Tells code signing services that the calling code will directly respond to hosting inquiries over the given port.


OSStatus SecHostSetHostingPort(mach_port_t hostingPort, SecCSFlags flags);



A Mach message port with send rights. This port is recorded and handed to parties interested in querying the host about its children.


Optional flags; see SecCSFlags for possible values. Pass kSecCSDefaultFlags for standard behavior.

Return Value


If you want to use dynamic hosting mode (see Guest Code), call this function before calling any other code signing services hosting functions. When you call SecHostSetHostingPort, the calling code takes direct responsibility for answering questions about its guests using the hosting IPC services. After you call this function, you cannot call the SecHostCreateGuest, SecHostRemoveGuest, or SecHostSetGuestStatus functions.

The SecHostSelectGuest and SecHostSelectedGuest functions work after calling this function.

Once you call this function, the calling code must act in dynamic hosting mode; proxy hosting mode is disabled for the lifetime of the calling code.

Dynamic hosting is useful if you have a large host with many guests that are changing status frequently. In that case, it’s more efficient to only respond to requests for information when they’re made than to call the status update functions (SecHostCreateGuest, SecHostSetGuestStatus, or SecHostRemoveGuest) every time something changes. However, dynamic hosting mode is not fully supported by high-level API functions at this time. Unless you have extensive knowledge of Mach messaging and have a particular need to manage your guest code dynamically, it is recommended that you use proxy hosting mode.

See Also

Guest Management


Retrieves the code object for the host of specified guest code.


Removes a guest from a host.


Makes the calling thread the proxy for a specified guest.


Retrieves the handle for the guest currently selected for the calling thread.


Asks the kernel to accept the signing information currently attached to a code object and uses it to validate memory page-ins.