X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b1ab9ed8d0e0f1c3b66d7daa8fd5564444c56195..4d3cab3d35f4c42d2870204fa61908caab38d33e:/libsecurity_codesigning/lib/SecCodeSigner.cpp?ds=inline diff --git a/libsecurity_codesigning/lib/SecCodeSigner.cpp b/libsecurity_codesigning/lib/SecCodeSigner.cpp index d5e7438f..33e38029 100644 --- a/libsecurity_codesigning/lib/SecCodeSigner.cpp +++ b/libsecurity_codesigning/lib/SecCodeSigner.cpp @@ -56,6 +56,7 @@ const CFStringRef kSecCodeSignerRequireTimestamp = CFSTR("timestamp-required"); const CFStringRef kSecCodeSignerTimestampServer = CFSTR("timestamp-url"); const CFStringRef kSecCodeSignerTimestampAuthentication = CFSTR("timestamp-authentication"); const CFStringRef kSecCodeSignerTimestampOmitCertificates = CFSTR("timestamp-omit-certificates"); +const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata"); // temporary add-back to bridge B&I build dependencies -- remove soon const CFStringRef kSecCodeSignerTSAUse = CFSTR("timestamp-required"); @@ -83,7 +84,13 @@ OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags, { BEGIN_CSAPI - checkFlags(flags, kSecCSRemoveSignature); + checkFlags(flags, + kSecCSRemoveSignature + | kSecCSSignPreserveSignature + | kSecCSSignNestedCode + | kSecCSSignOpaque + | kSecCSSignV1 + | kSecCSSignNoV1); SecPointer signer = new SecCodeSigner(flags); signer->parameters(parameters); CodeSigning::Required(signerRef) = signer->handle(); @@ -105,6 +112,7 @@ OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signerRef, SecStaticCodeRef codeRef, SecCSFlags flags, CFErrorRef *errors) { BEGIN_CSAPI + checkFlags(flags); SecCodeSigner::required(signerRef)->sign(SecStaticCode::required(codeRef), flags); END_CSAPI_ERRORS }