securityd-55199.3.tar.gz

[apple/securityd.git] / src / AuthorizationEngine.cpp

diff --git a/src/AuthorizationEngine.cpp b/src/AuthorizationEngine.cpp
index 14a154c43523ccaaebc6bd8aa7e43a61d36dc765..b989fc3681762809ed0849f7c85efc7aa5027bde 100644 (file)
--- a/src/AuthorizationEngine.cpp
+++ b/src/AuthorizationEngine.cpp
@@ -164,16 +164,15 @@ Engine::authorize(const AuthItemSet &inRights, const AuthItemSet &environment,
 
         string processName = "unknown";
         string authCreatorName = "unknown";
-        if (SecCodeRef code = Server::process().currentGuest()) {
-            CFRef<CFURLRef> path;
-            if (!SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref()))
-                processName = cfString(path);
-        }
-        if (SecStaticCodeRef code = auth.creatorCode()) {
-            CFRef<CFURLRef> path;
-            if (!SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref()))
-                authCreatorName = cfString(path);
+               {
+                       StLock<Mutex> _(Server::process());
+               if (SecCodeRef code = Server::process().currentGuest()) {
+                   CFRef<CFURLRef> path;
+               if (!SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref()))
+                       processName = cfString(path);
+                       }
         }
+               authCreatorName = auth.creatorPath();
                
         if (sandbox_check(Server::process().pid(), "authorization-right-obtain", SANDBOX_FILTER_RIGHT_NAME, (*it)->name())) {
             Syslog::error("Sandbox denied authorizing right '%s' by client '%s' [%d]", (*it)->name(), processName.c_str(), Server::process().pid());