]> git.saurik.com Git - apple/security.git/blobdiff - libsecurity_codesigning/lib/policyengine.h
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-55471.14.18.tar.gz
[apple/security.git] / libsecurity_codesigning / lib / policyengine.h
diff --git a/libsecurity_codesigning/lib/policyengine.h b/libsecurity_codesigning/lib/policyengine.h
index 7ae9bfc7c3a997649df712d11e17a41ffe2ff318..8f4d7a17dbb9e283525299a96092346284f0c95c 100644 (file)
--- a/libsecurity_codesigning/lib/policyengine.h
+++ b/libsecurity_codesigning/lib/policyengine.h
@@ -24,6 +24,7 @@
 #define _H_POLICYENGINE
 
 #include "SecAssessment.h"
+#include "opaquewhitelist.h"
 #include "policydb.h"
 #include <security_utilities/globalizer.h>
 #include <security_utilities/cfutilities.h>
@@ -60,15 +61,22 @@ public:
        CFDictionaryRef disable(CFTypeRef target, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context);
        CFDictionaryRef find(CFTypeRef target, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context);
 
+       void recordFailure(CFDictionaryRef info);
+
 public:
-       static void addAuthority(CFMutableDictionaryRef parent, const char *label, SQLite::int64 row = 0, CFTypeRef cacheInfo = NULL);
+       static void addAuthority(SecAssessmentFlags flags, CFMutableDictionaryRef parent, const char *label, SQLite::int64 row = 0, CFTypeRef cacheInfo = NULL, bool weak = false);
        static void addToAuthority(CFMutableDictionaryRef parent, CFStringRef key, CFTypeRef value);
 
 private:
-       void evaluateCode(CFURLRef path, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result);
+       void evaluateCode(CFURLRef path, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result, bool handleUnsigned);
        void evaluateInstall(CFURLRef path, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result);
        void evaluateDocOpen(CFURLRef path, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result);
        
+       void evaluateCodeItem(SecStaticCodeRef code, CFURLRef path, AuthorityType type, SecAssessmentFlags flags, bool nested, CFMutableDictionaryRef result);
+       void adjustValidation(SecStaticCodeRef code);
+       bool temporarySigning(SecStaticCodeRef code, AuthorityType type, CFURLRef path, SecAssessmentFlags matchFlags);
+       void normalizeTarget(CFRef<CFTypeRef> &target, AuthorityType type, CFDictionary &context, std::string *signUnsigned);
+       
        void selectRules(SQLite::Statement &action, std::string stanza, std::string table,
                CFTypeRef inTarget, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context, std::string suffix = "");
        CFDictionaryRef manipulateRules(const std::string &stanza,
@@ -77,6 +85,9 @@ private:
        void setOrigin(CFArrayRef chain, CFMutableDictionaryRef result);
 
        void recordOutcome(SecStaticCodeRef code, bool allow, AuthorityType type, double expires, SQLite::int64 authority);
+
+private:
+       OpaqueWhitelist mOpaqueWhitelist;
 };
 
 
mirror of Security