X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..dd5fb164cf5b32c462296bc65e289e100f74b59a:/OSX/libsecurity_codesigning/lib/SecCodePriv.h diff --git a/OSX/libsecurity_codesigning/lib/SecCodePriv.h b/OSX/libsecurity_codesigning/lib/SecCodePriv.h index 158121a9..81038342 100644 --- a/OSX/libsecurity_codesigning/lib/SecCodePriv.h +++ b/OSX/libsecurity_codesigning/lib/SecCodePriv.h @@ -42,8 +42,13 @@ extern "C" { */ extern const CFStringRef kSecCodeInfoCodeDirectory; /* Internal */ extern const CFStringRef kSecCodeInfoCodeOffset; /* Internal */ +extern const CFStringRef kSecCodeInfoDiskRepInfo; /* Internal */ extern const CFStringRef kSecCodeInfoResourceDirectory; /* Internal */ +extern const CFStringRef kSecCodeInfoDiskRepOSPlatform; /* Number */ +extern const CFStringRef kSecCodeInfoDiskRepOSVersionMin; /* Number */ +extern const CFStringRef kSecCodeInfoDiskRepOSSDKVersion; /* Number */ +extern const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation; /* String */ /*! @function SecCodeGetStatus @@ -70,6 +75,13 @@ extern const CFStringRef kSecCodeInfoResourceDirectory; /* Internal */ */ OSStatus SecCodeGetStatus(SecCodeRef code, SecCSFlags flags, SecCodeStatus *status); +typedef uint32_t SecCodeStatusOperation; +enum { + kSecCodeOperationNull = 0, + kSecCodeOperationInvalidate = 1, + kSecCodeOperationSetHard = 2, + kSecCodeOperationSetKill = 3, +}; /*! @function SecCodeSetStatus @@ -78,20 +90,10 @@ OSStatus SecCodeGetStatus(SecCodeRef code, SecCSFlags flags, SecCodeStatus *stat @param code A valid SecCode object reference representing code running on the system. @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior. - @param status Upon successful return, contains the dynamic status of code as - determined by its host. @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in CSCommon.h or certain other Security framework headers. */ -typedef uint32_t SecCodeStatusOperation; -enum { - kSecCodeOperationNull = 0, - kSecCodeOperationInvalidate = 1, - kSecCodeOperationSetHard = 2, - kSecCodeOperationSetKill = 3, -}; - OSStatus SecCodeSetStatus(SecCodeRef code, SecCodeStatusOperation operation, CFDictionaryRef arguments, SecCSFlags flags); @@ -178,6 +180,39 @@ OSStatus SecCodeSetDetachedSignature(SecStaticCodeRef code, CFDataRef signature, SecCSFlags flags); + +/* + @function SecCodeCopyComponent + For a SecStaticCodeRef, directly retrieve the binary blob for a special slot, + optionally checking that its native hash is the one given. + + @param code A code or StaticCode object. + @param slot The (positive) special slot number requested. + @param hash A CFDataRef containing the native slot hash for the slot requested. + @result NULL if anything went wrong (including a missing slot), or a CFDataRef + containing the slot data. + */ +CFDataRef SecCodeCopyComponent(SecCodeRef code, int slot, CFDataRef hash); + + +/* + @function SecCodeValidateFileResource + For a SecStaticCodeRef, check that a given CFData object faithfully represents + a plain-file resource in its resource seal. + This call will fail if the file is missing in the bundle, even if it is optional. + + @param code A code or StaticCode object. + @param relativePath A CFStringRef containing the relative path to a sealed resource + file. This path is relative to the resource base, which is either Contents or + the bundle root, depending on bundle format. + @param fileData A CFDataRef containing the exact contents of that resource file. + @param flags Pass kSecCSDefaultFlags. + @result noErr if fileData is the exact content of the file at relativePath at the + time it was signed. Various error codes if it is different, there was no such file, + it was not a plain file, or anything is irregular. +*/ +OSStatus SecCodeValidateFileResource(SecStaticCodeRef code, CFStringRef relativePath, CFDataRef fileData, SecCSFlags flags); + #ifdef __cplusplus } #endif