//
-// Shorthand for getting the SecCodeRef for a UNIX process
+// Deprecated since 10.6, DO NOT USE. This can be raced.
+// Use SecCodeCreateWithAuditToken instead.
//
OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRef)
{
END_CSAPI
}
+
+//
+// Shorthand for getting the SecCodeRef for a UNIX process
+//
+OSStatus SecCodeCreateWithAuditToken(const audit_token_t *audit,
+ SecCSFlags flags, SecCodeRef *processRef)
+{
+ BEGIN_CSAPI
+
+ checkFlags(flags);
+ CFRef<CFDataRef> auditData = makeCFData(audit, sizeof(audit_token_t));
+ if (SecCode *guest = KernelCode::active()->locateGuest(CFTemp<CFDictionaryRef>("{%O=%O}", kSecGuestAttributeAudit, auditData.get()))) {
+ CodeSigning::Required(processRef) = guest->handle(false);
+ } else {
+ return errSecCSNoSuchCode;
+ }
+
+ END_CSAPI
+}
#endif // TARGET_OS_OSX
checkFlags(flags,
kSecCSConsiderExpiration
| kSecCSStrictValidate
+ | kSecCSStrictValidateStructure
| kSecCSRestrictSidebandData
- | kSecCSEnforceRevocationChecks);
+ | kSecCSEnforceRevocationChecks
+ );
SecPointer<SecCode> code = SecCode::required(codeRef);
code->checkValidity(flags);
if (const SecRequirement *req = SecRequirement::optional(requirementRef))
const CFStringRef kSecCodeInfoTrust = CFSTR("trust");
const CFStringRef kSecCodeInfoUnique = CFSTR("unique");
const CFStringRef kSecCodeInfoCdHashes = CFSTR("cdhashes");
-
+const CFStringRef kSecCodeInfoCdHashesFull = CFSTR("cdhashes-full");
+const CFStringRef kSecCodeInfoRuntimeVersion = CFSTR("runtime-version");
const CFStringRef kSecCodeInfoCodeDirectory = CFSTR("CodeDirectory");
const CFStringRef kSecCodeInfoCodeOffset = CFSTR("CodeOffset");
const CFStringRef kSecCodeInfoDiskRepInfo = CFSTR("DiskRepInfo");
const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory");
+const CFStringRef kSecCodeInfoNotarizationDate = CFSTR("NotarizationDate");
+const CFStringRef kSecCodeInfoCMSDigestHashType = CFSTR("CMSDigestHashType");
+const CFStringRef kSecCodeInfoCMSDigest = CFSTR("CMSDigest");
/* DiskInfoRepInfo types */
-const CFStringRef kSecCodeInfoDiskRepOSPlatform = CFSTR("OSPlatform");
-const CFStringRef kSecCodeInfoDiskRepOSVersionMin = CFSTR("OSVersionMin");
-const CFStringRef kSecCodeInfoDiskRepOSSDKVersion = CFSTR("SDKVersion");
-const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation");
+const CFStringRef kSecCodeInfoDiskRepVersionPlatform = CFSTR("VersionPlatform");
+const CFStringRef kSecCodeInfoDiskRepVersionMin = CFSTR("VersionMin");
+const CFStringRef kSecCodeInfoDiskRepVersionSDK = CFSTR("VersionSDK");
+const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation");
OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags,
| kSecCSRequirementInformation
| kSecCSDynamicInformation
| kSecCSContentInformation
- | kSecCSSkipResourceDirectory);
+ | kSecCSSkipResourceDirectory
+ | kSecCSCalculateCMSDigest);
SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
CFRef<CFDictionaryRef> info = code->signingInformation(flags);
projects / apple / security.git / blobdiff