Skip to main content

security_framework_sys/
code_signing.rs

1use core_foundation_sys::base::{CFTypeID, OSStatus};
2use core_foundation_sys::dictionary::CFDictionaryRef;
3use core_foundation_sys::string::CFStringRef;
4use core_foundation_sys::url::CFURLRef;
5
6pub enum OpaqueSecRequirementRef {}
7pub type SecRequirementRef = *mut OpaqueSecRequirementRef;
8
9pub enum OpaqueSecCodeRef {}
10pub type SecCodeRef = *mut OpaqueSecCodeRef;
11
12pub enum OpaqueSecStaticCodeRef {}
13pub type SecStaticCodeRef = *mut OpaqueSecStaticCodeRef;
14
15pub type SecCSFlags = u32;
16pub const kSecCSCheckAllArchitectures: SecCSFlags = 1 << 0;
17pub const kSecCSDoNotValidateExecutable: SecCSFlags = 1 << 1;
18pub const kSecCSDoNotValidateResources: SecCSFlags = 1 << 2;
19pub const kSecCSBasicValidateOnly: SecCSFlags = kSecCSDoNotValidateExecutable | kSecCSDoNotValidateResources;
20pub const kSecCSCheckNestedCode: SecCSFlags = 1 << 3;
21pub const kSecCSStrictValidate: SecCSFlags = 1 << 4;
22pub const kSecCSFullReport: SecCSFlags = 1 << 5;
23pub const kSecCSCheckGatekeeperArchitectures: SecCSFlags = (1 << 6) | kSecCSCheckAllArchitectures;
24pub const kSecCSRestrictSymlinks: SecCSFlags = 1 << 7;
25pub const kSecCSRestrictToAppLike: SecCSFlags = 1 << 8;
26pub const kSecCSRestrictSidebandData: SecCSFlags = 1 << 9;
27pub const kSecCSUseSoftwareSigningCert: SecCSFlags = 1 << 10;
28pub const kSecCSValidatePEH: SecCSFlags = 1 << 11;
29pub const kSecCSSingleThreaded: SecCSFlags = 1 << 12;
30// 13 - 15 are unused
31// This is only available in macOS 11.3:
32// pub const kSecCSAllowNetworkAccess: SecCSFlags = 1 << 16;
33// 17 - 25 are unused
34pub const kSecCSQuickCheck: SecCSFlags = 1 << 26;
35pub const kSecCSCheckTrustedAnchors: SecCSFlags = 1 << 27;
36pub const kSecCSReportProgress: SecCSFlags = 1 << 28;
37pub const kSecCSNoNetworkAccess: SecCSFlags = 1 << 29;
38pub const kSecCSEnforceRevocationChecks: SecCSFlags = 1 << 30;
39pub const kSecCSConsiderExpiration: SecCSFlags = 1 << 31;
40
41extern "C" {
42    pub static kSecGuestAttributeArchitecture: CFStringRef;
43    pub static kSecGuestAttributeAudit: CFStringRef;
44    pub static kSecGuestAttributeCanonical: CFStringRef;
45    pub static kSecGuestAttributeDynamicCode: CFStringRef;
46    pub static kSecGuestAttributeDynamicCodeInfoPlist: CFStringRef;
47    pub static kSecGuestAttributeHash: CFStringRef;
48    pub static kSecGuestAttributeMachPort: CFStringRef;
49    pub static kSecGuestAttributePid: CFStringRef;
50    pub static kSecGuestAttributeSubarchitecture: CFStringRef;
51
52    pub fn SecCodeGetTypeID() -> CFTypeID;
53    pub fn SecStaticCodeGetTypeID() -> CFTypeID;
54    pub fn SecRequirementGetTypeID() -> CFTypeID;
55
56    pub fn SecCodeCheckValidity(
57        code: SecCodeRef,
58        flags: SecCSFlags,
59        requirement: SecRequirementRef,
60    ) -> OSStatus;
61
62    pub fn SecCodeCopyGuestWithAttributes(
63        host: SecCodeRef,
64        attrs: CFDictionaryRef,
65        flags: SecCSFlags,
66        guest: *mut SecCodeRef,
67    ) -> OSStatus;
68
69    pub fn SecCodeCopyPath(
70        code: SecStaticCodeRef,
71        flags: SecCSFlags,
72        path: *mut CFURLRef,
73    ) -> OSStatus;
74
75    pub fn SecCodeCopySelf(flags: SecCSFlags, out: *mut SecCodeRef) -> OSStatus;
76
77    pub fn SecRequirementCreateWithString(
78        text: CFStringRef,
79        flags: SecCSFlags,
80        requirement: *mut SecRequirementRef,
81    ) -> OSStatus;
82
83    pub fn SecStaticCodeCheckValidity(
84        code: SecStaticCodeRef,
85        flags: SecCSFlags,
86        requirement: SecRequirementRef,
87    ) -> OSStatus;
88
89    pub fn SecStaticCodeCreateWithPath(
90        path: CFURLRef,
91        flags: SecCSFlags,
92        code: *mut SecStaticCodeRef,
93    ) -> OSStatus;
94}