X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/e3d460c9de4426da6c630c3ae3f46173a99f82d8..918dce6758f4f57e8c0b650cb5eead501f6684ca:/OSX/libsecurity_codesigning/lib/CSCommonPriv.h diff --git a/OSX/libsecurity_codesigning/lib/CSCommonPriv.h b/OSX/libsecurity_codesigning/lib/CSCommonPriv.h index 29299cb8..0bb82021 100644 --- a/OSX/libsecurity_codesigning/lib/CSCommonPriv.h +++ b/OSX/libsecurity_codesigning/lib/CSCommonPriv.h @@ -71,6 +71,7 @@ extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[]; data that is usually written to separate files. This is the format of detached signatures if the program is capable of having multiple architectures. @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob. + @constant kSecCodeMagicEntitlementDER Magic number for a DER entitlement blob. @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic numbers. This is not a valid ASCII character; test for this to distinguish between text and binary data if you expect a code signing-related binary blob. @@ -83,10 +84,25 @@ enum { kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */ kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */ kSecCodeMagicEntitlement = 0xfade7171, /* entitlement blob */ - + kSecCodeMagicEntitlementDER = 0xfade7172, /* entitlement DER blob */ + kSecCodeMagicByte = 0xfa /* shared first byte */ }; - + +/*! + @typedef SecCodeExecSegFlags + */ +typedef CF_OPTIONS(uint32_t, SecCodeExecSegFlags) { + kSecCodeExecSegMainBinary = 0x0001, /* exec seg belongs to main binary */ + + // Entitlements + kSecCodeExecSegAllowUnsigned = 0x0010, /* allow unsigned pages (for debugging) */ + kSecCodeExecSegDebugger = 0x0020, /* main binary is debugger */ + kSecCodeExecSegJit = 0x0040, /* JIT enabled */ + kSecCodeExecSegSkipLibraryVal = 0x0080, /* skip library validation */ + kSecCodeExecSegCanLoadCdHash = 0x0100, /* can bless cdhash for execution */ + kSecCodeExecSegCanExecCdHash = 0x0200, /* can execute blessed cdhash */ +}; /* The current (fixed) size of a cdhash in the system.