X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/79b9da22a1f4b26279940d285c1bc28ce4e99252..bf028f67fd3bb2266df81b80fb6f25a77112e308:/OSX/libsecurity_codesigning/lib/SecCode.cpp?ds=inline diff --git a/OSX/libsecurity_codesigning/lib/SecCode.cpp b/OSX/libsecurity_codesigning/lib/SecCode.cpp index f3269c91..2a494dc7 100644 --- a/OSX/libsecurity_codesigning/lib/SecCode.cpp +++ b/OSX/libsecurity_codesigning/lib/SecCode.cpp @@ -179,7 +179,8 @@ OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef, // -// Shorthand for getting the SecCodeRef for a UNIX process +// Deprecated since 10.6, DO NOT USE. This can be raced. +// Use SecCodeCreateWithAuditToken instead. // OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRef) { @@ -193,6 +194,25 @@ OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRe END_CSAPI } + +// +// Shorthand for getting the SecCodeRef for a UNIX process +// +OSStatus SecCodeCreateWithAuditToken(const audit_token_t *audit, + SecCSFlags flags, SecCodeRef *processRef) +{ + BEGIN_CSAPI + + checkFlags(flags); + CFRef auditData = makeCFData(audit, sizeof(audit_token_t)); + if (SecCode *guest = KernelCode::active()->locateGuest(CFTemp("{%O=%O}", kSecGuestAttributeAudit, auditData.get()))) { + CodeSigning::Required(processRef) = guest->handle(false); + } else { + return errSecCSNoSuchCode; + } + + END_CSAPI +} #endif // TARGET_OS_OSX @@ -213,6 +233,7 @@ OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags, checkFlags(flags, kSecCSConsiderExpiration | kSecCSStrictValidate + | kSecCSStrictValidateStructure | kSecCSRestrictSidebandData | kSecCSEnforceRevocationChecks ); @@ -258,14 +279,16 @@ const CFStringRef kSecCodeInfoTimestamp = CFSTR("signing-timestamp"); const CFStringRef kSecCodeInfoTrust = CFSTR("trust"); const CFStringRef kSecCodeInfoUnique = CFSTR("unique"); const CFStringRef kSecCodeInfoCdHashes = CFSTR("cdhashes"); +const CFStringRef kSecCodeInfoCdHashesFull = CFSTR("cdhashes-full"); const CFStringRef kSecCodeInfoRuntimeVersion = CFSTR("runtime-version"); - const CFStringRef kSecCodeInfoCodeDirectory = CFSTR("CodeDirectory"); const CFStringRef kSecCodeInfoCodeOffset = CFSTR("CodeOffset"); const CFStringRef kSecCodeInfoDiskRepInfo = CFSTR("DiskRepInfo"); const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory"); const CFStringRef kSecCodeInfoNotarizationDate = CFSTR("NotarizationDate"); +const CFStringRef kSecCodeInfoCMSDigestHashType = CFSTR("CMSDigestHashType"); +const CFStringRef kSecCodeInfoCMSDigest = CFSTR("CMSDigest"); /* DiskInfoRepInfo types */ const CFStringRef kSecCodeInfoDiskRepVersionPlatform = CFSTR("VersionPlatform"); @@ -285,7 +308,8 @@ OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flag | kSecCSRequirementInformation | kSecCSDynamicInformation | kSecCSContentInformation - | kSecCSSkipResourceDirectory); + | kSecCSSkipResourceDirectory + | kSecCSCalculateCMSDigest); SecPointer code = SecStaticCode::requiredStatic(codeRef); CFRef info = code->signingInformation(flags);