Security-59306.61.1.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / CSCommonPriv.h

diff --git a/OSX/libsecurity_codesigning/lib/CSCommonPriv.h b/OSX/libsecurity_codesigning/lib/CSCommonPriv.h
index a03ac61d90e5731ddc4857af59f5787fda77dbd3..0bb8202197180807dd4bc09374848d5edea99ccd 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/CSCommonPriv.h
+++ b/OSX/libsecurity_codesigning/lib/CSCommonPriv.h
@@ -71,6 +71,7 @@ extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[];
        data that is usually written to separate files. This is the format of
        detached signatures if the program is capable of having multiple architectures.
        @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob.
+       @constant kSecCodeMagicEntitlementDER Magic number for a DER entitlement blob.
        @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic
        numbers. This is not a valid ASCII character; test for this to distinguish
        between text and binary data if you expect a code signing-related binary blob.
@@ -83,33 +84,26 @@ enum {
        kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */
        kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */
        kSecCodeMagicEntitlement = 0xfade7171,          /* entitlement blob */
-       
+       kSecCodeMagicEntitlementDER = 0xfade7172,       /* entitlement DER blob */
+
        kSecCodeMagicByte = 0xfa                                        /* shared first byte */
 };
 
-
 /*!
-       Types of cryptographic digests (hashes) used to hold code signatures
-       together.
-
-       Each combination of type, length, and other parameters is a separate
-       hash type; we don't understand "families" here.
-
-       These type codes govern the digest links that connect a CodeDirectory
-       to its subordinate data structures (code pages, resources, etc.)
-       They do not directly control other uses of hashes (such as the
-       hash-of-CodeDirectory identifiers used in requirements).
+ @typedef SecCodeExecSegFlags
  */
-enum {
-       kSecCodeSignatureNoHash                                                 =  0,   /* null value */
-       kSecCodeSignatureHashSHA1                                               =  1,   /* SHA-1 */
-       kSecCodeSignatureHashSHA256                                             =  2,   /* SHA-256 */
-       kSecCodeSignatureHashSHA256Truncated                    =  3,   /* SHA-256 truncated to first 20 bytes */
-       
-       kSecCodeSignatureDefaultDigestAlgorithm = kSecCodeSignatureHashSHA1
+typedef CF_OPTIONS(uint32_t, SecCodeExecSegFlags) {
+       kSecCodeExecSegMainBinary = 0x0001,             /* exec seg belongs to main binary */
+
+       // Entitlements
+       kSecCodeExecSegAllowUnsigned = 0x0010,  /* allow unsigned pages (for debugging) */
+       kSecCodeExecSegDebugger = 0x0020,               /* main binary is debugger */
+       kSecCodeExecSegJit = 0x0040,                    /* JIT enabled */
+       kSecCodeExecSegSkipLibraryVal = 0x0080, /* skip library validation */
+       kSecCodeExecSegCanLoadCdHash = 0x0100,  /* can bless cdhash for execution */
+       kSecCodeExecSegCanExecCdHash = 0x0200,  /* can execute blessed cdhash */
 };
        
-       
 /*
        The current (fixed) size of a cdhash in the system.
  */