data that is usually written to separate files. This is the format of
detached signatures if the program is capable of having multiple architectures.
@constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob.
+ @constant kSecCodeMagicEntitlementDER Magic number for a DER entitlement blob.
@constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic
numbers. This is not a valid ASCII character; test for this to distinguish
between text and binary data if you expect a code signing-related binary blob.
kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */
kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */
kSecCodeMagicEntitlement = 0xfade7171, /* entitlement blob */
-
+ kSecCodeMagicEntitlementDER = 0xfade7172, /* entitlement DER blob */
+
kSecCodeMagicByte = 0xfa /* shared first byte */
};
-
+
+/*!
+ @typedef SecCodeExecSegFlags
+ */
+typedef CF_OPTIONS(uint32_t, SecCodeExecSegFlags) {
+ kSecCodeExecSegMainBinary = 0x0001, /* exec seg belongs to main binary */
+
+ // Entitlements
+ kSecCodeExecSegAllowUnsigned = 0x0010, /* allow unsigned pages (for debugging) */
+ kSecCodeExecSegDebugger = 0x0020, /* main binary is debugger */
+ kSecCodeExecSegJit = 0x0040, /* JIT enabled */
+ kSecCodeExecSegSkipLibraryVal = 0x0080, /* skip library validation */
+ kSecCodeExecSegCanLoadCdHash = 0x0100, /* can bless cdhash for execution */
+ kSecCodeExecSegCanExecCdHash = 0x0200, /* can execute blessed cdhash */
+};
/*
The current (fixed) size of a cdhash in the system.
projects / apple / security.git / blobdiff