X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..dd5fb164cf5b32c462296bc65e289e100f74b59a:/OSX/libsecurity_codesigning/lib/SecAssessment.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
index c6129c79..f3395e63 100644
--- a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
@@ -27,6 +27,7 @@
 #include "xpcengine.h"
 #include "csutilities.h"
 #include <CoreFoundation/CFRuntime.h>
+#include <CoreFoundation/CFBundlePriv.h>
 #include <security_utilities/globalizer.h>
 #include <security_utilities/unix++.h>
 #include <security_utilities/cfmunge.h>
@@ -126,11 +127,15 @@ ModuleNexus<PolicyEngine> gEngine;
 //
 // Policy evaluation ("assessment") operations
 //
+CFStringRef kSecAssessmentContextKeyUTI = CFSTR("context:uti");
+
 CFStringRef kSecAssessmentContextKeyFeedback = CFSTR("context:feedback");
 CFStringRef kSecAssessmentFeedbackProgress = CFSTR("feedback:progress");
 CFStringRef kSecAssessmentFeedbackInfoCurrent = CFSTR("current");
 CFStringRef kSecAssessmentFeedbackInfoTotal = CFSTR("total");
 
+CFStringRef kSecAssessmentContextKeyPrimarySignature = CFSTR("context:primary-signature");
+
 CFStringRef kSecAssessmentAssessmentVerdict = CFSTR("assessment:verdict");
 CFStringRef kSecAssessmentAssessmentOriginator = CFSTR("assessment:originator");
 CFStringRef kSecAssessmentAssessmentAuthority = CFSTR("assessment:authority");
@@ -138,6 +143,7 @@ CFStringRef kSecAssessmentAssessmentSource = CFSTR("assessment:authority:source"
 CFStringRef kSecAssessmentAssessmentAuthorityRow = CFSTR("assessment:authority:row");
 CFStringRef kSecAssessmentAssessmentAuthorityOverride = CFSTR("assessment:authority:override");
 CFStringRef kSecAssessmentAssessmentAuthorityOriginalVerdict = CFSTR("assessment:authority:verdict");
+CFStringRef kSecAssessmentAssessmentAuthorityFlags = CFSTR("assessment:authority:flags");
 CFStringRef kSecAssessmentAssessmentFromCache = CFSTR("assessment:authority:cached");
 CFStringRef kSecAssessmentAssessmentWeakSignature = CFSTR("assessment:authority:weak");
 CFStringRef kSecAssessmentAssessmentCodeSigningError = CFSTR("assessment:cserror");
@@ -236,7 +242,7 @@ static void traceResult(CFURLRef target, MessageTrace &trace, std::string &sanit
 
 	string identifier = "UNBUNDLED";
 	string version = "UNKNOWN";
-	if (CFRef<CFBundleRef> bundle = CFBundleCreate(NULL, target)) {
+	if (CFRef<CFBundleRef> bundle = _CFBundleCreateUnique(NULL, target)) {
 		if (CFStringRef ident = CFBundleGetIdentifier(bundle))
 			identifier = cfString(ident);
 		if (CFStringRef vers = CFStringRef(CFBundleGetValueForInfoDictionaryKey(bundle, CFSTR("CFBundleShortVersionString"))))
@@ -421,12 +427,7 @@ CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
 	CFRef<CFDictionaryRef> result;
 
 	// make context exist and writable
-	CFMutableDictionaryRef mcontext;
-	if (context == NULL) {
-		mcontext = makeCFMutableDictionary();
-	} else {
-		mcontext = makeCFMutableDictionary(context);
-	}
+	CFRef<CFMutableDictionaryRef> mcontext = context ? makeCFMutableDictionary(context) : makeCFMutableDictionary();
 	
 	if (CFDictionaryGetValue(mcontext, kSecAssessmentUpdateKeyAuthorization) == NULL) {
 		// no authorization passed in. Make an empty one in this context
@@ -462,7 +463,7 @@ CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
 	traceUpdate(target, context, result);
 	return result.yield();
 
-	END_CSAPI_ERRORS1(false)
+	END_CSAPI_ERRORS1(NULL)
 }
 
 
@@ -495,20 +496,21 @@ Boolean SecAssessmentControl(CFStringRef control, void *arguments, CFErrorRef *e
 			result = kCFBooleanTrue;
 		return true;
 	} else if (CFEqual(control, CFSTR("ui-enable-devid"))) {
-		CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
-		if (CFDictionaryRef result = gEngine().enable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx, false))
-			CFRelease(result);
+		CFTemp<CFDictionaryRef> ctx("{%O=%s, %O=%O}", kSecAssessmentUpdateKeyLabel, "Developer ID", kSecAssessmentContextKeyUpdate, kSecAssessmentUpdateOperationEnable);
+        SecAssessmentUpdate(NULL, kSecCSDefaultFlags, ctx, errors);
 		MessageTrace trace("com.apple.security.assessment.state", "enable-devid");
 		trace.send("enable Developer ID approval");
 		return true;
 	} else if (CFEqual(control, CFSTR("ui-disable-devid"))) {
-		CFTemp<CFDictionaryRef> ctx("{%O=%s}", kSecAssessmentUpdateKeyLabel, "Developer ID");
-		if (CFDictionaryRef result = gEngine().disable(NULL, kAuthorityInvalid, kSecCSDefaultFlags, ctx, false))
-			CFRelease(result);
+        CFTemp<CFDictionaryRef> ctx("{%O=%s, %O=%O}", kSecAssessmentUpdateKeyLabel, "Developer ID", kSecAssessmentContextKeyUpdate, kSecAssessmentUpdateOperationDisable);
+        SecAssessmentUpdate(NULL, kSecCSDefaultFlags, ctx, errors);
 		MessageTrace trace("com.apple.security.assessment.state", "disable-devid");
 		trace.send("disable Developer ID approval");
 		return true;
-	} else if (CFEqual(control, CFSTR("ui-get-devid"))) {
+    } else if (CFEqual(control, CFSTR("ui-get-devid"))) {
+        xpcEngineCheckDevID((CFBooleanRef*)(arguments));
+        return true;
+    } else if (CFEqual(control, CFSTR("ui-get-devid-local"))) {
 		CFBooleanRef &result = *(CFBooleanRef*)(arguments);
 		if (gEngine().value<int>("SELECT disabled FROM authority WHERE label = 'Developer ID';", true))
 			result = kCFBooleanFalse;