/* * Determine if the given task meets a specified requirement. */ OSStatus SecTaskValidateForRequirement(SecTaskRef task, CFStringRef requirement) { OSStatus status; SecCodeRef code = NULL; SecRequirementRef req = NULL; pid_t pid = task->pid; if (pid <= 0) { return errSecParam; } status = SecCodeCreateWithPID(pid, kSecCSDefaultFlags, &code); //syslog(LOG_NOTICE, "SecTaskValidateForRequirement: SecCodeCreateWithPID=%d", status); if (!status) { status = SecRequirementCreateWithString(requirement, kSecCSDefaultFlags, &req); //syslog(LOG_NOTICE, "SecTaskValidateForRequirement: SecRequirementCreateWithString=%d", status); } if (!status) { status = SecCodeCheckValidity(code, kSecCSDefaultFlags, req); //syslog(LOG_NOTICE, "SecTaskValidateForRequirement: SecCodeCheckValidity=%d", status); } if (req) CFRelease(req); if (code) CFRelease(code); return status; }
// // Initialize the ClientIdentification. // This creates a process-level code object for the client. // void ClientIdentification::setup(pid_t pid) { StLock<Mutex> _(mLock); if (OSStatus rc = SecCodeCreateWithPID(pid, kSecCSDefaultFlags, &mClientProcess.aref())) secdebug("clientid", "could not get code for process %d: OSStatus=%d", pid, int32_t(rc)); mGuests.erase(mGuests.begin(), mGuests.end()); }