X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/90dc47c27df1983f6ebc252b0c4b94c8718fe52d..refs/heads/master:/OSX/libsecurity_codesigning/lib/SecCodeSigner.h?ds=sidebyside

diff --git a/OSX/libsecurity_codesigning/lib/SecCodeSigner.h b/OSX/libsecurity_codesigning/lib/SecCodeSigner.h
index 88067c14..c1a83ba4 100644
--- a/OSX/libsecurity_codesigning/lib/SecCodeSigner.h
+++ b/OSX/libsecurity_codesigning/lib/SecCodeSigner.h
@@ -38,7 +38,11 @@ extern "C" {
 	@typedef SecCodeSignerRef
 	This is the type of a reference to a code requirement.
 */
+#ifdef BRIDGED_SECCODESIGNER
+typedef struct CF_BRIDGED_TYPE(id) __SecCodeSigner *SecCodeSignerRef;	/* code signing object */
+#else
 typedef struct __SecCodeSigner *SecCodeSignerRef;	/* code signing object */
+#endif
 
 
 /*!
@@ -164,6 +168,11 @@ extern const CFStringRef kSecCodeSignerPreserveMetadata;
 extern const CFStringRef kSecCodeSignerTeamIdentifier;
 extern const CFStringRef kSecCodeSignerPlatformIdentifier;
 extern const CFStringRef kSecCodeSignerRuntimeVersion;
+extern const CFStringRef kSecCodeSignerPreserveAFSC;
+extern const CFStringRef kSecCodeSignerOmitAdhocFlag;
+extern const CFStringRef kSecCodeSignerEditCpuType;
+extern const CFStringRef kSecCodeSignerEditCpuSubtype;
+extern const CFStringRef kSecCodeSignerEditCMS;
 
 enum {
     kSecCodeSignerPreserveIdentifier = 1 << 0,		// preserve signing identifier
@@ -188,7 +197,9 @@ enum {
 		useful defaults, and will need to be set before signing is attempted.
 	@param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
 		The kSecCSRemoveSignature flag requests that any existing signature be stripped
-		from the target code instead of signing.
+		from the target code instead of signing. The kSecCSEditSignature flag
+        requests editing of existing signatures, which only works with a very
+        limited set of options.
 	@param staticCode On successful return, a SecStaticCode object reference representing
 	the file system origin of the given SecCode. On error, unchanged.
 	@result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
@@ -205,12 +216,16 @@ enum {
 	kSecCSSignStrictPreflight = 1 << 7, // fail signing operation if signature would fail strict validation
 	kSecCSSignGeneratePEH = 1 << 8,		// generate pre-encryption hashes
     kSecCSSignGenerateEntitlementDER = 1 << 9, // generate entitlement DER
+    kSecCSEditSignature = 1 << 10,      // edit existing signature
 };
 
-
+#ifdef BRIDGED_SECCODESIGNER
+OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
+	SecCodeSignerRef * __nonnull CF_RETURNS_RETAINED signer);
+#else
 OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
 	SecCodeSignerRef *signer);
-
+#endif
 
 /*!
 	@function SecCodeSignerAddSignature