X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/e3d460c9de4426da6c630c3ae3f46173a99f82d8..3f0f0d49a9b6c2c6d459239f5926d59314cdeacf:/OSX/libsecurity_codesigning/lib/SecStaticCode.h

diff --git a/OSX/libsecurity_codesigning/lib/SecStaticCode.h b/OSX/libsecurity_codesigning/lib/SecStaticCode.h
index c8f9d40e..5fdb98b7 100644
--- a/OSX/libsecurity_codesigning/lib/SecStaticCode.h
+++ b/OSX/libsecurity_codesigning/lib/SecStaticCode.h
@@ -71,12 +71,42 @@ CFTypeID SecStaticCodeGetTypeID(void);
 	may cause the bundle to be misconstrued. If you expect to submit such paths,
 	first clean them with realpath(3) or equivalent.
 	@param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
-	@param attributes A CFDictionary containing additional attributes of the code sought.
 	@param staticCode On successful return, contains a reference to the StaticCode object
 	representing the code at path. Unchanged on error.
 	@result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
 	CSCommon.h or certain other Security framework headers.
+*/
+OSStatus SecStaticCodeCreateWithPath(CFURLRef path, SecCSFlags flags, SecStaticCodeRef * __nonnull CF_RETURNS_RETAINED staticCode);
+
+extern const CFStringRef kSecCodeAttributeArchitecture;
+extern const CFStringRef kSecCodeAttributeSubarchitecture;
+extern const CFStringRef kSecCodeAttributeUniversalFileOffset;
+extern const CFStringRef kSecCodeAttributeBundleVersion;
+
+/*!
+	@function SecStaticCodeCreateWithPathAndAttributes
+	Given a path to a file system object, create a SecStaticCode object representing
+	the code at that location, if possible. Such a SecStaticCode is not inherently
+	linked to running code in the system.
 	
+	It is possible to create a SecStaticCode object from an unsigned code object.
+	Most uses of such an object will return the errSecCSUnsigned error. However,
+	SecCodeCopyPath and SecCodeCopySigningInformation can be safely applied to such objects.
+
+	@param path A path to a location in the file system. Only file:// URLs are
+	currently supported. For bundles, pass a URL to the root directory of the
+	bundle. For single files, pass a URL to the file. If you pass a URL to the
+	main executable of a bundle, the bundle as a whole will be generally recognized.
+	Caution: Paths containing embedded // or /../ within a bundle's directory
+	may cause the bundle to be misconstrued. If you expect to submit such paths,
+	first clean them with realpath(3) or equivalent.
+	@param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
+	@param attributes A CFDictionary containing additional attributes of the code sought.
+	@param staticCode On successful return, contains a reference to the StaticCode object
+	representing the code at path. Unchanged on error.
+	@result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
+	CSCommon.h or certain other Security framework headers.
+
 	@constant kSecCodeAttributeArchitecture Specifies the Mach-O architecture of code desired.
 	This can be a CFString containing a canonical architecture name ("i386" etc.), or a CFNumber
 	specifying an architecture numerically (see mach/machine.h). This key is ignored if the code
@@ -87,14 +117,9 @@ CFTypeID SecStaticCodeGetTypeID(void);
 	This key is ignored if no main architecture is specified; if it is specified by name; or
 	if the code is not in Mach-O form.
 	@constant kSecCodeAttributeUniversalFileOffset The offset of a Mach-O specific slice of a universal Mach-O file.
+	@constant kSecCodeAttributeBundleVersion If the code sought is a deep framework bundle (Something.framework/Versions/...),
+    then select the specified framework version. This key is otherwise ignored.
 */
-extern const CFStringRef kSecCodeAttributeArchitecture;
-extern const CFStringRef kSecCodeAttributeSubarchitecture;
-extern const CFStringRef kSecCodeAttributeUniversalFileOffset;
-extern const CFStringRef kSecCodeAttributeBundleVersion;
-
-OSStatus SecStaticCodeCreateWithPath(CFURLRef path, SecCSFlags flags, SecStaticCodeRef * __nonnull CF_RETURNS_RETAINED staticCode);
-
 OSStatus SecStaticCodeCreateWithPathAndAttributes(CFURLRef path, SecCSFlags flags, CFDictionaryRef attributes,
 	SecStaticCodeRef * __nonnull CF_RETURNS_RETAINED staticCode);
 
@@ -118,9 +143,9 @@ OSStatus SecStaticCodeCreateWithPathAndAttributes(CFURLRef path, SecCSFlags flag
 	@constant kSecCSCheckAllArchitectures
 	For multi-architecture (universal) Mach-O programs, validate all architectures
 	included. By default, only the native architecture is validated.
-	@constant kSecCSNoDnotValidateExecutable
+	@constant kSecCSDoNotValidateExecutable
 	Do not validate the contents of the main executable. This is normally done.
-	@constant kSecCSNoNotValidateResources
+	@constant kSecCSDoNotValidateResources
 	Do not validate the presence and contents of all bundle resources (if any).
 	By default, a mismatch in any bundle resource causes validation to fail.
 	@constant kSecCSCheckNestedCode
@@ -152,6 +177,8 @@ CF_ENUM(uint32_t) {
 	kSecCSCheckGatekeeperArchitectures = (1 << 6) | kSecCSCheckAllArchitectures,
 	kSecCSRestrictSymlinks = 1 << 7,
 	kSecCSRestrictToAppLike = 1 << 8,
+	kSecCSRestrictSidebandData = 1 << 9,
+    kSecCSUseSoftwareSigningCert = 1 << 10,
 };
 
 OSStatus SecStaticCodeCheckValidity(SecStaticCodeRef staticCode, SecCSFlags flags,