X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..b54c578e17e9bcbd74aa30ea75e25e955b9a6205:/OSX/libsecurity_codesigning/lib/piddiskrep.h?ds=sidebyside

diff --git a/OSX/libsecurity_codesigning/lib/piddiskrep.h b/OSX/libsecurity_codesigning/lib/piddiskrep.h
index fddb34cf..c5843009 100644
--- a/OSX/libsecurity_codesigning/lib/piddiskrep.h
+++ b/OSX/libsecurity_codesigning/lib/piddiskrep.h
@@ -27,20 +27,17 @@
 #ifndef _H_PIDDISKREP
 #define _H_PIDDISKREP
 
+#include <memory>
+
 #include "diskrep.h"
 
 namespace Security {
 namespace CodeSigning {
                 
                 
-//
-// A KernelDiskRep represents a (the) kernel on disk.
-// It has no write support, so we can't sign the kernel,
-// which is fine since we unconditionally trust it anyway.
-//
 class PidDiskRep : public DiskRep {
 public:
-        PidDiskRep(pid_t pid, CFDataRef infoPlist);
+        PidDiskRep(pid_t pid, audit_token_t *audit, CFDataRef infoPlist);
         ~PidDiskRep();
         
         CFDataRef component(CodeDirectory::SpecialSlot slot);
@@ -48,6 +45,7 @@ public:
         std::string mainExecutablePath();
         CFURLRef copyCanonicalPath();
         size_t signingLimit();
+		size_t execSegLimit(const Architecture *arch);
         std::string format();
         UnixPlusPlus::FileDesc &fd();
 
@@ -57,10 +55,13 @@ public:
 	
 		void setCredentials(const CodeDirectory* cd);
 
+		bool appleInternalForcePlatform() const;
+
 private:
         const BlobCore *blob() { return (const BlobCore *)mBuffer; }
         void fetchData(void);
         pid_t mPid;
+        std::unique_ptr<audit_token_t> mAudit;
         uint8_t *mBuffer;
 		CFRef<CFDataRef> mInfoPlistHash;
         CFRef<CFDataRef> mInfoPlist;