X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/427c49bcad63d042b29ada2ac27e3dfc4845c779..80e2389990082500d76eb566d4946be3e786c3ef:/libsecurity_codesigning/lib/SecStaticCode.cpp

diff --git a/libsecurity_codesigning/lib/SecStaticCode.cpp b/libsecurity_codesigning/lib/SecStaticCode.cpp
index f0a67ccc..ee14ed9c 100644
--- a/libsecurity_codesigning/lib/SecStaticCode.cpp
+++ b/libsecurity_codesigning/lib/SecStaticCode.cpp
@@ -112,7 +112,8 @@ OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, Se
 		| kSecCSDoNotValidateResources
 		| kSecCSConsiderExpiration
 		| kSecCSEnforceRevocationChecks
-		| kSecCSCheckNestedCode);
+		| kSecCSCheckNestedCode
+		| kSecCSStrictValidate);
 
 	SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(staticCodeRef);
 	const SecRequirement *req = SecRequirement::optional(requirementRef);
@@ -141,7 +142,7 @@ OSStatus SecCodeCopyPath(SecStaticCodeRef staticCodeRef, SecCSFlags flags, CFURL
 	
 	checkFlags(flags);
 	SecPointer<SecStaticCode> staticCode = SecStaticCode::requiredStatic(staticCodeRef);
-	CodeSigning::Required(path) = staticCode->canonicalPath();
+	CodeSigning::Required(path) = staticCode->copyCanonicalPath();
 
 	END_CSAPI
 }
@@ -233,3 +234,15 @@ OSStatus SecStaticCodeSetCallback(SecStaticCodeRef codeRef, SecCSFlags flags, Se
 
 	END_CSAPI
 }
+
+
+OSStatus SecStaticCodeSetValidationConditions(SecStaticCodeRef codeRef, CFDictionaryRef conditions)
+{
+	BEGIN_CSAPI
+	
+	checkFlags(0);
+	SecStaticCode *code = SecStaticCode::requiredStatic(codeRef);
+	code->setValidationModifiers(conditions);
+	
+	END_CSAPI
+}