Performs dynamic validation of signed code.
SDK
- macOS 10.6+
Framework
- Security
Declaration
func SecCodeCheckValidity(_ code: Sec Code, _ flags: Sec CSFlags, _ requirement: Sec Requirement?) -> OSStatus
Parameters
code
The code object to be validated.
flags
Optional flags; see
Sec
for possible values. PassCSFlags default
for standard behavior.Flags requirement
A code requirement specifying additional conditions the code must satisfy to be considered valid. Specify
NULL
if you don’t want to impose any additional requirements. Use theSec
orRequirement Create With String(_: _: _:) Sec
function to create a code requirement object. See Code Signing Guide for a discussion of code requirements.Requirement Create With String And Errors(_: _: _: _:)
Return Value
A result code. See Code Signing Services Result Codes.
Discussion
This function obtains and verifies the signature on the code specified by the code object. It checks the validity of only those sealed components required to establish identity. For guest code, first the function checks the code object’s dynamic validity status as reported by its host, then it ensures that the code object’s host is in turn valid. For all code, it validates the code against a code requirement if one is specified. The call succeeds if all these conditions are satisfactory.
This function is secure against attempts to modify the file system source of the code object.