Contents

SecHostCreateGuest

Creates a new guest and describes its initial properties.

Declaration

OSStatus SecHostCreateGuest(SecGuestRef host, uint32_t status, CFURLRef path, CFDictionaryRef attributes, SecCSFlags flags, SecGuestRef *newGuest);

Parameters

  • host:

    A guest code object identifying the code that is to be the direct host of the new guest. Pass Ksecnoguest if the process calling this function is to be the host. To create a guest of another guest (extending the hosting chain), pass the guest code object of the guest that is to act as the new guest’s host. If the specified host already has a dedicated guest, then that dedicated guest becomes the actual host of the new guest (unless the dedicated guest also has a dedicated guest, in which case the same algorithm is replied recursively). See Kseccsdedicatedhost for a discussion of dedicated hosts.

  • status:

    Code status flags for the new guest (see Seccodestatus). Note that certain code status flags can be set only once, by the caller of the Sechostcreateguest function when it creates the guest. In particular, if you do not set the Valid flag during creation of the guest, then the new guest is created dynamically invalid and can never become dynamically valid.

  • path:

    The canonical path to the guest’s code on disk. This is the path you would pass to the Secstaticcodecreatewithpath(_:_:_:) function to make a static code object reference. You must use an absolute path.

  • attributes:

    A key-value dictionary of attributes that can be used to identify this particular guest among all of the caller’s guests. The Ksecguestattributecanonical attribute—containing the guest’s code object (that is, the Secguestref object returned in the newGuest parameter) is automatically added to the guest’s attributes. Pass NULL for this parameter if you do not want to establish any other attributes for this guest. Although you can specify any key-value pairs in this attributes dictionary, the keys in Guest Attribute Dictionary Keys are conventionally used for this purpose.

  • flags:

    Optional flags; see Seccsflags and Guest Creation Flags for possible values. Pass Kseccsdefaultflags for standard behavior. Pass Kseccsdedicatedhost to make the code specified in the host parameter the dedicated host for the new guest.

  • newGuest:

    On return, the guest code object that identifies the new guest.

Mentioned in

Return Value

A result code. See Code Signing Services Result Codes.

Discussion

Code that calls this function becomes a code host operating in proxy hosting mode. Subsequently, Code Signing Services caches information about guest code provided by the host when it calls the SecHostCreateGuest, SecHostSetGuestStatus, and SecHostRemoveGuest functions. Code Signing Services uses this information to report hosting status to callers directly without consulting the host. A code host running in proxy hosting mode cannot switch to dynamic hosting mode.

See Also

Related Documentation