Security-58286.251.4.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / Code.cpp

diff --git a/OSX/libsecurity_codesigning/lib/Code.cpp b/OSX/libsecurity_codesigning/lib/Code.cpp
index 8de98a3782796cc7a139096cfb41f32e25915c36..919ff0bce28db5d4804e3776e6ce82fc98fc8ab0 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/Code.cpp
+++ b/OSX/libsecurity_codesigning/lib/Code.cpp
@@ -30,6 +30,7 @@
 #include "cskernel.h"
 #include <security_utilities/cfmunge.h>
 #include <security_utilities/debugging.h>
+#include "SecInternalReleasePriv.h"
 
 namespace Security {
 namespace CodeSigning {
@@ -210,9 +211,20 @@ void SecCode::checkValidity(SecCSFlags flags)
                myDisk->diskRep()->strictValidate(myDisk->codeDirectory(), DiskRep::ToleratedErrors(), flags);
 
        // check my own dynamic state
-       if (!(this->host()->getGuestStatus(this) & kSecCodeStatusValid))
-               MacOSError::throwMe(errSecCSGuestInvalid);
-       
+       SecCodeStatus dynamic_status = this->host()->getGuestStatus(this);
+       bool isValid = (dynamic_status & kSecCodeStatusValid) != 0;
+       if (!isValid) {
+               bool isDebugged = (dynamic_status & kSecCodeStatusDebugged) != 0;
+               bool isPlatform = (dynamic_status & kSecCodeStatusPlatform) != 0;
+               bool isInternal = SecIsInternalRelease();
+
+               if (!isDebugged || (isPlatform && !isInternal)) {
+                       // fatal if the code is invalid and not being debugged, but
+                       // never let platform code be debugged except on internal systems.
+                       MacOSError::throwMe(errSecCSGuestInvalid);
+               }
+       }
+
        // check that static and dynamic views are consistent
        if (this->cdHash() && !CFEqual(this->cdHash(), myDisk->cdHash()))
                MacOSError::throwMe(errSecCSStaticCodeChanged);