X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/866f8763175ff60e4fa455b92b5eb660a12fe6c7..dbe775057b53a81d9983d810772462c3233fccd3:/OSX/libsecurity_codesigning/lib/reqinterp.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_codesigning/lib/reqinterp.cpp b/OSX/libsecurity_codesigning/lib/reqinterp.cpp
index b685802b..80a6ae13 100644
--- a/OSX/libsecurity_codesigning/lib/reqinterp.cpp
+++ b/OSX/libsecurity_codesigning/lib/reqinterp.cpp
@@ -34,6 +34,7 @@
 #include <IOKit/IOKitLib.h>
 #include <IOKit/IOCFUnserialize.h>
 #include "csutilities.h"
+#include "notarization.h"
 
 namespace Security {
 namespace CodeSigning {
@@ -178,6 +179,10 @@ bool Requirement::Interpreter::eval(int depth)
 			int32_t targetPlatform = get<int32_t>();
 			return mContext->directory && mContext->directory->platform == targetPlatform;
 		}
+	case opNotarized:
+		{
+			return isNotarized(mContext);
+		}
 	default:
 		// opcode not recognized - handle generically if possible, fail otherwise
 		if (op & (opGenericFalse | opGenericSkip)) {
@@ -371,6 +376,10 @@ bool Requirement::Interpreter::appleLocalAnchored()
     if (csr_check(CSR_ALLOW_APPLE_INTERNAL))
         return false;
 
+	if (mContext->forcePlatform) {
+		return true;
+	}
+
     static dispatch_once_t onceToken;
     dispatch_once(&onceToken, ^{
         additionalTrustedCertificates = getAdditionalTrustedAnchors();
@@ -399,7 +408,7 @@ bool Requirement::Interpreter::appleSigned()
 				return true;
     } else if (appleLocalAnchored()) {
         return true;
-    }
+	}
 	return false;
 }