Asks a code host to identify one of its guests given the type and value of specific attributes of the guest code.
SDK
- macOS 10.6+
Framework
- Security
Declaration
func SecCodeCopyGuestWithAttributes(_ host: Sec Code?, _ attributes: CFDictionary?, _ flags: Sec CSFlags, _ guest: Unsafe Mutable Pointer<Sec Code?>) -> OSStatus
Parameters
host
A valid code object representing code running on the system that acts as a host for signed code. Pass
NULL
to indicate that the code signing root of trust (currently, the system kernel) should be used as the code host.attributes
A dictionary containing zero or more attribute values to be used in identifying guest code. See Guest Attribute Dictionary Keys for possible dictionary keys and descriptions of the associated values. Each host supports only particular combinations of keys and values, and the function returns an error if any unsupported set is requested. Pass
NULL
to indicate an empty attribute set. Note that some hosts that support hosting chains (guests being hosts) may return sub-guests to this function; that is, the code object returned by this call may not be a direct guest of the queried host, although it will be a guest somewhere in the hosting chain.flags
Optional flags; see
Sec
for possible values. PassCSFlags default
for standard behavior.Flags guest
On return, a code object identifying the particular guest of the host that has the specified attribute values. If the attributes specify the host itself, the function returns the code object for the host. If more than one guest meet the specified criteria, the function returns the result
err
.Sec CSMultiple Guests
Return Value
A result code. See Code Signing Services Result Codes. In particular:
err
—The host does not support the specified attribute type.Sec CSUnsupported Guest Attributes err
—The type of value given for a guest attribute is not supported by the host.Sec CSInvalid Attribute Values err
—The host has no guest with the specified attribute value, even though the value is of a supported type. This error may also be returned if the code specified in theSec CSNo Such Code host
parameter is not currently acting as a code host.err
—The code specified in theSec CSNot AHost host
parameter cannot act as a code host, because it’s missing thehost
option flag in its code signature.err
—The attributes specified do not unambiguously identify a guest (the specification is not unique).Sec CSMultiple Guests
Discussion
Different hosts support different types and combinations of attributes. The methods a host uses to identify, separate, and control its guests are specific to each type of host. This function provides a generic abstraction layer that allows uniform interrogation of all hosts.
The most frequent use of this function is to obtain a code object for specific code. To do that, pass NULL
for the host
parameter and specify all the attributes you have for the guest. You can also use this function to crawl through the guest hosting structure in incremental steps. To do so, pass in a specific host and the attributes for a particular guest.