#include <syslog.h>
#include <CoreFoundation/CoreFoundation.h>
#include <security_utilities/cfutilities.h>
+#include <security_utilities/logging.h>
#include <security_utilities/cfmunge.h>
} else if (type == XPC_TYPE_ERROR) {
const char *s = xpc_copy_description(reply);
printf("Error returned: %s\n", s);
+ Syslog::notice("code signing internal problem: unexpected error from xpc: %s", s);
free((char*)s);
- MacOSError::throwMe(errSecCSInternalError);
+ MacOSError::throwMe(errSecCSInternalError);
} else {
const char *s = xpc_copy_description(reply);
printf("Unexpected type of return object: %s\n", s);
}
-static void precheckAccess(CFURLRef path, CFDictionaryRef context)
+static bool precheckAccess(CFURLRef path, CFDictionaryRef context)
{
CFTypeRef type = CFDictionaryGetValue(context, kSecAssessmentContextKeyOperation);
if (type == NULL || CFEqual(type, kSecAssessmentOperationTypeExecute)) {
CFRef<SecStaticCodeRef> code;
- MacOSError::check(SecStaticCodeCreateWithPath(path, kSecCSDefaultFlags, &code.aref()));
+ OSStatus rc = SecStaticCodeCreateWithPath(path, kSecCSDefaultFlags, &code.aref());
+ if (rc == errSecCSBadBundleFormat) // work around <rdar://problem/26075034>
+ return false;
CFRef<CFURLRef> exec;
MacOSError::check(SecCodeCopyPath(code, kSecCSDefaultFlags, &exec.aref()));
UnixError::check(::access(cfString(exec).c_str(), R_OK));
} else {
UnixError::check(access(cfString(path).c_str(), R_OK));
}
+ return true;
}
if (CFGetTypeID(target) == CFNumberGetTypeID())
xpc_dictionary_set_uint64(msg, "rule", cfNumber<int64_t>(CFNumberRef(target)));
else if (CFGetTypeID(target) == CFURLGetTypeID()) {
- precheckAccess(CFURLRef(target), context);
+ bool good = precheckAccess(CFURLRef(target), context);
+ if (!good) // work around <rdar://problem/26075034>
+ return makeCFDictionary(0); // pretend this worked
xpc_dictionary_set_string(msg, "url", cfString(CFURLRef(target)).c_str());
} else if (CFGetTypeID(target) == SecRequirementGetTypeID()) {
CFRef<CFDataRef> data;
if (localAuthorization)
AuthorizationFree(localAuthorization, kAuthorizationFlagDefaults);
- if (int64_t error = xpc_dictionary_get_int64(msg, "error"))
- MacOSError::throwMe((int)error);
+ if (int64_t error = xpc_dictionary_get_int64(msg, "error"))
+ MacOSError::throwMe((int)error);
size_t resultLength;
const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength);
msg.send();
}
+void xpcEngineCheckDevID(CFBooleanRef* result)
+{
+ Message msg("check-dev-id");
+
+ msg.send();
+
+ if (int64_t error = xpc_dictionary_get_int64(msg, "error")) {
+ MacOSError::throwMe((int)error);
+ }
+
+ *result = xpc_dictionary_get_bool(msg,"result") ? kCFBooleanTrue : kCFBooleanFalse;
+}
+
} // end namespace CodeSigning
} // end namespace Security
projects / apple / security.git / blobdiff