X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/e3d460c9de4426da6c630c3ae3f46173a99f82d8..2973440143693ed88ec4a84745ea02f47376daa1:/OSX/libsecurity_codesigning/lib/SecCode.cpp diff --git a/OSX/libsecurity_codesigning/lib/SecCode.cpp b/OSX/libsecurity_codesigning/lib/SecCode.cpp index 59587ce7..3d918e4b 100644 --- a/OSX/libsecurity_codesigning/lib/SecCode.cpp +++ b/OSX/libsecurity_codesigning/lib/SecCode.cpp @@ -46,6 +46,7 @@ const CFStringRef kSecCFErrorResourceSeal = CFSTR("SecCSResourceSeal"); const CFStringRef kSecCFErrorResourceAdded = CFSTR("SecCSResourceAdded"); const CFStringRef kSecCFErrorResourceAltered = CFSTR("SecCSResourceAltered"); const CFStringRef kSecCFErrorResourceMissing = CFSTR("SecCSResourceMissing"); +const CFStringRef kSecCFErrorResourceSideband = CFSTR("SecCSResourceHasSidebandData"); const CFStringRef kSecCFErrorInfoPlist = CFSTR("SecCSInfoPlist"); const CFStringRef kSecCFErrorGuestAttributes = CFSTR("SecCSGuestAttributes"); const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax"); @@ -152,11 +153,13 @@ const CFStringRef kSecGuestAttributeCanonical = CFSTR("canonical"); const CFStringRef kSecGuestAttributeHash = CFSTR("codedirectory-hash"); const CFStringRef kSecGuestAttributeMachPort = CFSTR("mach-port"); const CFStringRef kSecGuestAttributePid = CFSTR("pid"); -const CFStringRef kSecGuestAttributeDynamicCode = CFSTR("dynamicCode"); -const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInfoPlist"); +const CFStringRef kSecGuestAttributeAudit = CFSTR("audit"); +const CFStringRef kSecGuestAttributeDynamicCode = CFSTR("dynamicCode"); +const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInfoPlist"); const CFStringRef kSecGuestAttributeArchitecture = CFSTR("architecture"); const CFStringRef kSecGuestAttributeSubarchitecture = CFSTR("subarchitecture"); +#if TARGET_OS_OSX OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef, CFDictionaryRef attributes, SecCSFlags flags, SecCodeRef *guestRef) { @@ -190,6 +193,7 @@ OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRe END_CSAPI } +#endif // TARGET_OS_OSX // @@ -204,12 +208,12 @@ OSStatus SecCodeCheckValidity(SecCodeRef codeRef, SecCSFlags flags, OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags, SecRequirementRef requirementRef, CFErrorRef *errors) { -#if !SECTRUST_OSX BEGIN_CSAPI checkFlags(flags, kSecCSConsiderExpiration | kSecCSStrictValidate + | kSecCSRestrictSidebandData | kSecCSEnforceRevocationChecks); SecPointer code = SecCode::required(codeRef); code->checkValidity(flags); @@ -217,41 +221,6 @@ OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags, code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed); END_CSAPI_ERRORS -#else -#warning resolve before enabling SECTRUST_OSX: - OSStatus result = errSecSuccess; - const char *func = "SecCodeCheckValidity"; - CFErrorRef localErrors = NULL; - if (!errors) { errors = &localErrors; } - try { - checkFlags(flags, - kSecCSConsiderExpiration - | kSecCSEnforceRevocationChecks); - SecPointer code = SecCode::required(codeRef); - code->checkValidity(flags); - if (const SecRequirement *req = SecRequirement::optional(requirementRef)) - code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed); - } - catch (...) { - // the actual error being thrown is not being caught by any of the - // type-specific blocks contained in the END_CSAPI_ERRORS macro, - // so we only have the catch-all block here for now. - result = errSecCSInternalError; - } - - if (errors && *errors) { - CFShow(errors); - CFRelease(errors); - *errors = NULL; - } - if (result == errSecCSInternalError) { - #if !NDEBUG - Security::Syslog::error("WARNING: %s ignored error %d", func, (int)result); - #endif - result = errSecSuccess; - } - return result; -#endif } @@ -292,8 +261,15 @@ const CFStringRef kSecCodeInfoCdHashes = CFSTR("cdhashes"); const CFStringRef kSecCodeInfoCodeDirectory = CFSTR("CodeDirectory"); const CFStringRef kSecCodeInfoCodeOffset = CFSTR("CodeOffset"); +const CFStringRef kSecCodeInfoDiskRepInfo = CFSTR("DiskRepInfo"); const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory"); +/* DiskInfoRepInfo types */ +const CFStringRef kSecCodeInfoDiskRepOSPlatform = CFSTR("OSPlatform"); +const CFStringRef kSecCodeInfoDiskRepOSVersionMin = CFSTR("OSVersionMin"); +const CFStringRef kSecCodeInfoDiskRepOSSDKVersion = CFSTR("SDKVersion"); +const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation"); + OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags, CFDictionaryRef *infoRef) @@ -305,7 +281,8 @@ OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flag | kSecCSSigningInformation | kSecCSRequirementInformation | kSecCSDynamicInformation - | kSecCSContentInformation); + | kSecCSContentInformation + | kSecCSSkipResourceDirectory); SecPointer code = SecStaticCode::requiredStatic(codeRef); CFRef info = code->signingInformation(flags);