]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_codesigning/lib/SecCode.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / SecCode.cpp
diff --git a/OSX/libsecurity_codesigning/lib/SecCode.cpp b/OSX/libsecurity_codesigning/lib/SecCode.cpp
index 59587ce7d25aedf193557ba8e082dc128fc98e74..7f6708bf4c60719b4ba988a812284bf55f0c5947 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/SecCode.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecCode.cpp
@@ -46,6 +46,7 @@ const CFStringRef kSecCFErrorResourceSeal =           CFSTR("SecCSResourceSeal");
 const CFStringRef kSecCFErrorResourceAdded =           CFSTR("SecCSResourceAdded");
 const CFStringRef kSecCFErrorResourceAltered = CFSTR("SecCSResourceAltered");
 const CFStringRef kSecCFErrorResourceMissing = CFSTR("SecCSResourceMissing");
 const CFStringRef kSecCFErrorResourceAdded =           CFSTR("SecCSResourceAdded");
 const CFStringRef kSecCFErrorResourceAltered = CFSTR("SecCSResourceAltered");
 const CFStringRef kSecCFErrorResourceMissing = CFSTR("SecCSResourceMissing");
+const CFStringRef kSecCFErrorResourceSideband =        CFSTR("SecCSResourceHasSidebandData");
 const CFStringRef kSecCFErrorInfoPlist =                       CFSTR("SecCSInfoPlist");
 const CFStringRef kSecCFErrorGuestAttributes = CFSTR("SecCSGuestAttributes");
 const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax");
 const CFStringRef kSecCFErrorInfoPlist =                       CFSTR("SecCSInfoPlist");
 const CFStringRef kSecCFErrorGuestAttributes = CFSTR("SecCSGuestAttributes");
 const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax");
@@ -152,8 +153,9 @@ const CFStringRef kSecGuestAttributeCanonical =             CFSTR("canonical");
 const CFStringRef kSecGuestAttributeHash =                     CFSTR("codedirectory-hash");
 const CFStringRef kSecGuestAttributeMachPort =         CFSTR("mach-port");
 const CFStringRef kSecGuestAttributePid =                      CFSTR("pid");
 const CFStringRef kSecGuestAttributeHash =                     CFSTR("codedirectory-hash");
 const CFStringRef kSecGuestAttributeMachPort =         CFSTR("mach-port");
 const CFStringRef kSecGuestAttributePid =                      CFSTR("pid");
-const CFStringRef kSecGuestAttributeDynamicCode =               CFSTR("dynamicCode");
-const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist =               CFSTR("dynamicCodeInfoPlist");
+const CFStringRef kSecGuestAttributeAudit =                    CFSTR("audit");
+const CFStringRef kSecGuestAttributeDynamicCode =      CFSTR("dynamicCode");
+const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInfoPlist");
 const CFStringRef kSecGuestAttributeArchitecture =     CFSTR("architecture");
 const CFStringRef kSecGuestAttributeSubarchitecture = CFSTR("subarchitecture");
 
 const CFStringRef kSecGuestAttributeArchitecture =     CFSTR("architecture");
 const CFStringRef kSecGuestAttributeSubarchitecture = CFSTR("subarchitecture");
 
@@ -204,12 +206,12 @@ OSStatus SecCodeCheckValidity(SecCodeRef codeRef, SecCSFlags flags,
 OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags,
        SecRequirementRef requirementRef, CFErrorRef *errors)
 {
 OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags,
        SecRequirementRef requirementRef, CFErrorRef *errors)
 {
-#if !SECTRUST_OSX
        BEGIN_CSAPI
 
        checkFlags(flags,
                  kSecCSConsiderExpiration
                | kSecCSStrictValidate
        BEGIN_CSAPI
 
        checkFlags(flags,
                  kSecCSConsiderExpiration
                | kSecCSStrictValidate
+               | kSecCSRestrictSidebandData
                | kSecCSEnforceRevocationChecks);
        SecPointer<SecCode> code = SecCode::required(codeRef);
        code->checkValidity(flags);
                | kSecCSEnforceRevocationChecks);
        SecPointer<SecCode> code = SecCode::required(codeRef);
        code->checkValidity(flags);
@@ -217,41 +219,6 @@ OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags,
                code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed);
 
        END_CSAPI_ERRORS
                code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed);
 
        END_CSAPI_ERRORS
-#else
-#warning resolve before enabling SECTRUST_OSX: <rdar://21328880>
-       OSStatus result = errSecSuccess;
-       const char *func = "SecCodeCheckValidity";
-       CFErrorRef localErrors = NULL;
-       if (!errors) { errors = &localErrors; }
-       try {
-               checkFlags(flags,
-                               kSecCSConsiderExpiration
-                               | kSecCSEnforceRevocationChecks);
-               SecPointer<SecCode> code = SecCode::required(codeRef);
-               code->checkValidity(flags);
-               if (const SecRequirement *req = SecRequirement::optional(requirementRef))
-                       code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed);
-       }
-       catch (...) {
-               // the actual error being thrown is not being caught by any of the
-               // type-specific blocks contained in the END_CSAPI_ERRORS macro,
-               // so we only have the catch-all block here for now.
-               result = errSecCSInternalError;
-       }
-
-       if (errors && *errors) {
-               CFShow(errors);
-               CFRelease(errors);
-               *errors = NULL;
-       }
-       if (result == errSecCSInternalError) {
-       #if !NDEBUG
-               Security::Syslog::error("WARNING: %s ignored error %d", func, (int)result);
-       #endif
-               result = errSecSuccess;
-       }
-       return result;
-#endif
 }
 
 
 }
 
 
@@ -292,8 +259,15 @@ const CFStringRef kSecCodeInfoCdHashes =        CFSTR("cdhashes");
 
 const CFStringRef kSecCodeInfoCodeDirectory =  CFSTR("CodeDirectory");
 const CFStringRef kSecCodeInfoCodeOffset =             CFSTR("CodeOffset");
 
 const CFStringRef kSecCodeInfoCodeDirectory =  CFSTR("CodeDirectory");
 const CFStringRef kSecCodeInfoCodeOffset =             CFSTR("CodeOffset");
+const CFStringRef kSecCodeInfoDiskRepInfo =     CFSTR("DiskRepInfo");
 const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory");
 
 const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory");
 
+/* DiskInfoRepInfo types */
+const CFStringRef kSecCodeInfoDiskRepOSPlatform =          CFSTR("OSPlatform");
+const CFStringRef kSecCodeInfoDiskRepOSVersionMin =        CFSTR("OSVersionMin");
+const CFStringRef kSecCodeInfoDiskRepOSSDKVersion =        CFSTR("SDKVersion");
+const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation");
+
 
 OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags,
        CFDictionaryRef *infoRef)
 
 OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags,
        CFDictionaryRef *infoRef)
mirror of Security