-/*!
- @header SecCodeHost
- This header describes the Code Signing Hosting API. These are calls made
- by code that wishes to become a Host in the Code Signing Host/Guest infrastructure.
- Hosting allows the caller to establish separate, independent code identities
- (SecCodeRefs) for parts of itself, usually because it is loading and managing
- code in the form of scripts, plugins, etc.
-
- The Hosting API does not directly connect to the Code Signing Client APIs.
- Certain calls in the client API will cause internal queries to hosts about their
- guests. The Host side of these queries is managed through this API. The results
- will eventually be delivered to client API callers in appropriate form.
-
- If code never calls any of the Hosting API functions, it is deemed to not have
- guests and not act as a Host. This is the default and requires no action.
-
- Hosting operates in one of two modes, dynamic or proxy. Whichever mode is first
- engaged prevails for the lifetime of the caller. There is no way to switch between
- the two, and calling an API belonging to the opposite mode will fail.
-
- In dynamic hosting mode, the caller provides a Mach port that receives direct
- queries about its guests. Dynamic mode is engaged by calling SecHostSetHostingPort.
-
- In proxy hosting mode, the caller provides information about its guests as
- guests are created, removed, or change status. The system caches this information
- and answers queries about guests from this pool of information. The caller is not
- directly involved in answering such queries, and has no way to intervene.
-*/
-
-
-/*!
- @function SecHostCreateGuest
- Create a new Guest and describe its initial properties.
-
- This call activates Hosting Proxy Mode. From here on, the system will record
- guest information provided through SecHostCreateGuest, SecHostSetGuestStatus, and
- SecHostRemoveGuest, and report hosting status to callers directly. This mode
- is incompatible with dynamic host mode as established by a call to SecHostSetHostingPort.
-
- @param host Pass kSecNoGuest to create a guest of the process itself.
- To create a guest of another guest (extending the hosting chain), pass the SecGuestRef
- of the guest to act as the new guest's host. If host has a dedicated guest,
- it will be deemed to be be the actual host, recursively.
- @param status The Code Signing status word for the new guest. These are combinations
- of the kSecCodeStatus* flags in <Security/CSCommon.h>. Note that the proxy will enforce
- the rules for the stickiness of these bits. In particular, if you don't pass the
- kSecCodeStatusValid bit during creation, your new guest will be born invalid and will
- never have a valid identity.
- @param path The canonical path to the guest's code on disk. This is the path you would
- pass to SecStaticCodeCreateWithPath to make a static code object reference. You must
- use an absolute path.
- @param attributes An optional CFDictionaryRef containing attributes that can be used
- to locate this particular guest among all of the caller's guests. The "canonical"
- attribute is automatically added for the value of guestRef. If you pass NULL,
- no other attributes are established for the guest.
- While any key can be used in the attributes dictionary, the kSecGuestAttribute* constants
- (in SecCode.h) are conventionally used here.
- @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior, or
- a combination of the flags defined below for special features.
- @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
- CSCommon.h or certain other Security framework headers.
- @param newGuest Upon successful creation of the new guest, the new SecGuestRef
- that should be used to identify the new guest from here on.
-
- @constant kSecCSDedicatedHost Declares dedicated hosting for the given host.
- In dedicated hosting, the host has exactly one guest (the one this call is
- introducing), and the host will spend all of its time from here on running
- that guest (or on its behalf). This declaration is irreversable for the lifetime
- of the host. Note that this is a declaration about the given host, and is not
- binding upon other hosts on either side of the hosting chain, though they in turn
- may declare dedicated hosting if desired.
- It is invalid to declare dedicated hosting if other guests have already been
- introduced for this host, and it is invalid to introduce additional guests
- for this host after this call.
- @constant kSecCSGenerateGuestHash Ask the proxy to generate the binary identifier
- (hash of CodeDirectory) from the copy on disk at the path given. This is not optimal
- since an attacker with write access may be able to substitute a different copy just
- in time, but it is convenient. For optimal security, the host should calculate the
- hash from the loaded in-memory signature of its guest and pass the result as an
- attribute with key kSecGuestAttributeHash.
-*/
projects / apple / security.git / blobdiff