X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/ce3c8656732c924baf7e88df75eab50891bdc471..fa7225c82381bac4432a6edf16f53b5370238d85:/OSX/libsecurity_codesigning/lib/xpcengine.cpp

diff --git a/OSX/libsecurity_codesigning/lib/xpcengine.cpp b/OSX/libsecurity_codesigning/lib/xpcengine.cpp
index 6e415298..eb246dd8 100644
--- a/OSX/libsecurity_codesigning/lib/xpcengine.cpp
+++ b/OSX/libsecurity_codesigning/lib/xpcengine.cpp
@@ -25,6 +25,7 @@
 #include <syslog.h>
 #include <CoreFoundation/CoreFoundation.h>
 #include <security_utilities/cfutilities.h>
+#include <security_utilities/logging.h>
 #include <security_utilities/cfmunge.h>
 
 
@@ -96,8 +97,9 @@ public:
 		} else if (type == XPC_TYPE_ERROR) {
 			const char *s = xpc_copy_description(reply);
 			printf("Error returned: %s\n", s);
+            Syslog::notice("code signing internal problem: unexpected error from xpc: %s", s);
 			free((char*)s);
-			MacOSError::throwMe(errSecCSInternalError);
+            MacOSError::throwMe(errSecCSInternalError);
 		} else {
 			const char *s = xpc_copy_description(reply);
 			printf("Unexpected type of return object: %s\n", s);
@@ -122,18 +124,21 @@ static void copyCFDictionary(const void *key, const void *value, void *ctx)
 }
 	
 	
-static void precheckAccess(CFURLRef path, CFDictionaryRef context)
+static bool precheckAccess(CFURLRef path, CFDictionaryRef context)
 {
 	CFTypeRef type = CFDictionaryGetValue(context, kSecAssessmentContextKeyOperation);
 	if (type == NULL || CFEqual(type, kSecAssessmentOperationTypeExecute)) {
 		CFRef<SecStaticCodeRef> code;
-		MacOSError::check(SecStaticCodeCreateWithPath(path, kSecCSDefaultFlags, &code.aref()));
+		OSStatus rc = SecStaticCodeCreateWithPath(path, kSecCSDefaultFlags, &code.aref());
+        if (rc == errSecCSBadBundleFormat)  // work around <rdar://problem/26075034>
+            return false;
 		CFRef<CFURLRef> exec;
 		MacOSError::check(SecCodeCopyPath(code, kSecCSDefaultFlags, &exec.aref()));
 		UnixError::check(::access(cfString(exec).c_str(), R_OK));
 	} else {
 		UnixError::check(access(cfString(path).c_str(), R_OK));
 	}
+    return true;
 }
 	
 
@@ -189,7 +194,9 @@ CFDictionaryRef xpcEngineUpdate(CFTypeRef target, SecAssessmentFlags flags, CFDi
 		if (CFGetTypeID(target) == CFNumberGetTypeID())
 			xpc_dictionary_set_uint64(msg, "rule", cfNumber<int64_t>(CFNumberRef(target)));
 		else if (CFGetTypeID(target) == CFURLGetTypeID()) {
-			precheckAccess(CFURLRef(target), context);
+			bool good = precheckAccess(CFURLRef(target), context);
+            if (!good)      // work around <rdar://problem/26075034>
+                return makeCFDictionary(0); // pretend this worked
 			xpc_dictionary_set_string(msg, "url", cfString(CFURLRef(target)).c_str());
 		} else if (CFGetTypeID(target) == SecRequirementGetTypeID()) {
 			CFRef<CFDataRef> data;
@@ -217,8 +224,8 @@ CFDictionaryRef xpcEngineUpdate(CFTypeRef target, SecAssessmentFlags flags, CFDi
 	if (localAuthorization)
 		AuthorizationFree(localAuthorization, kAuthorizationFlagDefaults);
 	
-	if (int64_t error = xpc_dictionary_get_int64(msg, "error"))
-		MacOSError::throwMe((int)error);
+    if (int64_t error = xpc_dictionary_get_int64(msg, "error"))
+        MacOSError::throwMe((int)error);
 	
 	size_t resultLength;
 	const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength);
@@ -244,6 +251,19 @@ void xpcEngineRecord(CFDictionaryRef info)
 	msg.send();
 }
 
+void xpcEngineCheckDevID(CFBooleanRef* result)
+{
+    Message msg("check-dev-id");
+
+    msg.send();
+
+    if (int64_t error = xpc_dictionary_get_int64(msg, "error")) {
+        MacOSError::throwMe((int)error);
+    }
+
+    *result = xpc_dictionary_get_bool(msg,"result") ? kCFBooleanTrue : kCFBooleanFalse;
+}
+
 
 } // end namespace CodeSigning
 } // end namespace Security