X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_codesigning/lib/CSCommon.h diff --git a/OSX/libsecurity_codesigning/lib/CSCommon.h b/OSX/libsecurity_codesigning/lib/CSCommon.h index 11e2f517..d3a6bb18 100644 --- a/OSX/libsecurity_codesigning/lib/CSCommon.h +++ b/OSX/libsecurity_codesigning/lib/CSCommon.h @@ -84,8 +84,8 @@ CF_ENUM(OSStatus) { errSecCSStaticCodeChanged = -67034, /* the code on disk does not match what is running */ errSecCSDBDenied = -67033, /* permission to use a database denied */ errSecCSDBAccess = -67032, /* cannot access a database */ - errSecCSSigDBDenied = errSecCSDBDenied, - errSecCSSigDBAccess = errSecCSDBAccess, + errSecCSSigDBDenied = -67033, /* permission to use a database denied */ + errSecCSSigDBAccess = -67032, /* cannot access a database */ errSecCSHostProtocolInvalidAttribute = -67031, /* host returned invalid or inconsistent guest attributes */ errSecCSInfoPlistFailed = -67030, /* invalid Info.plist (plist or signature have been modified) */ errSecCSNoMainExecutable = -67029, /* the code has no main executable file */ @@ -111,16 +111,21 @@ CF_ENUM(OSStatus) { errSecCSBadFrameworkVersion = -67009, /* embedded framework contains modified or invalid version */ errSecCSUnsealedFrameworkRoot = -67008, /* unsealed contents present in the root directory of an embedded framework */ errSecCSWeakResourceEnvelope = -67007, /* resource envelope is obsolete (version 1 signature) */ - errSecCSCancelled = -67006, /* operation was terminated by explicit cancellation */ + errSecCSCancelled = -67006, /* operation was terminated by explicit cancelation */ errSecCSInvalidPlatform = -67005, /* invalid platform identifier or platform mismatch */ errSecCSTooBig = -67004, /* code is too big for current signing format */ errSecCSInvalidSymlink = -67003, /* invalid destination for symbolic link in bundle */ errSecCSNotAppLike = -67002, /* the code is valid but does not seem to be an app */ errSecCSBadDiskImageFormat = -67001, /* disk image format unrecognized, invalid, or unsuitable */ - errSecCSUnsupportedDigestAlgorithm = -67000, /* signature digest algorithm(s) specified are not supported */ + errSecCSUnsupportedDigestAlgorithm = -67000, /* a requested signature digest algorithm is not supported */ errSecCSInvalidAssociatedFileData = -66999, /* resource fork, Finder information, or similar detritus not allowed */ - errSecCSInvalidTeamIdentifier = -66998, /* a Team Identifier string is invalid */ - errSecCSBadTeamIdentifier = -66997, /* a Team Identifier is wrong or inappropriate */ + errSecCSInvalidTeamIdentifier = -66998, /* a Team Identifier string is invalid */ + errSecCSBadTeamIdentifier = -66997, /* a Team Identifier is wrong or inappropriate */ + errSecCSSignatureUntrusted = -66996, /* signature is valid but signer is not trusted */ + errSecMultipleExecSegments = -66995, /* the image contains multiple executable segments */ + errSecCSInvalidEntitlements = -66994, /* invalid entitlement plist */ + errSecCSInvalidRuntimeVersion = -66993, /* an invalid runtime version was explicitly set */ + errSecCSRevokedNotarization = -66992, /* notarization indicates this code has been revoked */ }; /* @@ -243,6 +248,9 @@ typedef CF_OPTIONS(uint32_t, SecCSFlags) { immediately if it becomes invalid. @constant kSecCodeSignatureForceExpiration Forces the kSecCSConsiderExpiration flag on all validations of the code. + @constant kSecCodeSignatureRuntime + Instructs the kernel to apply runtime hardening policies as required by the + hardened runtime version */ typedef CF_OPTIONS(uint32_t, SecCodeSignatureFlags) { kSecCodeSignatureHost = 0x0001, /* may host guest code */ @@ -253,9 +261,9 @@ typedef CF_OPTIONS(uint32_t, SecCodeSignatureFlags) { kSecCodeSignatureRestrict = 0x0800, /* restrict dyld loading */ kSecCodeSignatureEnforcement = 0x1000, /* enforce code signing */ kSecCodeSignatureLibraryValidation = 0x2000, /* library validation required */ + kSecCodeSignatureRuntime = 0x10000, /* apply runtime hardening policies */ }; - /*! @typedef SecCodeStatus The code signing system attaches a set of status flags to each running code. @@ -295,11 +303,20 @@ typedef CF_OPTIONS(uint32_t, SecCodeSignatureFlags) { This bit can only be set. Code that has the kill flag set will never be dynamically invalid (and live). Note however that a change in static validity does not necessarily trigger instant death. + + @constant kSecCodeStatusDebugged + Indicated that code has been debugged by another process that was allowed to do so. The debugger + causes this to be set when it attachs. + + @constant kSecCodeStatusPlatform + Indicates the code is platform code, shipping with the operating system and signed by Apple. */ typedef CF_OPTIONS(uint32_t, SecCodeStatus) { - kSecCodeStatusValid = 0x0001, - kSecCodeStatusHard = 0x0100, - kSecCodeStatusKill = 0x0200, + kSecCodeStatusValid = 0x00000001, + kSecCodeStatusHard = 0x00000100, + kSecCodeStatusKill = 0x00000200, + kSecCodeStatusDebugged = 0x10000000, + kSecCodeStatusPlatform = 0x04000000, }; @@ -336,6 +353,7 @@ typedef CF_ENUM(uint32_t, SecCSDigestAlgorithm) { kSecCodeSignatureHashSHA256 = 2, /* SHA-256 */ kSecCodeSignatureHashSHA256Truncated = 3, /* SHA-256 truncated to first 20 bytes */ kSecCodeSignatureHashSHA384 = 4, /* SHA-384 */ + kSecCodeSignatureHashSHA512 = 5, /* SHA-512 */ }; CF_ASSUME_NONNULL_END