//
#include "Code.h"
#include "StaticCode.h"
-#include <Security/SecCodeHost.h>
#include "cskernel.h"
#include <security_utilities/cfmunge.h>
#include <security_utilities/debugging.h>
+#include "SecInternalReleasePriv.h"
namespace Security {
namespace CodeSigning {
// check my static state
myDisk->validateNonResourceComponents(); // also validates the CodeDirectory
- if (flags & kSecCSStrictValidate)
+ if (flags & kSecCSStrictValidate) {
myDisk->diskRep()->strictValidate(myDisk->codeDirectory(), DiskRep::ToleratedErrors(), flags);
+ } else if (flags & kSecCSStrictValidateStructure) {
+ myDisk->diskRep()->strictValidateStructure(myDisk->codeDirectory(), DiskRep::ToleratedErrors(), flags);
+ }
// check my own dynamic state
- if (!(this->host()->getGuestStatus(this) & kSecCodeStatusValid))
- MacOSError::throwMe(errSecCSGuestInvalid);
-
+ SecCodeStatus dynamic_status = this->host()->getGuestStatus(this);
+ bool isValid = (dynamic_status & kSecCodeStatusValid) != 0;
+ if (!isValid) {
+ bool isDebugged = (dynamic_status & kSecCodeStatusDebugged) != 0;
+ bool isPlatform = (dynamic_status & kSecCodeStatusPlatform) != 0;
+ bool isInternal = SecIsInternalRelease();
+
+ if (!isDebugged || (isPlatform && !isInternal)) {
+ // fatal if the code is invalid and not being debugged, but
+ // never let platform code be debugged except on internal systems.
+ MacOSError::throwMe(errSecCSGuestInvalid);
+ }
+ }
+
// check that static and dynamic views are consistent
if (this->cdHash() && !CFEqual(this->cdHash(), myDisk->cdHash()))
MacOSError::throwMe(errSecCSStaticCodeChanged);
//
SecCode *SecCode::autoLocateGuest(CFDictionaryRef attributes, SecCSFlags flags)
{
+#if TARGET_OS_OSX
// special case: with no attributes at all, return the root of trust
if (CFDictionaryGetCount(attributes) == 0)
return KernelCode::active()->retain();
- // main logic: we need a pid, and we'll take a canonical guest id as an option
- int pid = 0;
- if (!cfscan(attributes, "{%O=%d}", kSecGuestAttributePid, &pid))
+ // main logic: we need a pid or audit trailer; everything else goes to the guests
+ if (CFDictionaryGetValue(attributes, kSecGuestAttributePid) == NULL
+ && CFDictionaryGetValue(attributes, kSecGuestAttributeAudit) == NULL)
CSError::throwMe(errSecCSUnsupportedGuestAttributes, kSecCFErrorGuestAttributes, attributes);
if (SecCode *process =
KernelCode::active()->locateGuest(attributes)) {
// might be a code host. Let's find out
CFRef<CFMutableDictionaryRef> rest = makeCFMutableDictionary(attributes);
CFDictionaryRemoveValue(rest, kSecGuestAttributePid);
+ CFDictionaryRemoveValue(rest, kSecGuestAttributeAudit);
if (SecCode *guest = code->locateGuest(rest))
return guest;
}
return code.yield();
}
}
+#endif // TARGET_OS_OSX
MacOSError::throwMe(errSecCSNoSuchCode);
}
projects / apple / security.git / blobdiff