Security-59754.80.3.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / CSCommon.h

diff --git a/OSX/libsecurity_codesigning/lib/CSCommon.h b/OSX/libsecurity_codesigning/lib/CSCommon.h
index d3a6bb182f8a5ebab60aab06859dd7a402af0e54..b39fbe6fa487908474220041a825783ca80d5033 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/CSCommon.h
+++ b/OSX/libsecurity_codesigning/lib/CSCommon.h
@@ -215,6 +215,7 @@ typedef CF_OPTIONS(uint32_t, SecCSFlags) {
        kSecCSReportProgress = 1 << 28,                 /* make progress report call-backs when configured */
     kSecCSCheckTrustedAnchors = 1 << 27, /* build certificate chain to system trust anchors, not to any self-signed certificate */
        kSecCSQuickCheck = 1 << 26,             /* (internal) */
+    kSecCSApplyEmbeddedPolicy = 1 << 25, /* Apply Embedded (iPhone) policy regardless of the platform we're running on */
 };
 
 
@@ -251,6 +252,9 @@ typedef CF_OPTIONS(uint32_t, SecCSFlags) {
        @constant kSecCodeSignatureRuntime
        Instructs the kernel to apply runtime hardening policies as required by the
        hardened runtime version
+       @constant kSecCodeSignatureLinkerSigned
+       The code was automatically signed by the linker. This signature should be
+       ignored in any new signing operation.
  */
 typedef CF_OPTIONS(uint32_t, SecCodeSignatureFlags) {
        kSecCodeSignatureHost = 0x0001,                 /* may host guest code */
@@ -262,6 +266,7 @@ typedef CF_OPTIONS(uint32_t, SecCodeSignatureFlags) {
        kSecCodeSignatureEnforcement = 0x1000, /* enforce code signing */
        kSecCodeSignatureLibraryValidation = 0x2000, /* library validation required */
        kSecCodeSignatureRuntime = 0x10000, /* apply runtime hardening policies */
+       kSecCodeSignatureLinkerSigned = 0x20000, /* identify that the signature was auto-generated by the linker*/
 };
 
 /*!