X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/79b9da22a1f4b26279940d285c1bc28ce4e99252..refs/heads/master:/OSX/libsecurity_codesigning/lib/CSCommon.h

diff --git a/OSX/libsecurity_codesigning/lib/CSCommon.h b/OSX/libsecurity_codesigning/lib/CSCommon.h
index d3a6bb18..b39fbe6f 100644
--- a/OSX/libsecurity_codesigning/lib/CSCommon.h
+++ b/OSX/libsecurity_codesigning/lib/CSCommon.h
@@ -215,6 +215,7 @@ typedef CF_OPTIONS(uint32_t, SecCSFlags) {
 	kSecCSReportProgress = 1 << 28,			/* make progress report call-backs when configured */
     kSecCSCheckTrustedAnchors = 1 << 27, /* build certificate chain to system trust anchors, not to any self-signed certificate */
 	kSecCSQuickCheck = 1 << 26,		/* (internal) */
+    kSecCSApplyEmbeddedPolicy = 1 << 25, /* Apply Embedded (iPhone) policy regardless of the platform we're running on */
 };
 
 
@@ -251,6 +252,9 @@ typedef CF_OPTIONS(uint32_t, SecCSFlags) {
 	@constant kSecCodeSignatureRuntime
 	Instructs the kernel to apply runtime hardening policies as required by the
 	hardened runtime version
+	@constant kSecCodeSignatureLinkerSigned
+	The code was automatically signed by the linker. This signature should be
+	ignored in any new signing operation.
  */
 typedef CF_OPTIONS(uint32_t, SecCodeSignatureFlags) {
 	kSecCodeSignatureHost = 0x0001,			/* may host guest code */
@@ -262,6 +266,7 @@ typedef CF_OPTIONS(uint32_t, SecCodeSignatureFlags) {
 	kSecCodeSignatureEnforcement = 0x1000, /* enforce code signing */
 	kSecCodeSignatureLibraryValidation = 0x2000, /* library validation required */
 	kSecCodeSignatureRuntime = 0x10000, /* apply runtime hardening policies */
+	kSecCodeSignatureLinkerSigned = 0x20000, /* identify that the signature was auto-generated by the linker*/
 };
 
 /*!