1 /* 2 * Copyright (c) 2020 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 #ifndef __AMFI_H 30 #define __AMFI_H 31 32 #include <os/base.h> 33 #include <sys/cdefs.h> 34 #include <kern/cs_blobs.h> 35 36 #if __has_include(<TrustCache/API.h>) 37 #define KERN_AMFI_SUPPORTS_TRUST_CACHE_API 1 38 #include <TrustCache/API.h> 39 #endif 40 41 #define KERN_AMFI_INTERFACE_VERSION 6 42 #define KERN_AMFI_SUPPORTS_DATA_ALLOC 1 43 44 #if XNU_KERNEL_PRIVATE 45 #define CORE_ENTITLEMENTS_I_KNOW_WHAT_IM_DOING 46 #include <CoreEntitlements/CoreEntitlementsPriv.h> 47 #endif 48 49 typedef void (*amfi_OSEntitlements_invalidate)(void* osentitlements); 50 typedef void* (*amfi_OSEntitlements_asDict)(void* osentitlements); 51 typedef CEError_t (*amfi_OSEntitlements_query)(void* osentitlements, uint8_t cdhash[CS_CDHASH_LEN], CEQuery_t query, size_t queryLength); 52 typedef bool (*amfi_OSEntitlements_get_transmuted_blob)(void* osentitlements, const CS_GenericBlob **blob); 53 typedef bool (*amfi_OSEntitlements_get_xml_blob)(void* osentitlements, CS_GenericBlob **blob); 54 typedef bool (*amfi_get_legacy_profile_exemptions)(const uint8_t **profile, size_t *profileLength); 55 typedef bool (*amfi_get_udid)(const uint8_t **udid, size_t *udidLength); 56 typedef void* (*amfi_query_context_to_object)(CEQueryContext_t ctx); 57 58 #if KERN_AMFI_SUPPORTS_TRUST_CACHE_API 59 60 typedef TCReturn_t (*loadModule_t)( 61 TrustCacheRuntime_t *runtime, 62 const TCType_t type, 63 TrustCache_t *trustCache, 64 const uintptr_t dataAddr, 65 const size_t dataSize 66 ); 67 68 typedef TCReturn_t (*load_t)( 69 TrustCacheRuntime_t *runtime, 70 TCType_t type, 71 TrustCache_t *trustCache, 72 const uintptr_t payloadAddr, 73 const size_t payloadSize, 74 const uintptr_t manifestAddr, 75 const size_t manifestSize 76 ); 77 78 typedef TCReturn_t (*query_t)( 79 const TrustCacheRuntime_t *runtime, 80 TCQueryType_t queryType, 81 const uint8_t CDHash[kTCEntryHashSize], 82 TrustCacheQueryToken_t *queryToken 83 ); 84 85 typedef TCReturn_t (*getCapabilities_t)( 86 const TrustCache_t *trustCache, 87 TCCapabilities_t *capabilities 88 ); 89 90 typedef TCReturn_t (*queryGetTCType_t)( 91 const TrustCacheQueryToken_t *queryToken, 92 TCType_t *typeRet 93 ); 94 95 typedef TCReturn_t (*queryGetCapabilities_t)( 96 const TrustCacheQueryToken_t *queryToken, 97 TCCapabilities_t *capabilities 98 ); 99 100 typedef TCReturn_t (*queryGetHashType_t)( 101 const TrustCacheQueryToken_t *queryToken, 102 uint8_t *hashTypeRet 103 ); 104 105 typedef TCReturn_t (*queryGetFlags_t)( 106 const TrustCacheQueryToken_t *queryToken, 107 uint64_t *flagsRet 108 ); 109 110 typedef TCReturn_t (*queryGetConstraintCategory_t)( 111 const TrustCacheQueryToken_t *queryToken, 112 uint8_t *constraintCategoryRet 113 ); 114 115 #define TRUST_CACHE_INTERFACE_VERSION 2u 116 117 typedef struct _TrustCacheInterface { 118 uint32_t version; 119 loadModule_t loadModule; 120 load_t load; 121 query_t query; 122 getCapabilities_t getCapabilities; 123 queryGetTCType_t queryGetTCType; 124 queryGetCapabilities_t queryGetCapabilities; 125 queryGetHashType_t queryGetHashType; 126 queryGetFlags_t queryGetFlags; 127 queryGetConstraintCategory_t queryGetConstraintCategory; 128 } TrustCacheInterface_t; 129 130 #endif /* KERN_AMFI_SUPPORTS_TRUST_CACHE_API */ 131 132 typedef struct _amfi { 133 amfi_OSEntitlements_invalidate OSEntitlements_invalidate; 134 amfi_OSEntitlements_asDict OSEntitlements_asdict; 135 amfi_OSEntitlements_query OSEntitlements_query; 136 amfi_OSEntitlements_get_transmuted_blob OSEntitlements_get_transmuted; 137 amfi_OSEntitlements_get_xml_blob OSEntitlements_get_xml; 138 coreentitlements_t CoreEntitlements; 139 amfi_get_legacy_profile_exemptions get_legacy_profile_exemptions; 140 amfi_get_udid get_udid; 141 amfi_query_context_to_object query_context_to_object; 142 143 #if KERN_AMFI_SUPPORTS_TRUST_CACHE_API 144 /* Interface to interact with libTrustCache */ 145 TrustCacheInterface_t TrustCache; 146 #endif 147 } amfi_t; 148 149 __BEGIN_DECLS 150 151 /*! 152 * @const amfi 153 * The AMFI interface that was registered. 154 */ 155 extern const amfi_t *amfi; 156 157 /*! 158 * @function amfi_interface_register 159 * Registers the AMFI kext interface for use within the kernel proper. 160 * 161 * @param mfi 162 * The interface to register. 163 * 164 * @discussion 165 * This routine may only be called once and must be called before late-const has 166 * been applied to kernel memory. 167 */ 168 OS_EXPORT OS_NONNULL1 169 void 170 amfi_interface_register(const amfi_t *mfi); 171 172 __END_DECLS 173 174 #endif // __AMFI_H 175