TechnologiesSecurity, Privacy & Authentication

LightweightCodeRequirements

iOSmacOStvOSwatchOSvisionOS

LightweightCodeRequirements lets you build code-signing constraints and requirements to verify the identity of code files and of running or launching processes. You construct requirements such as OnDiskCodeRequirement, ProcessCodeRequirement, and LaunchCodeRequirement, and evaluate them against constraints like TeamIdentifier, SigningIdentifier, TeamIdentifierMatchesCurrentProcess, and IsSIPProtected, inspecting a ValidationResult to determine whether the code satisfies them. Supporting types including CodeDirectoryHash, InfoPlistHash, EntitlementsQuery, OnDiskCodeSigningFlags, and ProcessCodeSigningFlags expose the signing details a requirement examines, while the OnDiskConstraint, ProcessConstraint, and LaunchConstraint protocols define how constraints apply to files, processes, and process launches. Failures during construction or evaluation surface through ConstraintError.

Code Requirements 3

Construct requirements that verify the identity of on-disk code, running processes, and process launches.

  • St
    OnDiskCodeRequirementiOS 17.4+
    A lightweight code requirement that you use to evaluate a code file on disk.
  • St
    ProcessCodeRequirementiOS 17.4+
    A lightweight code requirement that you use to evaluate a running process.
  • St
    LaunchCodeRequirementiOS 17.4+
    A lightweight code requirement that you use to evaluate the executable for a launching process.

Constraint Protocols 3

Protocols that define how constraints apply to files, processes, and process launches.

  • Pr
    OnDiskConstraintiOS 17.4+
    A protocol to which a lightweight code requirement constraint conforms if you can use it in on-disk code requirements.
  • Pr
    ProcessConstraintiOS 17.4+
    A protocol to which a lightweight code requirement constraint conforms if you can use it in process code requirements.
  • Pr
    LaunchConstraintiOS 17.4+
    A protocol to which a lightweight code requirement constraint conforms if you can use it in launch code requirements.

Identity Constraints 3

Constraints that match the signing identity of evaluated code, such as its team and signing identifiers.

  • St
    TeamIdentifieriOS 17.4+
    A constraint that tests whether the provided team identifier matches the team identified in the code signature.
  • St
    SigningIdentifieriOS 17.4+
    A constraint that tests whether the provided signing identifier matches the signature attached to the code.
  • St
    TeamIdentifierMatchesCurrentProcessiOS 18.0+
    A constraint that matches if a process has the same team identifier as the calling process.

Code Properties and Hashes 5

Constraints that examine signing details, hashes, and entitlements of the code under evaluation.

  • St
    CodeDirectoryHashiOS 17.4+
    A constraint that matches the hash of a code directory of a code file or of a running or launching process.
  • St
    InfoPlistHashiOS 17.4+
    A constraint that tests the specified hash against the Information property list hash stored in the code signature of the process or code file.
  • Cl
    EntitlementsQueryiOS 17.4+
    A constraint that tests values in the entitlements dictionary associated with a process or code file.
  • St
    PlatformTypeiOS 17.4+
    A constraint that tests whether a code file or running process targets a given platform.
  • St
    ValidationCategoryiOS 17.4+
    A constraint that tests whether a code file or running process is signed in a way that conforms to the specified validation category.

Process and Protection State 3

Constraints that test process state, binary role, and system-integrity protection.

  • St
    IsInitProcessiOS 17.4+
    A constraint that tests whether a process is the operating system's initial process.
  • St
    IsMainBinaryiOS 17.4+
    A constraint that tests whether a code file is a main binary.
  • St
    IsSIPProtectediOS 17.4+
    A constraint that tests whether a code file or process is on a volume protected by System Integrity Protection (SIP).

Signing Flags 2

Option sets that expose the code-signing flags a requirement can inspect on disk or in a process.

  • St
    OnDiskCodeSigningFlagsiOS 17.4+
    A constraint that tests the code-signing flags of a code file on disk.
  • St
    ProcessCodeSigningFlagsiOS 17.4+
    A constraint that matches the current code-signing flags of a process.

Evaluation Results and Errors 2

Types that report the outcome of evaluating a requirement and the errors raised during construction or evaluation.

  • St
    ValidationResultmacOS 14.4+
    A structure that represents the result of testing a lightweight code requirement.
  • En
    ConstraintErroriOS 17.4+
    Error types that can be thrown from lightweight code requirement routines.

Structures 3

  • St
    LaunchConstraintBuilderiOS 17.4+
    A custom parameter attribute that constructs launch constraints from closures.
  • St
    OnDiskConstraintBuilderiOS 17.4+
    A custom parameter attribute that constructs on-disk constraints from closures.
  • St
    ProcessConstraintBuilderiOS 17.4+
    A custom parameter attribute that constructs process constraints from closures.

Extends 2

XPCPeerRequirementProcess
← Security, Privacy & Authentication