securityd-55199.3.tar.gz

[apple/securityd.git] / src / codesigdb.cpp

diff --git a/src/codesigdb.cpp b/src/codesigdb.cpp
index 8d3a425d605b69a9ac00f66255667db069e9007b..c0b78686c51a697497daaa79d9cc8652674bf166 100644 (file)
--- a/src/codesigdb.cpp
+++ b/src/codesigdb.cpp
@@ -228,13 +228,12 @@ bool CodeSignatures::verify(Process &process,
 {
        secdebug("codesign", "start verify");
 
 {
        secdebug("codesign", "start verify");
 

-       // if we have no client code, we cannot possibly match this
+       StLock<Mutex> _(process);

        SecCodeRef code = process.currentGuest();
        if (!code) {
                secdebug("codesign", "no code base: fail");
                return false;
        }
        SecCodeRef code = process.currentGuest();
        if (!code) {
                secdebug("codesign", "no code base: fail");
                return false;
        }

-       

        if (SecRequirementRef requirement = verifier.requirement()) {
                // If the ACL contains a code signature (requirement), we won't match against unsigned code at all.
                // The legacy hash is ignored (it's for use by pre-Leopard systems).
        if (SecRequirementRef requirement = verifier.requirement()) {
                // If the ACL contains a code signature (requirement), we won't match against unsigned code at all.
                // The legacy hash is ignored (it's for use by pre-Leopard systems).