Creates a new guest and describes its initial properties.
- macOS 10.6+
A guest code object identifying the code that is to be the direct host of the new guest. Pass
kif the process calling this function is to be the host. To create a guest of another guest (extending the hosting chain), pass the guest code object of the guest that is to act as the new guest’s host. If the specified host already has a dedicated guest, then that dedicated guest becomes the actual host of the new guest (unless the dedicated guest also has a dedicated guest, in which case the same algorithm is replied recursively). See
Sec No Guest
kfor a discussion of dedicated hosts.
Sec CSDedicated Host
Code status flags for the new guest (see
Sec). Note that certain code status flags can be set only once, by the caller of the
Secfunction when it creates the guest. In particular, if you do not set the
Host Create Guest(_: _: _: _: _: _:)
validflag during creation of the guest, then the new guest is created dynamically invalid and can never become dynamically valid.
The canonical path to the guest’s code on disk. This is the path you would pass to the
Secfunction to make a static code object reference. You must use an absolute path.
Static Code Create With Path(_: _: _:)
A key-value dictionary of attributes that can be used to identify this particular guest among all of the caller’s guests. The
kattribute—containing the guest’s code object (that is, the
Sec Guest Attribute Canonical
Secobject returned in the
newparameter) is automatically added to the guest’s attributes. Pass
NULLfor this parameter if you do not want to establish any other attributes for this guest. Although you can specify any key-value pairs in this attributes dictionary, the keys in Guest Attribute Dictionary Keys are conventionally used for this purpose.
On return, the guest code object that identifies the new guest.
A result code. See Code Signing Services Result Codes.
Code that calls this function becomes a code host operating in proxy hosting mode. Subsequently, Code Signing Services caches information about guest code provided by the host when it calls the
Sec functions. Code Signing Services uses this information to report hosting status to callers directly without consulting the host. A code host running in proxy hosting mode cannot switch to dynamic hosting mode.