In the codesign(1) manpage, there is a "kill" option flag documented as:
> Code with the kill flag set will die when it becomes dynamically invalid. It is therefore safe to assume that code marked this way, once validated, will have continue to have a valid identity while alive.
I have some code in an XPC process that validates the code signature of incoming connections using SecCodeCheckValidity. I have a basic requirement worked out to check the signer's certificate and the process identifier, but I would also like to validate that the remote process has this kill flag set so that the process can't become tainted after I start communicating with it.
Is there a way via the requirements syntax or flags to have SecCodeCheckValidity fail if the SecCode object does not have the kill flag set?
