X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/e3d460c9de4426da6c630c3ae3f46173a99f82d8..0e1db9d189370fed9f1993183ec38d748a8812f7:/OSX/libsecurity_codesigning/lib/SecCode.cpp diff --git a/OSX/libsecurity_codesigning/lib/SecCode.cpp b/OSX/libsecurity_codesigning/lib/SecCode.cpp index 59587ce7..f3269c91 100644 --- a/OSX/libsecurity_codesigning/lib/SecCode.cpp +++ b/OSX/libsecurity_codesigning/lib/SecCode.cpp @@ -46,6 +46,7 @@ const CFStringRef kSecCFErrorResourceSeal = CFSTR("SecCSResourceSeal"); const CFStringRef kSecCFErrorResourceAdded = CFSTR("SecCSResourceAdded"); const CFStringRef kSecCFErrorResourceAltered = CFSTR("SecCSResourceAltered"); const CFStringRef kSecCFErrorResourceMissing = CFSTR("SecCSResourceMissing"); +const CFStringRef kSecCFErrorResourceSideband = CFSTR("SecCSResourceHasSidebandData"); const CFStringRef kSecCFErrorInfoPlist = CFSTR("SecCSInfoPlist"); const CFStringRef kSecCFErrorGuestAttributes = CFSTR("SecCSGuestAttributes"); const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax"); @@ -152,11 +153,13 @@ const CFStringRef kSecGuestAttributeCanonical = CFSTR("canonical"); const CFStringRef kSecGuestAttributeHash = CFSTR("codedirectory-hash"); const CFStringRef kSecGuestAttributeMachPort = CFSTR("mach-port"); const CFStringRef kSecGuestAttributePid = CFSTR("pid"); -const CFStringRef kSecGuestAttributeDynamicCode = CFSTR("dynamicCode"); -const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInfoPlist"); +const CFStringRef kSecGuestAttributeAudit = CFSTR("audit"); +const CFStringRef kSecGuestAttributeDynamicCode = CFSTR("dynamicCode"); +const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInfoPlist"); const CFStringRef kSecGuestAttributeArchitecture = CFSTR("architecture"); const CFStringRef kSecGuestAttributeSubarchitecture = CFSTR("subarchitecture"); +#if TARGET_OS_OSX OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef, CFDictionaryRef attributes, SecCSFlags flags, SecCodeRef *guestRef) { @@ -190,6 +193,7 @@ OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRe END_CSAPI } +#endif // TARGET_OS_OSX // @@ -204,54 +208,20 @@ OSStatus SecCodeCheckValidity(SecCodeRef codeRef, SecCSFlags flags, OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags, SecRequirementRef requirementRef, CFErrorRef *errors) { -#if !SECTRUST_OSX BEGIN_CSAPI checkFlags(flags, kSecCSConsiderExpiration | kSecCSStrictValidate - | kSecCSEnforceRevocationChecks); + | kSecCSRestrictSidebandData + | kSecCSEnforceRevocationChecks + ); SecPointer code = SecCode::required(codeRef); code->checkValidity(flags); if (const SecRequirement *req = SecRequirement::optional(requirementRef)) code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed); END_CSAPI_ERRORS -#else -#warning resolve before enabling SECTRUST_OSX: - OSStatus result = errSecSuccess; - const char *func = "SecCodeCheckValidity"; - CFErrorRef localErrors = NULL; - if (!errors) { errors = &localErrors; } - try { - checkFlags(flags, - kSecCSConsiderExpiration - | kSecCSEnforceRevocationChecks); - SecPointer code = SecCode::required(codeRef); - code->checkValidity(flags); - if (const SecRequirement *req = SecRequirement::optional(requirementRef)) - code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed); - } - catch (...) { - // the actual error being thrown is not being caught by any of the - // type-specific blocks contained in the END_CSAPI_ERRORS macro, - // so we only have the catch-all block here for now. - result = errSecCSInternalError; - } - - if (errors && *errors) { - CFShow(errors); - CFRelease(errors); - *errors = NULL; - } - if (result == errSecCSInternalError) { - #if !NDEBUG - Security::Syslog::error("WARNING: %s ignored error %d", func, (int)result); - #endif - result = errSecSuccess; - } - return result; -#endif } @@ -288,11 +258,20 @@ const CFStringRef kSecCodeInfoTimestamp = CFSTR("signing-timestamp"); const CFStringRef kSecCodeInfoTrust = CFSTR("trust"); const CFStringRef kSecCodeInfoUnique = CFSTR("unique"); const CFStringRef kSecCodeInfoCdHashes = CFSTR("cdhashes"); +const CFStringRef kSecCodeInfoRuntimeVersion = CFSTR("runtime-version"); const CFStringRef kSecCodeInfoCodeDirectory = CFSTR("CodeDirectory"); const CFStringRef kSecCodeInfoCodeOffset = CFSTR("CodeOffset"); +const CFStringRef kSecCodeInfoDiskRepInfo = CFSTR("DiskRepInfo"); const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory"); +const CFStringRef kSecCodeInfoNotarizationDate = CFSTR("NotarizationDate"); + +/* DiskInfoRepInfo types */ +const CFStringRef kSecCodeInfoDiskRepVersionPlatform = CFSTR("VersionPlatform"); +const CFStringRef kSecCodeInfoDiskRepVersionMin = CFSTR("VersionMin"); +const CFStringRef kSecCodeInfoDiskRepVersionSDK = CFSTR("VersionSDK"); +const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation"); OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags, @@ -305,7 +284,8 @@ OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flag | kSecCSSigningInformation | kSecCSRequirementInformation | kSecCSDynamicInformation - | kSecCSContentInformation); + | kSecCSContentInformation + | kSecCSSkipResourceDirectory); SecPointer code = SecStaticCode::requiredStatic(codeRef); CFRef info = code->signingInformation(flags);