/*
* Determine if the given task meets a specified requirement.
*/
OSStatus
SecTaskValidateForRequirement(SecTaskRef task, CFStringRef requirement)
{
OSStatus status;
SecCodeRef code = NULL;
SecRequirementRef req = NULL;
pid_t pid = task->pid;
if (pid <= 0) {
return errSecParam;
}
status = SecCodeCreateWithPID(pid, kSecCSDefaultFlags, &code);
//syslog(LOG_NOTICE, "SecTaskValidateForRequirement: SecCodeCreateWithPID=%d", status);
if (!status) {
status = SecRequirementCreateWithString(requirement,
kSecCSDefaultFlags, &req);
//syslog(LOG_NOTICE, "SecTaskValidateForRequirement: SecRequirementCreateWithString=%d", status);
}
if (!status) {
status = SecCodeCheckValidity(code, kSecCSDefaultFlags, req);
//syslog(LOG_NOTICE, "SecTaskValidateForRequirement: SecCodeCheckValidity=%d", status);
}
if (req)
CFRelease(req);
if (code)
CFRelease(code);
return status;
}
//
// Initialize the ClientIdentification.
// This creates a process-level code object for the client.
//
void ClientIdentification::setup(pid_t pid)
{
StLock<Mutex> _(mLock);
if (OSStatus rc = SecCodeCreateWithPID(pid, kSecCSDefaultFlags,
&mClientProcess.aref()))
secdebug("clientid", "could not get code for process %d: OSStatus=%d",
pid, int32_t(rc));
mGuests.erase(mGuests.begin(), mGuests.end());
}
