In our macOS solution, we have a few processes and a few plugin modules which communicate with each other over XPC. We have recently started enforcing library validation flag along with hardened runtime for all processes and plugins.
To enforce that, we are trying to get signing information from the XPC audit token using SecCodeCopySigningInformation with kSecCSDynamicInformation flag. As per documentation, this flag requires a live SecCode not SecStaticCode to be passed to SecCodeCopySigningInformation. However, SecCodeCopySigningInformation explicitly requires SecStaticCode in its parameters. So I am unsure how to pass live SecCode to SecCodeCopySigningInformation without copying SecStaticCode from it using SecCodeCopyStaticCode. Force cast from SecCode to SecStaticCode fails. Is unsafeBitCast a valid option in this case?
Note that we support macOS version 12 and later.