Security-59306.11.20.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / piddiskrep.h

diff --git a/OSX/libsecurity_codesigning/lib/piddiskrep.h b/OSX/libsecurity_codesigning/lib/piddiskrep.h
index fddb34cf429f45ce4293c51bf8abc52d388b91be..c58430099d5d180123fb9b82bd345edb0b6de780 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/piddiskrep.h
+++ b/OSX/libsecurity_codesigning/lib/piddiskrep.h
@@ -27,20 +27,17 @@
 #ifndef _H_PIDDISKREP
 #define _H_PIDDISKREP
 
+#include <memory>
+
 #include "diskrep.h"
 
 namespace Security {
 namespace CodeSigning {
                 
                 
-//
-// A KernelDiskRep represents a (the) kernel on disk.
-// It has no write support, so we can't sign the kernel,
-// which is fine since we unconditionally trust it anyway.
-//
 class PidDiskRep : public DiskRep {
 public:
-        PidDiskRep(pid_t pid, CFDataRef infoPlist);
+        PidDiskRep(pid_t pid, audit_token_t *audit, CFDataRef infoPlist);
         ~PidDiskRep();
         
         CFDataRef component(CodeDirectory::SpecialSlot slot);
@@ -48,6 +45,7 @@ public:
         std::string mainExecutablePath();
         CFURLRef copyCanonicalPath();
         size_t signingLimit();
+               size_t execSegLimit(const Architecture *arch);
         std::string format();
         UnixPlusPlus::FileDesc &fd();
 
@@ -57,10 +55,13 @@ public:
        
                void setCredentials(const CodeDirectory* cd);
 
+               bool appleInternalForcePlatform() const;
+
 private:
         const BlobCore *blob() { return (const BlobCore *)mBuffer; }
         void fetchData(void);
         pid_t mPid;
+        std::unique_ptr<audit_token_t> mAudit;
         uint8_t *mBuffer;
                CFRef<CFDataRef> mInfoPlistHash;
         CFRef<CFDataRef> mInfoPlist;