X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/ecaf5866106b8f08bdb7c1b4f489ef4dfd01278a..dbe775057b53a81d9983d810772462c3233fccd3:/OSX/libsecurity_codesigning/lib/Code.cpp

diff --git a/OSX/libsecurity_codesigning/lib/Code.cpp b/OSX/libsecurity_codesigning/lib/Code.cpp
index 8de98a37..919ff0bc 100644
--- a/OSX/libsecurity_codesigning/lib/Code.cpp
+++ b/OSX/libsecurity_codesigning/lib/Code.cpp
@@ -30,6 +30,7 @@
 #include "cskernel.h"
 #include <security_utilities/cfmunge.h>
 #include <security_utilities/debugging.h>
+#include "SecInternalReleasePriv.h"
 
 namespace Security {
 namespace CodeSigning {
@@ -210,9 +211,20 @@ void SecCode::checkValidity(SecCSFlags flags)
 		myDisk->diskRep()->strictValidate(myDisk->codeDirectory(), DiskRep::ToleratedErrors(), flags);
 
 	// check my own dynamic state
-	if (!(this->host()->getGuestStatus(this) & kSecCodeStatusValid))
-		MacOSError::throwMe(errSecCSGuestInvalid);
-	
+	SecCodeStatus dynamic_status = this->host()->getGuestStatus(this);
+	bool isValid = (dynamic_status & kSecCodeStatusValid) != 0;
+	if (!isValid) {
+		bool isDebugged = (dynamic_status & kSecCodeStatusDebugged) != 0;
+		bool isPlatform = (dynamic_status & kSecCodeStatusPlatform) != 0;
+		bool isInternal = SecIsInternalRelease();
+
+		if (!isDebugged || (isPlatform && !isInternal)) {
+			// fatal if the code is invalid and not being debugged, but
+			// never let platform code be debugged except on internal systems.
+			MacOSError::throwMe(errSecCSGuestInvalid);
+		}
+	}
+
 	// check that static and dynamic views are consistent
 	if (this->cdHash() && !CFEqual(this->cdHash(), myDisk->cdHash()))
 		MacOSError::throwMe(errSecCSStaticCodeChanged);