X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..bf028f67fd3bb2266df81b80fb6f25a77112e308:/OSX/libsecurity_codesigning/lib/SecCode.cpp?ds=inline diff --git a/OSX/libsecurity_codesigning/lib/SecCode.cpp b/OSX/libsecurity_codesigning/lib/SecCode.cpp index 7f6708bf..2a494dc7 100644 --- a/OSX/libsecurity_codesigning/lib/SecCode.cpp +++ b/OSX/libsecurity_codesigning/lib/SecCode.cpp @@ -159,6 +159,7 @@ const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInf const CFStringRef kSecGuestAttributeArchitecture = CFSTR("architecture"); const CFStringRef kSecGuestAttributeSubarchitecture = CFSTR("subarchitecture"); +#if TARGET_OS_OSX OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef, CFDictionaryRef attributes, SecCSFlags flags, SecCodeRef *guestRef) { @@ -178,7 +179,8 @@ OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef, // -// Shorthand for getting the SecCodeRef for a UNIX process +// Deprecated since 10.6, DO NOT USE. This can be raced. +// Use SecCodeCreateWithAuditToken instead. // OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRef) { @@ -193,6 +195,26 @@ OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRe END_CSAPI } +// +// Shorthand for getting the SecCodeRef for a UNIX process +// +OSStatus SecCodeCreateWithAuditToken(const audit_token_t *audit, + SecCSFlags flags, SecCodeRef *processRef) +{ + BEGIN_CSAPI + + checkFlags(flags); + CFRef auditData = makeCFData(audit, sizeof(audit_token_t)); + if (SecCode *guest = KernelCode::active()->locateGuest(CFTemp("{%O=%O}", kSecGuestAttributeAudit, auditData.get()))) { + CodeSigning::Required(processRef) = guest->handle(false); + } else { + return errSecCSNoSuchCode; + } + + END_CSAPI +} +#endif // TARGET_OS_OSX + // // Check validity of an Code @@ -211,8 +233,10 @@ OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags, checkFlags(flags, kSecCSConsiderExpiration | kSecCSStrictValidate + | kSecCSStrictValidateStructure | kSecCSRestrictSidebandData - | kSecCSEnforceRevocationChecks); + | kSecCSEnforceRevocationChecks + ); SecPointer code = SecCode::required(codeRef); code->checkValidity(flags); if (const SecRequirement *req = SecRequirement::optional(requirementRef)) @@ -255,18 +279,22 @@ const CFStringRef kSecCodeInfoTimestamp = CFSTR("signing-timestamp"); const CFStringRef kSecCodeInfoTrust = CFSTR("trust"); const CFStringRef kSecCodeInfoUnique = CFSTR("unique"); const CFStringRef kSecCodeInfoCdHashes = CFSTR("cdhashes"); - +const CFStringRef kSecCodeInfoCdHashesFull = CFSTR("cdhashes-full"); +const CFStringRef kSecCodeInfoRuntimeVersion = CFSTR("runtime-version"); const CFStringRef kSecCodeInfoCodeDirectory = CFSTR("CodeDirectory"); const CFStringRef kSecCodeInfoCodeOffset = CFSTR("CodeOffset"); const CFStringRef kSecCodeInfoDiskRepInfo = CFSTR("DiskRepInfo"); const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory"); +const CFStringRef kSecCodeInfoNotarizationDate = CFSTR("NotarizationDate"); +const CFStringRef kSecCodeInfoCMSDigestHashType = CFSTR("CMSDigestHashType"); +const CFStringRef kSecCodeInfoCMSDigest = CFSTR("CMSDigest"); /* DiskInfoRepInfo types */ -const CFStringRef kSecCodeInfoDiskRepOSPlatform = CFSTR("OSPlatform"); -const CFStringRef kSecCodeInfoDiskRepOSVersionMin = CFSTR("OSVersionMin"); -const CFStringRef kSecCodeInfoDiskRepOSSDKVersion = CFSTR("SDKVersion"); -const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation"); +const CFStringRef kSecCodeInfoDiskRepVersionPlatform = CFSTR("VersionPlatform"); +const CFStringRef kSecCodeInfoDiskRepVersionMin = CFSTR("VersionMin"); +const CFStringRef kSecCodeInfoDiskRepVersionSDK = CFSTR("VersionSDK"); +const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation"); OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags, @@ -279,7 +307,9 @@ OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flag | kSecCSSigningInformation | kSecCSRequirementInformation | kSecCSDynamicInformation - | kSecCSContentInformation); + | kSecCSContentInformation + | kSecCSSkipResourceDirectory + | kSecCSCalculateCMSDigest); SecPointer code = SecStaticCode::requiredStatic(codeRef); CFRef info = code->signingInformation(flags);