[apple/security.git] / libsecurity_codesigning / lib / CSCommon.h

/*
 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
	@header CSCommon
	CSCommon is the common header of all Code Signing API headers.
	It defines types, constants, and error codes.
*/
#ifndef _H_CSCOMMON
#define _H_CSCOMMON

#ifdef __cplusplus
extern "C" {
#endif

#include <stdint.h>
#include <CoreFoundation/CoreFoundation.h>


/*
	Code Signing specific OSStatus codes.
	[Assigned range 0xFFFE_FAxx].
*/
enum {
	errSecCSUnimplemented =				-67072,	/* unimplemented code signing feature */
	errSecCSInvalidObjectRef =			-67071,	/* invalid API object reference */
	errSecCSInvalidFlags =				-67070,	/* invalid or inappropriate API flag(s) specified */
	errSecCSObjectRequired =			-67069,	/* a required pointer argument was NULL */
	errSecCSStaticCodeNotFound =		-67068,	/* cannot find code object on disk */
	errSecCSUnsupportedGuestAttributes = -67067, /* cannot locate guests using this attribute set */
	errSecCSInvalidAttributeValues =	-67066,	/* given attribute values are invalid */
	errSecCSNoSuchCode =				-67065,	/* host has no guest with the requested attributes */
	errSecCSMultipleGuests =			-67064,	/* ambiguous guest specification (host has multiple guests with these attribute values) */
	errSecCSGuestInvalid =				-67063,	/* code identity has been invalidated */
	errSecCSUnsigned =					-67062,	/* code object is not signed at all */
	errSecCSSignatureFailed =			-67061,	/* invalid signature (code or signature have been modified) */
	errSecCSSignatureNotVerifiable =	-67060,	/* the code cannot be read by the verifier (file system permissions etc.) */
	errSecCSSignatureUnsupported =		-67059,	/* unsupported type or version of signature */
	errSecCSBadDictionaryFormat =		-67058,	/* a required plist file or resource is malformed */
	errSecCSResourcesNotSealed =		-67057,	/* resources are present but not sealed by signature */
	errSecCSResourcesNotFound =			-67056,	/* code has no resources but signature indicates they must be present */
	errSecCSResourcesInvalid =			-67055,	/* the sealed resource directory is invalid */
	errSecCSBadResource =				-67054,	/* a sealed resource is missing or invalid */
	errSecCSResourceRulesInvalid =		-67053,	/* invalid resource specification rule(s) */
	errSecCSReqInvalid =				-67052,	/* invalid or corrupted code requirement(s) */
	errSecCSReqUnsupported =			-67051,	/* unsupported type or version of code requirement(s) */
	errSecCSReqFailed =					-67050,	/* code failed to satisfy specified code requirement(s) */
	errSecCSBadObjectFormat =			-67049,	/* object file format unrecognized, invalid, or unsuitable */
	errSecCSInternalError =				-67048,	/* internal error in Code Signing subsystem */
	errSecCSHostReject =				-67047,	/* code rejected its host */
	errSecCSNotAHost =					-67046,	/* attempt to specify guest of code that is not a host */
	errSecCSSignatureInvalid =			-67045,	/* invalid or unsupported format for signature */
	errSecCSHostProtocolRelativePath =	-67044, /* host protocol violation - absolute guest path required */
	errSecCSHostProtocolContradiction =	-67043,	/* host protocol violation - contradictory hosting modes */
	errSecCSHostProtocolDedicationError = -67042, /* host protocol violation - operation not allowed with/for a dedicated guest */
	errSecCSHostProtocolNotProxy =		-67041,	/* host protocol violation - proxy hosting not engaged */
	errSecCSHostProtocolStateError =	-67040,	/* host protocol violation - invalid guest state change request */
	errSecCSHostProtocolUnrelated =		-67039,	/* host protocol violation - the given guest is not a guest of the given host */
									 /* -67038 obsolete (no longer issued) */
	errSecCSNotSupported =				-67037,	/* operation inapplicable or not supported for this type of code */
	errSecCSCMSTooLarge =				-67036,	/* signature too large to embed (size limitation of on-disk representation) */
	errSecCSHostProtocolInvalidHash =	-67035,	/* host protocol violation - invalid guest hash */
	errSecCSStaticCodeChanged =			-67034,	/* the code on disk does not match what is running */
	errSecCSDBDenied =					-67033,	/* permission to use a database denied */
	errSecCSDBAccess =					-67032,	/* cannot access a database */
	errSecCSSigDBDenied = errSecCSDBDenied,
	errSecCSSigDBAccess = errSecCSDBAccess,
	errSecCSHostProtocolInvalidAttribute = -67031, /* host returned invalid or inconsistent guest attributes */
	errSecCSInfoPlistFailed =			-67030,	/* invalid Info.plist (plist or signature have been modified) */
	errSecCSNoMainExecutable =			-67029,	/* the code has no main executable file */
	errSecCSBadBundleFormat =			-67028,	/* bundle format unrecognized, invalid, or unsuitable */
	errSecCSNoMatches =					-67027,	/* no matches for search or update operation */
	errSecCSFileHardQuarantined =		-67026,	/* File created by an AppSandbox, exec/open not allowed */
	errSecCSOutdated =					-67025,	/* presented data is out of date */
	errSecCSDbCorrupt =					-67024,	/* a system database or file is corrupt */
	errSecCSResourceDirectoryFailed =	-67023,	/* invalid resource directory (directory or signature have been modified) */
	errSecCSUnsignedNestedCode =		-67022,	/* nested code is unsigned */
	errSecCSBadNestedCode =				-67021,	/* nested code is modified or invalid */
	errSecCSBadCallbackValue =			-67020,	/* monitor callback returned invalid value */
	errSecCSHelperFailed =				-67019,	/* the codesign_allocate helper tool cannot be found or used */
	errSecCSVetoed =					-67018,
	errSecCSBadLVArch =					-67017, /* library validation flag cannot be used with an i386 binary */
	errSecCSResourceNotSupported =		-67016, /* unsupported resource found (something not a directory, file or symlink) */
	errSecCSRegularFile =				-67015, /* the main executable or Info.plist must be a regular file (no symlinks, etc.) */
	errSecCSUnsealedAppRoot	=			-67014, /* unsealed contents present in the bundle root */
	errSecCSWeakResourceRules =			-67013, /* resource envelope is obsolete */
	errSecCSDSStoreSymlink =			-67012, /* .DS_Store files cannot be a symlink */ 
	errSecCSAmbiguousBundleFormat =		-67011, /* bundle format is ambiguous (could be app or framework) */
	errSecCSBadMainExecutable =			-67010, /* main executable failed strict validation */
	errSecCSBadFrameworkVersion = 		-67009, /* embedded framework contains modified or invalid version */
	errSecCSUnsealedFrameworkRoot =		-67008, /* unsealed contents present in the root directory of an embedded framework */
};


/*
 * Code Signing specific CFError "user info" keys.
 * In calls that can return CFErrorRef indications, if a CFErrorRef is actually
 * returned, its "user info" dictionary may contain some of the following keys
 * to more closely describe the circumstances of the failure.
 * Do not rely on the presence of any particular key to categorize a problem;
 * always use the primary OSStatus return for that. The data contained under
 * these keys is always supplemental and optional.
 */
extern const CFStringRef kSecCFErrorArchitecture;	/* CFStringRef: name of architecture causing the problem */
extern const CFStringRef kSecCFErrorPattern;		/* CFStringRef: invalid resource selection pattern encountered */
extern const CFStringRef kSecCFErrorResourceSeal;	/* CFTypeRef: invalid component in resource seal (CodeResources) */
extern const CFStringRef kSecCFErrorResourceAdded;	/* CFURLRef: unsealed resource found */
extern const CFStringRef kSecCFErrorResourceAltered; /* CFURLRef: modified resource found */
extern const CFStringRef kSecCFErrorResourceMissing; /* CFURLRef: sealed (non-optional) resource missing */
extern const CFStringRef kSecCFErrorInfoPlist;		/* CFTypeRef: Info.plist dictionary or component thereof found invalid */
extern const CFStringRef kSecCFErrorGuestAttributes; /* CFTypeRef: Guest attribute set of element not accepted */
extern const CFStringRef kSecCFErrorRequirementSyntax; /* CFStringRef: compilation error for Requirement source */
extern const CFStringRef kSecCFErrorPath;			/* CFURLRef: subcomponent containing the error */


/*!
	@typedef SecCodeRef
	This is the type of a reference to running code.

	In many (but not all) calls, this can be passed to a SecStaticCodeRef
	argument, which performs an implicit SecCodeCopyStaticCode call and
	operates on the result.
*/
typedef struct __SecCode *SecCodeRef;				/* running code */

/*!
	@typedef SecStaticCodeRef
	This is the type of a reference to static code on disk.
*/
typedef struct __SecCode const *SecStaticCodeRef;	/* code on disk */

/*!
	@typedef SecRequirementRef
	This is the type of a reference to a code requirement.
*/
typedef struct __SecRequirement *SecRequirementRef;	/* code requirement */


/*!
	@typedef SecGuestRef
	An abstract handle to identify a particular Guest in the context of its Host.
	
	Guest handles are assigned by the host at will, with kSecNoGuest (zero) being
	reserved as the null value. They can be reused for new children if desired.
*/
typedef u_int32_t SecGuestRef;

enum {
	kSecNoGuest = 0,		/* not a valid SecGuestRef */
};


/*!
	@typedef SecCSFlags
	This is the type of flags arguments to Code Signing API calls.
	It provides a bit mask of request and option flags. All of the bits in these
	masks are reserved to Apple; if you set any bits not defined in these headers,
	the behavior is generally undefined.
	
	This list describes the flags that are shared among several Code Signing API calls.
	Flags that only apply to one call are defined and documented with that call.
	Global flags are assigned from high order down (31 -> 0); call-specific flags
	are assigned from the bottom up (0 -> 31).

	@constant kSecCSDefaultFlags
	When passed to a flags argument throughout, indicates that default behavior
	is desired. Do not mix with other flags values.
	@constant kSecCSConsiderExpiration
	When passed to a call that performs code validation, requests that code signatures
	made by expired certificates be rejected. By default, expiration of participating
	certificates is not automatic grounds for rejection.
*/
typedef uint32_t SecCSFlags;

enum {
	kSecCSDefaultFlags = 0,					/* no particular flags (default behavior) */
	
	kSecCSConsiderExpiration = 1 << 31,		/* consider expired certificates invalid */
	kSecCSEnforceRevocationChecks = 1 << 30,	/* force revocation checks regardless of preference settings */
};


/*!
	@typedef SecCodeSignatureFlags
	This is the type of option flags that can be embedded in a code signature
	during signing, and that govern the use of the signature thereafter.
	Some of these flags can be set through the codesign(1) command's --options
	argument; some are set implicitly based on signing circumstances; and all
	can be set with the kSecCodeSignerFlags item of a signing information dictionary.
	
	@constant kSecCodeSignatureHost
	Indicates that the code may act as a host that controls and supervises guest
	code. If this flag is not set in a code signature, the code is never considered
	eligible to be a host, and any attempt to act like one will be ignored or rejected.
	@constant kSecCodeSignatureAdhoc
	The code has been sealed without a signing identity. No identity may be retrieved
	from it, and any code requirement placing restrictions on the signing identity
	will fail. This flag is set by the code signing API and cannot be set explicitly.
	@constant kSecCodeSignatureForceHard
	Implicitly set the "hard" status bit for the code when it starts running.
	This bit indicates that the code prefers to be denied access to a resource
	if gaining such access would cause its invalidation. Since the hard bit is
	sticky, setting this option bit guarantees that the code will always have
	it set.
	@constant kSecCodeSignatureForceKill
	Implicitly set the "kill" status bit for the code when it starts running.
	This bit indicates that the code wishes to be terminated with prejudice if
	it is ever invalidated. Since the kill bit is sticky, setting this option bit
	guarantees that the code will always be dynamically valid, since it will die
	immediately	if it becomes invalid.
	@constant kSecCodeSignatureForceExpiration
	Forces the kSecCSConsiderExpiration flag on all validations of the code.
 */
typedef uint32_t SecCodeSignatureFlags;

enum {
	kSecCodeSignatureHost = 0x0001,			/* may host guest code */
	kSecCodeSignatureAdhoc = 0x0002,		/* must be used without signer */
	kSecCodeSignatureForceHard = 0x0100,	/* always set HARD mode on launch */
	kSecCodeSignatureForceKill = 0x0200,	/* always set KILL mode on launch */
	kSecCodeSignatureForceExpiration = 0x0400, /* force certificate expiration checks */
	kSecCodeSignatureRestrict = 0x0800, /* restrict dyld loading */
	kSecCodeSignatureEnforcement = 0x1000, /* enforce code signing */
	kSecCodeSignatureLibraryValidation = 0x2000, /* library validation required */
};


/*!
	@typedef SecCodeStatus
	The code signing system attaches a set of status flags to each running code.
	These flags are maintained by the code's host, and can be read by anyone.
	A code may change its own flags, a host may change its guests' flags,
	and root may change anyone's flags.	However, these flags are sticky in that
	each can change in only one direction (and never back, for the lifetime of the code).
	Not even root can violate this restriction.

	There are other flags in SecCodeStatus that are not publicly documented.
	Do not rely on them, and do not ever attempt to explicitly set them.

	@constant kSecCodeStatusValid
	Indicates that the code is dynamically valid, i.e. it started correctly
	and has not been invalidated since then. The valid bit can only be cleared.
	
	Warning: This bit is not your one-stop shortcut to determining the validity	of code.
	It represents the dynamic component of the full validity function; if this
	bit is unset, the code is definitely invalid, but the converse is not always true.
	In fact, code hosts may represent the outcome of some delayed static validation work in this bit,
	and thus it strictly represents a blend of (all of) dynamic and (some of) static validity,
	depending on the implementation of the particular host managing the code. You can (only)
	rely that (1) dynamic invalidation will clear this bit; and (2) the combination
	of static validation and dynamic validity (as performed by the SecCodeCheckValidity* APIs)
	will give a correct answer.
	
	@constant kSecCodeStatusHard
	Indicates that the code prefers to be denied access to resources if gaining access
	would invalidate it. This bit can only be set.
	It is undefined whether code that is marked hard and is already invalid will still
	be denied access to a resource that would invalidate it if it were still valid. That is,
	the code may or may not get access to such a resource while being invalid, and that choice
	may appear random.
	
	@constant kSecCodeStatusKill
	Indicates that the code wants to be killed (terminated) if it ever loses its validity.
	This bit can only be set. Code that has the kill flag set will never be dynamically invalid
	(and live). Note however that a change in static validity does not necessarily trigger instant
	death.
*/
typedef uint32_t SecCodeStatus;
enum {
	kSecCodeStatusValid =	0x0001,
	kSecCodeStatusHard =	0x0100,
	kSecCodeStatusKill =	0x0200,
};


/*!
	@typedef SecRequirementType
	An enumeration indicating different types of internal requirements for code.
 */
typedef uint32_t SecRequirementType;

enum {
	kSecHostRequirementType =			1,	/* what hosts may run us */
	kSecGuestRequirementType =			2,	/* what guests we may run */
	kSecDesignatedRequirementType =		3,	/* designated requirement */
	kSecLibraryRequirementType =		4,	/* what libraries we may link against */
	kSecPluginRequirementType =			5,	/* what plug-ins we may load */
	kSecInvalidRequirementType,				/* invalid type of Requirement (must be last) */
	kSecRequirementTypeCount = kSecInvalidRequirementType /* number of valid requirement types */
};


#ifdef __cplusplus
}
#endif

#endif //_H_CSCOMMON
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*!
	25	@header CSCommon
	26	CSCommon is the common header of all Code Signing API headers.
	27	It defines types, constants, and error codes.
	28	*/
	29	#ifndef _H_CSCOMMON
	30	#define _H_CSCOMMON
	31
	32	#ifdef __cplusplus
	33	extern "C" {
	34	#endif
	35
	36	#include <stdint.h>
	37	#include <CoreFoundation/CoreFoundation.h>
	38
	39
	40	/*
	41	Code Signing specific OSStatus codes.
	42	[Assigned range 0xFFFE_FAxx].
	43	*/
	44	enum {
	45	errSecCSUnimplemented = -67072, /* unimplemented code signing feature */
	46	errSecCSInvalidObjectRef = -67071, /* invalid API object reference */
	47	errSecCSInvalidFlags = -67070, /* invalid or inappropriate API flag(s) specified */
	48	errSecCSObjectRequired = -67069, /* a required pointer argument was NULL */
	49	errSecCSStaticCodeNotFound = -67068, /* cannot find code object on disk */
	50	errSecCSUnsupportedGuestAttributes = -67067, /* cannot locate guests using this attribute set */
	51	errSecCSInvalidAttributeValues = -67066, /* given attribute values are invalid */
	52	errSecCSNoSuchCode = -67065, /* host has no guest with the requested attributes */
	53	errSecCSMultipleGuests = -67064, /* ambiguous guest specification (host has multiple guests with these attribute values) */
	54	errSecCSGuestInvalid = -67063, /* code identity has been invalidated */
	55	errSecCSUnsigned = -67062, /* code object is not signed at all */
	56	errSecCSSignatureFailed = -67061, /* invalid signature (code or signature have been modified) */
	57	errSecCSSignatureNotVerifiable = -67060, /* the code cannot be read by the verifier (file system permissions etc.) */
	58	errSecCSSignatureUnsupported = -67059, /* unsupported type or version of signature */
	59	errSecCSBadDictionaryFormat = -67058, /* a required plist file or resource is malformed */
	60	errSecCSResourcesNotSealed = -67057, /* resources are present but not sealed by signature */
	61	errSecCSResourcesNotFound = -67056, /* code has no resources but signature indicates they must be present */
	62	errSecCSResourcesInvalid = -67055, /* the sealed resource directory is invalid */
	63	errSecCSBadResource = -67054, /* a sealed resource is missing or invalid */
	64	errSecCSResourceRulesInvalid = -67053, /* invalid resource specification rule(s) */
65	errSecCSReqInvalid = -67052, /* invalid or corrupted code requirement(s) */
66	errSecCSReqUnsupported = -67051, /* unsupported type or version of code requirement(s) */
67	errSecCSReqFailed = -67050, /* code failed to satisfy specified code requirement(s) */
68	errSecCSBadObjectFormat = -67049, /* object file format unrecognized, invalid, or unsuitable */
69	errSecCSInternalError = -67048, /* internal error in Code Signing subsystem */
70	errSecCSHostReject = -67047, /* code rejected its host */
71	errSecCSNotAHost = -67046, /* attempt to specify guest of code that is not a host */
72	errSecCSSignatureInvalid = -67045, /* invalid or unsupported format for signature */
73	errSecCSHostProtocolRelativePath = -67044, /* host protocol violation - absolute guest path required */
74	errSecCSHostProtocolContradiction = -67043, /* host protocol violation - contradictory hosting modes */
75	errSecCSHostProtocolDedicationError = -67042, /* host protocol violation - operation not allowed with/for a dedicated guest */
76	errSecCSHostProtocolNotProxy = -67041, /* host protocol violation - proxy hosting not engaged */
77	errSecCSHostProtocolStateError = -67040, /* host protocol violation - invalid guest state change request */
78	errSecCSHostProtocolUnrelated = -67039, /* host protocol violation - the given guest is not a guest of the given host */
79	/* -67038 obsolete (no longer issued) */
80	errSecCSNotSupported = -67037, /* operation inapplicable or not supported for this type of code */
81	errSecCSCMSTooLarge = -67036, /* signature too large to embed (size limitation of on-disk representation) */
82	errSecCSHostProtocolInvalidHash = -67035, /* host protocol violation - invalid guest hash */
83	errSecCSStaticCodeChanged = -67034, /* the code on disk does not match what is running */
84	errSecCSDBDenied = -67033, /* permission to use a database denied */
85	errSecCSDBAccess = -67032, /* cannot access a database */
86	errSecCSSigDBDenied = errSecCSDBDenied,
87	errSecCSSigDBAccess = errSecCSDBAccess,
88	errSecCSHostProtocolInvalidAttribute = -67031, /* host returned invalid or inconsistent guest attributes */
89	errSecCSInfoPlistFailed = -67030, /* invalid Info.plist (plist or signature have been modified) */
90	errSecCSNoMainExecutable = -67029, /* the code has no main executable file */
91	errSecCSBadBundleFormat = -67028, /* bundle format unrecognized, invalid, or unsuitable */
92	errSecCSNoMatches = -67027, /* no matches for search or update operation */
93	errSecCSFileHardQuarantined = -67026, /* File created by an AppSandbox, exec/open not allowed */
94	errSecCSOutdated = -67025, /* presented data is out of date */
313fa17b	95	errSecCSDbCorrupt = -67024, /* a system database or file is corrupt */
427c49bc A	96	errSecCSResourceDirectoryFailed = -67023, /* invalid resource directory (directory or signature have been modified) */
	97	errSecCSUnsignedNestedCode = -67022, /* nested code is unsigned */
	98	errSecCSBadNestedCode = -67021, /* nested code is modified or invalid */
	99	errSecCSBadCallbackValue = -67020, /* monitor callback returned invalid value */
	100	errSecCSHelperFailed = -67019, /* the codesign_allocate helper tool cannot be found or used */
	101	errSecCSVetoed = -67018,
80e23899 A	102	errSecCSBadLVArch = -67017, /* library validation flag cannot be used with an i386 binary */
	103	errSecCSResourceNotSupported = -67016, /* unsupported resource found (something not a directory, file or symlink) */
	104	errSecCSRegularFile = -67015, /* the main executable or Info.plist must be a regular file (no symlinks, etc.) */
	105	errSecCSUnsealedAppRoot = -67014, /* unsealed contents present in the bundle root */
	106	errSecCSWeakResourceRules = -67013, /* resource envelope is obsolete */
	107	errSecCSDSStoreSymlink = -67012, /* .DS_Store files cannot be a symlink */
	108	errSecCSAmbiguousBundleFormat = -67011, /* bundle format is ambiguous (could be app or framework) */
	109	errSecCSBadMainExecutable = -67010, /* main executable failed strict validation */
	110	errSecCSBadFrameworkVersion = -67009, /* embedded framework contains modified or invalid version */
	111	errSecCSUnsealedFrameworkRoot = -67008, /* unsealed contents present in the root directory of an embedded framework */
b1ab9ed8 A	112	};
	113
	114
	115	/*
	116	* Code Signing specific CFError "user info" keys.
	117	* In calls that can return CFErrorRef indications, if a CFErrorRef is actually
	118	* returned, its "user info" dictionary may contain some of the following keys
	119	* to more closely describe the circumstances of the failure.
	120	* Do not rely on the presence of any particular key to categorize a problem;
	121	* always use the primary OSStatus return for that. The data contained under
	122	* these keys is always supplemental and optional.
	123	*/
	124	extern const CFStringRef kSecCFErrorArchitecture; /* CFStringRef: name of architecture causing the problem */
	125	extern const CFStringRef kSecCFErrorPattern; /* CFStringRef: invalid resource selection pattern encountered */
	126	extern const CFStringRef kSecCFErrorResourceSeal; /* CFTypeRef: invalid component in resource seal (CodeResources) */
	127	extern const CFStringRef kSecCFErrorResourceAdded; /* CFURLRef: unsealed resource found */
	128	extern const CFStringRef kSecCFErrorResourceAltered; /* CFURLRef: modified resource found */
	129	extern const CFStringRef kSecCFErrorResourceMissing; /* CFURLRef: sealed (non-optional) resource missing */
	130	extern const CFStringRef kSecCFErrorInfoPlist; /* CFTypeRef: Info.plist dictionary or component thereof found invalid */
	131	extern const CFStringRef kSecCFErrorGuestAttributes; /* CFTypeRef: Guest attribute set of element not accepted */
	132	extern const CFStringRef kSecCFErrorRequirementSyntax; /* CFStringRef: compilation error for Requirement source */
	133	extern const CFStringRef kSecCFErrorPath; /* CFURLRef: subcomponent containing the error */
	134
	135
	136	/*!
	137	@typedef SecCodeRef
	138	This is the type of a reference to running code.
	139
	140	In many (but not all) calls, this can be passed to a SecStaticCodeRef
	141	argument, which performs an implicit SecCodeCopyStaticCode call and
	142	operates on the result.
	143	*/
	144	typedef struct __SecCode SecCodeRef; / running code */
	145
	146	/*!
	147	@typedef SecStaticCodeRef
	148	This is the type of a reference to static code on disk.
	149	*/
	150	typedef struct __SecCode const SecStaticCodeRef; / code on disk */
	151
	152	/*!
	153	@typedef SecRequirementRef
	154	This is the type of a reference to a code requirement.
	155	*/
	156	typedef struct __SecRequirement SecRequirementRef; / code requirement */
	157
	158
	159	/*!
	160	@typedef SecGuestRef
	161	An abstract handle to identify a particular Guest in the context of its Host.
	162
	163	Guest handles are assigned by the host at will, with kSecNoGuest (zero) being
	164	reserved as the null value. They can be reused for new children if desired.
	165	*/
	166	typedef u_int32_t SecGuestRef;
	167
	168	enum {
	169	kSecNoGuest = 0, /* not a valid SecGuestRef */
	170	};
	171
	172
	173	/*!
	174	@typedef SecCSFlags
	175	This is the type of flags arguments to Code Signing API calls.
176	It provides a bit mask of request and option flags. All of the bits in these
177	masks are reserved to Apple; if you set any bits not defined in these headers,
178	the behavior is generally undefined.
179
180	This list describes the flags that are shared among several Code Signing API calls.
181	Flags that only apply to one call are defined and documented with that call.
182	Global flags are assigned from high order down (31 -> 0); call-specific flags
183	are assigned from the bottom up (0 -> 31).
184
185	@constant kSecCSDefaultFlags
186	When passed to a flags argument throughout, indicates that default behavior
187	is desired. Do not mix with other flags values.
188	@constant kSecCSConsiderExpiration
189	When passed to a call that performs code validation, requests that code signatures
190	made by expired certificates be rejected. By default, expiration of participating
191	certificates is not automatic grounds for rejection.
192	*/
193	typedef uint32_t SecCSFlags;
194
195	enum {
196	kSecCSDefaultFlags = 0, /* no particular flags (default behavior) */
197
198	kSecCSConsiderExpiration = 1 << 31, /* consider expired certificates invalid */
199	kSecCSEnforceRevocationChecks = 1 << 30, /* force revocation checks regardless of preference settings */
200	};
201
202
203	/*!
204	@typedef SecCodeSignatureFlags
205	This is the type of option flags that can be embedded in a code signature
206	during signing, and that govern the use of the signature thereafter.
207	Some of these flags can be set through the codesign(1) command's --options
208	argument; some are set implicitly based on signing circumstances; and all
209	can be set with the kSecCodeSignerFlags item of a signing information dictionary.
210
211	@constant kSecCodeSignatureHost
212	Indicates that the code may act as a host that controls and supervises guest
213	code. If this flag is not set in a code signature, the code is never considered
214	eligible to be a host, and any attempt to act like one will be ignored or rejected.
215	@constant kSecCodeSignatureAdhoc
216	The code has been sealed without a signing identity. No identity may be retrieved
217	from it, and any code requirement placing restrictions on the signing identity
218	will fail. This flag is set by the code signing API and cannot be set explicitly.
219	@constant kSecCodeSignatureForceHard
220	Implicitly set the "hard" status bit for the code when it starts running.
221	This bit indicates that the code prefers to be denied access to a resource
222	if gaining such access would cause its invalidation. Since the hard bit is
223	sticky, setting this option bit guarantees that the code will always have
224	it set.
225	@constant kSecCodeSignatureForceKill
226	Implicitly set the "kill" status bit for the code when it starts running.
227	This bit indicates that the code wishes to be terminated with prejudice if
228	it is ever invalidated. Since the kill bit is sticky, setting this option bit
229	guarantees that the code will always be dynamically valid, since it will die
230	immediately if it becomes invalid.
231	@constant kSecCodeSignatureForceExpiration
232	Forces the kSecCSConsiderExpiration flag on all validations of the code.
233	*/
234	typedef uint32_t SecCodeSignatureFlags;
235
236	enum {
237	kSecCodeSignatureHost = 0x0001, /* may host guest code */
238	kSecCodeSignatureAdhoc = 0x0002, /* must be used without signer */
239	kSecCodeSignatureForceHard = 0x0100, /* always set HARD mode on launch */
240	kSecCodeSignatureForceKill = 0x0200, /* always set KILL mode on launch */
241	kSecCodeSignatureForceExpiration = 0x0400, /* force certificate expiration checks */
427c49bc A	242	kSecCodeSignatureRestrict = 0x0800, /* restrict dyld loading */
427c49bc A	243	kSecCodeSignatureEnforcement = 0x1000, /* enforce code signing */
420ff9d9	244	kSecCodeSignatureLibraryValidation = 0x2000, /* library validation required */
b1ab9ed8 A	245	};
	246
	247
	248	/*!
	249	@typedef SecCodeStatus
	250	The code signing system attaches a set of status flags to each running code.
	251	These flags are maintained by the code's host, and can be read by anyone.
	252	A code may change its own flags, a host may change its guests' flags,
	253	and root may change anyone's flags. However, these flags are sticky in that
	254	each can change in only one direction (and never back, for the lifetime of the code).
	255	Not even root can violate this restriction.
	256
	257	There are other flags in SecCodeStatus that are not publicly documented.
	258	Do not rely on them, and do not ever attempt to explicitly set them.
	259
	260	@constant kSecCodeStatusValid
	261	Indicates that the code is dynamically valid, i.e. it started correctly
	262	and has not been invalidated since then. The valid bit can only be cleared.
	263
	264	Warning: This bit is not your one-stop shortcut to determining the validity of code.
	265	It represents the dynamic component of the full validity function; if this
	266	bit is unset, the code is definitely invalid, but the converse is not always true.
	267	In fact, code hosts may represent the outcome of some delayed static validation work in this bit,
	268	and thus it strictly represents a blend of (all of) dynamic and (some of) static validity,
	269	depending on the implementation of the particular host managing the code. You can (only)
	270	rely that (1) dynamic invalidation will clear this bit; and (2) the combination
	271	of static validation and dynamic validity (as performed by the SecCodeCheckValidity* APIs)
	272	will give a correct answer.
	273
	274	@constant kSecCodeStatusHard
	275	Indicates that the code prefers to be denied access to resources if gaining access
	276	would invalidate it. This bit can only be set.
	277	It is undefined whether code that is marked hard and is already invalid will still
	278	be denied access to a resource that would invalidate it if it were still valid. That is,
	279	the code may or may not get access to such a resource while being invalid, and that choice
	280	may appear random.
	281
	282	@constant kSecCodeStatusKill
	283	Indicates that the code wants to be killed (terminated) if it ever loses its validity.
	284	This bit can only be set. Code that has the kill flag set will never be dynamically invalid
	285	(and live). Note however that a change in static validity does not necessarily trigger instant
	286	death.
	287	*/
	288	typedef uint32_t SecCodeStatus;
	289	enum {
	290	kSecCodeStatusValid = 0x0001,
	291	kSecCodeStatusHard = 0x0100,
	292	kSecCodeStatusKill = 0x0200,
	293	};
	294
	295
	296	/*!
	297	@typedef SecRequirementType
	298	An enumeration indicating different types of internal requirements for code.
	299	*/
	300	typedef uint32_t SecRequirementType;
	301
	302	enum {
	303	kSecHostRequirementType = 1, /* what hosts may run us */
	304	kSecGuestRequirementType = 2, /* what guests we may run */
	305	kSecDesignatedRequirementType = 3, /* designated requirement */
	306	kSecLibraryRequirementType = 4, /* what libraries we may link against */
	307	kSecPluginRequirementType = 5, /* what plug-ins we may load */
	308	kSecInvalidRequirementType, /* invalid type of Requirement (must be last) */
309	kSecRequirementTypeCount = kSecInvalidRequirementType /* number of valid requirement types */
310	};
311
312
313	#ifdef __cplusplus
314	}
315	#endif
316
317	#endif //_H_CSCOMMON