Static Code Validation Flags

Use these supplemental flags to test the validity of a static code signature.

Overview

These flags supplement the flags described in SecCSFlags. Use these additional constants with the flags parameter of the SecStaticCodeCheckValidity and SecStaticCodeCheckValidityWithErrors functions to control the validation of code in the file system.

Topics

Constants

kSecCSCheckAllArchitectures

For multi-architecture (universal) Mach-O programs, validate all architectures included.

kSecCSDoNotValidateExecutable

Do not validate the contents of the main executable.

kSecCSDoNotValidateResources

Do not validate the presence and contents of all bundle resources (if any).

kSecCSBasicValidateOnly

Do not validate either the main executable or the bundle resources, if any.

kSecCSCheckNestedCode

For code in bundle form, locate and recursively check embedded code.

kSecCSStrictValidate

Perform additional checks to ensure the validity of code in bundle form.

See Also

Code Signature Validity

SecCodeCheckValidity

Performs dynamic validation of signed code.

SecCodeCheckValidityWithErrors

Performs dynamic validation of signed code and returns detailed error information in the case of failure.

SecStaticCodeCheckValidity

Validates a static code object.

SecStaticCodeCheckValidityWithErrors

Performs static validation of static signed code and returns detailed error information in the case of failure.

Beta Software

This documentation contains preliminary information about an API or technology in development. This information is subject to change, and software implemented according to this documentation should be tested with final operating system software.

Learn more about using Apple's beta software