#define _H_SECASSESSMENT
#include <CoreFoundation/CoreFoundation.h>
+#include <Security/CSCommon.h>
#ifdef __cplusplus
extern "C" {
@constant kSecAssessmentAllowWeak Allow signatures that contain known weaknesses, such as an
insecure resource envelope.
@constant kSecAssessmentIgnoreWhitelist Do not search the weak signature whitelist.
- @constant kSecAssessmentFlagDequarantine Set the ASSESSMENT_OK flag if successful.
@constant kSecAssessmentFlagIgnoreActiveAssessments Permit parallel re-assessment of the same target.
@constant kSecAssessmentFlagLowPriority Run the assessment in low priority.
kSecAssessmentFlagEnforce = 1 << 26, // force on (disable bypass switches)
kSecAssessmentFlagAllowWeak = 1 << 25, // allow weak signatures
kSecAssessmentFlagIgnoreWhitelist = 1 << 24, // do not search weak signature whitelist
- kSecAssessmentFlagDequarantine = 1 << 23, // set the ASSESSMENT_OK flag if successful
+ // 1 << 23 removed (was kSecAssessmentFlagDequarantine)
kSecAssessmentFlagIgnoreActiveAssessments = 1 << 22, // permit parallel re-assessment of the same target
kSecAssessmentFlagLowPriority = 1 << 21, // run the assessment in low priority
};
extern CFStringRef kSecAssessmentFeedbackInfoCurrent; // info key: current work progress
extern CFStringRef kSecAssessmentFeedbackInfoTotal; // info key: total expected work
+extern CFStringRef kSecAssessmentContextKeyPrimarySignature; // on document assessment, treat code signature as primary and return its status
+
extern CFStringRef kSecAssessmentAssessmentVerdict; // CFBooleanRef: master result - allow or deny
extern CFStringRef kSecAssessmentAssessmentOriginator; // CFStringRef: describing the signature originator
extern CFStringRef kSecAssessmentAssessmentAuthority; // CFDictionaryRef: authority used to arrive at result
extern CFStringRef kSecAssessmentAssessmentAuthorityRow; // (internal)
extern CFStringRef kSecAssessmentAssessmentAuthorityOverride; // (internal)
extern CFStringRef kSecAssessmentAssessmentAuthorityOriginalVerdict; // (internal)
+extern CFStringRef kSecAssessmentAssessmentAuthorityFlags; // (internal)
+extern CFStringRef kSecAssessmentAssessmentNotarizationDate; // (internal)
extern CFStringRef kDisabledOverride; // AuthorityOverride value for "Gatekeeper is disabled"
*/
Boolean SecAssessmentControl(CFStringRef control, void *arguments, CFErrorRef *errors);
+/*
+ * SecAssessmentTicket SPI
+ */
+typedef uint64_t SecAssessmentTicketFlags;
+enum {
+ kSecAssessmentTicketFlagDefault = 0, // default behavior, offline check
+ kSecAssessmentTicketFlagForceOnlineCheck = 1 << 0, // force an online check
+ kSecAssessmentTicketFlagLegacyListCheck = 1 << 1, // Check the DeveloperID Legacy list
+};
+Boolean SecAssessmentTicketRegister(CFDataRef ticketData, CFErrorRef *errors);
+Boolean SecAssessmentRegisterPackageTicket(CFURLRef packageURL, CFErrorRef* errors) API_AVAILABLE(macos(10.14.6));
+Boolean SecAssessmentTicketLookup(CFDataRef hash, SecCSDigestAlgorithm hashType, SecAssessmentTicketFlags flags, double *date, CFErrorRef *errors);
+Boolean SecAssessmentLegacyCheck(CFDataRef hash, SecCSDigestAlgorithm hashType, CFStringRef teamID, CFErrorRef *errors);
#ifdef __cplusplus
}
projects / apple / security.git / blobdiff