]> git.saurik.com Git - apple/securityd.git/blobdiff - src/clientid.cpp
projects / apple / securityd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
securityd-55199.3.tar.gz
[apple/securityd.git] / src / clientid.cpp
diff --git a/src/clientid.cpp b/src/clientid.cpp
index 7dc6907b37cb5c074e7c6b9d64359f93d9c46f65..24cfe9869987a1083e1a6ef278daa70e6f78ffbc 100644 (file)
--- a/src/clientid.cpp
+++ b/src/clientid.cpp
@@ -155,6 +155,30 @@ const CssmData ClientIdentification::getHash() const
                return CssmData();
 }
 
                return CssmData();
 }
 
+const bool ClientIdentification::checkAppleSigned() const
+{
+       if (GuestState *guest = current()) {
+               if (!guest->checkedSignature) {
+            // This is the clownfish supported way to check for a Mac App Store or B&I signed build
+            CFStringRef requirementString = CFSTR("(anchor apple) or (anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9])");
+            SecRequirementRef  secRequirementRef = NULL;
+            OSStatus status = SecRequirementCreateWithString(requirementString, kSecCSDefaultFlags, &secRequirementRef);
+            if (status == errSecSuccess) {
+                OSStatus status = SecCodeCheckValidity(guest->code, kSecCSDefaultFlags, secRequirementRef);
+                if (status != errSecSuccess) {
+                    secdebug("SecurityAgentXPCQuery", "code requirement check failed (%d)", (int32_t)status);
+                } else {
+                    guest->appleSigned = true;
+                }
+                guest->checkedSignature = true;
+            }
+            CFRelease(secRequirementRef);
+               }
+               return guest->appleSigned;
+       } else
+               return false;
+}
+
 
 //
 // Bonus function: get the path out of a SecCodeRef
 
 //
 // Bonus function: get the path out of a SecCodeRef
mirror of securityd