Security-59306.140.5.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / SecCodeSigner.h

diff --git a/OSX/libsecurity_codesigning/lib/SecCodeSigner.h b/OSX/libsecurity_codesigning/lib/SecCodeSigner.h
index 88067c14b8b8a3167702037068a297ee92d5168c..eba1183066b0226d3e772f4de680ccd918d79891 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/SecCodeSigner.h
+++ b/OSX/libsecurity_codesigning/lib/SecCodeSigner.h
@@ -164,6 +164,11 @@ extern const CFStringRef kSecCodeSignerPreserveMetadata;
 extern const CFStringRef kSecCodeSignerTeamIdentifier;
 extern const CFStringRef kSecCodeSignerPlatformIdentifier;
 extern const CFStringRef kSecCodeSignerRuntimeVersion;
+extern const CFStringRef kSecCodeSignerPreserveAFSC;
+extern const CFStringRef kSecCodeSignerOmitAdhocFlag;
+extern const CFStringRef kSecCodeSignerEditCpuType;
+extern const CFStringRef kSecCodeSignerEditCpuSubtype;
+extern const CFStringRef kSecCodeSignerEditCMS;
 
 enum {
     kSecCodeSignerPreserveIdentifier = 1 << 0,         // preserve signing identifier
@@ -188,7 +193,9 @@ enum {
                useful defaults, and will need to be set before signing is attempted.
        @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
                The kSecCSRemoveSignature flag requests that any existing signature be stripped
-               from the target code instead of signing.
+               from the target code instead of signing. The kSecCSEditSignature flag
+        requests editing of existing signatures, which only works with a very
+        limited set of options.
        @param staticCode On successful return, a SecStaticCode object reference representing
        the file system origin of the given SecCode. On error, unchanged.
        @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
@@ -205,6 +212,7 @@ enum {
        kSecCSSignStrictPreflight = 1 << 7, // fail signing operation if signature would fail strict validation
        kSecCSSignGeneratePEH = 1 << 8,         // generate pre-encryption hashes
     kSecCSSignGenerateEntitlementDER = 1 << 9, // generate entitlement DER
+    kSecCSEditSignature = 1 << 10,      // edit existing signature
 };