X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/79b9da22a1f4b26279940d285c1bc28ce4e99252..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_codesigning/lib/SecAssessment.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
index f6aee169..1db11311 100644
--- a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
@@ -26,24 +26,16 @@
 #include "policyengine.h"
 #include "xpcengine.h"
 #include "csutilities.h"
+#include "xar++.h"
 #include <CoreFoundation/CFRuntime.h>
 #include <CoreFoundation/CFBundlePriv.h>
 #include <security_utilities/globalizer.h>
 #include <security_utilities/unix++.h>
 #include <security_utilities/cfmunge.h>
 #include <notify.h>
-#include <esp.h>
 
 using namespace CodeSigning;
 
-
-static void esp_do_check(const char *op, CFDictionaryRef dict)
-{
-	OSStatus result = __esp_check_ns(op, (void *)(CFDictionaryRef)dict);
-	if (result != noErr)
-		MacOSError::throwMe(result);
-}
-
 //
 // CF Objects
 //
@@ -167,11 +159,6 @@ SecAssessmentRef SecAssessmentCreate(CFURLRef path,
 	SYSPOLICY_ASSESS_API(cfString(path).c_str(), int(type), flags);
 
 	try {
-		if (__esp_enabled() && (flags & kSecAssessmentFlagDirect)) {
-			CFTemp<CFDictionaryRef> dict("{path=%O, flags=%d, context=%O, override=%d}", path, flags, context, overrideAssessment());
-			esp_do_check("cs-assessment-evaluate", dict);
-		}
-
 		if (flags & kSecAssessmentFlagDirect) {
 			// ask the engine right here to do its thing
 			SYSPOLICY_ASSESS_LOCAL();
@@ -199,11 +186,6 @@ SecAssessmentRef SecAssessmentCreate(CFURLRef path,
 		cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict);
 	}
 
-	if (__esp_enabled() && (flags & kSecAssessmentFlagDirect)) {
-		CFTemp<CFDictionaryRef> dict("{path=%O, flags=%d, context=%O, override=%d, result=%O}", path, flags, context, overrideAssessment(), (CFDictionaryRef)result);
-		__esp_notify_ns("cs-assessment-evaluate", (void *)(CFDictionaryRef)dict);
-	}
-
 	return new SecAssessment(path, type, result.yield());
 
 	END_CSAPI_ERRORS1(NULL)
@@ -442,13 +424,6 @@ CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
 	}
 
 	if (flags & kSecAssessmentFlagDirect) {
-		if (__esp_enabled()) {
-			CFTemp<CFDictionaryRef> dict("{target=%O, flags=%d, context=%O}", target, flags, context);
-			OSStatus esp_result = __esp_check_ns("cs-assessment-update", (void *)(CFDictionaryRef)dict);
-			if (esp_result != noErr)
-				return NULL;
-		}
-
 		// ask the engine right here to do its thing
 		result = gEngine().update(target, flags, ctx);
 	} else {
@@ -456,23 +431,18 @@ CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
 		result = xpcEngineUpdate(target, flags, ctx);
 	}
 
-	if (__esp_enabled() && (flags & kSecAssessmentFlagDirect)) {
-		CFTemp<CFDictionaryRef> dict("{target=%O, flags=%d, context=%O, outcome=%O}", target, flags, context, (CFDictionaryRef)result);
-		__esp_notify_ns("cs-assessment-update", (void *)(CFDictionaryRef)dict);
-	}
-
 	traceUpdate(target, context, result);
 	return result.yield();
 
 	END_CSAPI_ERRORS1(NULL)
 }
 
-static void
+static Boolean
 updateAuthority(const char *authority, bool enable, CFErrorRef *errors)
 {
 	CFStringRef updateValue = enable ? kSecAssessmentUpdateOperationEnable : kSecAssessmentUpdateOperationDisable;
 	CFTemp<CFDictionaryRef> ctx("{%O=%s, %O=%O}", kSecAssessmentUpdateKeyLabel, authority, kSecAssessmentContextKeyUpdate, updateValue);
-	SecAssessmentUpdate(NULL, kSecCSDefaultFlags, ctx, errors);
+	return SecAssessmentUpdate(NULL, kSecCSDefaultFlags, ctx, errors);
 }
 
 
@@ -484,9 +454,6 @@ Boolean SecAssessmentControl(CFStringRef control, void *arguments, CFErrorRef *e
 {
 	BEGIN_CSAPI
 	
-	CFTemp<CFDictionaryRef> dict("{control=%O}", control);
-	esp_do_check("cs-assessment-control", dict);
-
 	if (CFEqual(control, CFSTR("ui-enable"))) {
 		setAssessment(true);
 		MessageTrace trace("com.apple.security.assessment.state", "enable");
@@ -527,11 +494,13 @@ Boolean SecAssessmentControl(CFStringRef control, void *arguments, CFErrorRef *e
 		return true;
 	} else if (CFEqual(control, CFSTR("ui-enable-notarized"))) {
 		updateAuthority("Notarized Developer ID", true, errors);
+		updateAuthority("Unnotarized Developer ID", true, errors);
 		MessageTrace trace("com.apple.security.assessment.state", "enable-notarized");
 		trace.send("enable Notarized Developer ID approval");
 		return true;
 	} else if (CFEqual(control, CFSTR("ui-disable-notarized"))) {
 		updateAuthority("Notarized Developer ID", false, errors);
+		updateAuthority("Unnotarized Developer ID", false, errors);
 		MessageTrace trace("com.apple.security.assessment.state", "disable-notarized");
 		trace.send("disable Notarized Developer ID approval");
 		return true;
@@ -583,6 +552,23 @@ Boolean SecAssessmentTicketRegister(CFDataRef ticketData, CFErrorRef *errors)
 	END_CSAPI_ERRORS1(false)
 }
 
+Boolean SecAssessmentRegisterPackageTicket(CFURLRef packageURL, CFErrorRef* errors)
+{
+	BEGIN_CSAPI
+	
+	string path = cfString(packageURL);
+	Xar xar(path.c_str());
+	
+	if (!xar) {
+		MacOSError::throwMe(errSecParam);
+	}
+	
+	xar.registerStapledNotarization();
+	return true;
+	
+	END_CSAPI_ERRORS1(false)
+}
+
 Boolean SecAssessmentTicketLookup(CFDataRef hash, SecCSDigestAlgorithm hashType, SecAssessmentTicketFlags flags, double *date, CFErrorRef *errors)
 {
 	BEGIN_CSAPI
@@ -593,3 +579,13 @@ Boolean SecAssessmentTicketLookup(CFDataRef hash, SecCSDigestAlgorithm hashType,
 	END_CSAPI_ERRORS1(false)
 }
 
+Boolean SecAssessmentLegacyCheck(CFDataRef hash, SecCSDigestAlgorithm hashType, CFStringRef teamID, CFErrorRef *errors)
+{
+	BEGIN_CSAPI
+
+	xpcEngineLegacyCheck(hash, hashType, teamID);
+	return true;
+
+	END_CSAPI_ERRORS1(false)
+}
+