectory =  CFSTR("CodeDirectory");
 const CFStringRef kSecCodeInfoCodeOffset =             CFSTR("CodeOffset");
 const CFStringRef kSecCodeInfoDiskRepInfo =     CFSTR("DiskRepInfo");
 const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory");
+const CFStringRef kSecCodeInfoNotarizationDate = CFSTR("NotarizationDate");
+const CFStringRef kSecCodeInfoCMSDigestHashType = CFSTR("CMSDigestHashType");
+const CFStringRef kSecCodeInfoCMSDigest =        CFSTR("CMSDigest");
 
 /* DiskInfoRepInfo types */
 const CFStringRef kSecCodeInfoDiskRepVersionPlatform =         CFSTR("VersionPlatform");
@@ -284,7 +308,8 @@ OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flag
                | kSecCSRequirementInformation
                | kSecCSDynamicInformation
                | kSecCSContentInformation
-        | kSecCSSkipResourceDirectory);
+        | kSecCSSkipResourceDirectory
+               | kSecCSCalculateCMSDigest);
 
        SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
        CFRef<CFDictionaryRef> info = code->signingInformation(flags);
mirror of Security