xref: /xnu-10002.1.13/bsd/sys/code_signing_internal.h (revision 1031c584a5e37aff177559b9f69dbd3c8c3fd30a) 
1 /*
2  * Copyright (c) 2022 Apple Computer, Inc. All rights reserved.
3  *
4  * @APPLE_LICENSE_HEADER_START@
5  *
6  * The contents of this file constitute Original Code as defined in and
7  * are subject to the Apple Public Source License Version 1.1 (the
8  * "License").  You may not use this file except in compliance with the
9  * License.  Please obtain a copy of the License at
10  * http://www.apple.com/publicsource and read it before using this file.
11  *
12  * This Original Code and all software distributed under the License are
13  * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
17  * License for the specific language governing rights and limitations
18  * under the License.
19  *
20  * @APPLE_LICENSE_HEADER_END@
21  */
22 
23 #ifndef _SYS_CODE_SIGNING_INTERNAL_H_
24 #define _SYS_CODE_SIGNING_INTERNAL_H_
25 
26 #include <sys/cdefs.h>
27 __BEGIN_DECLS
28 
29 #ifdef XNU_KERNEL_PRIVATE
30 
31 #include <mach/boolean.h>
32 #include <mach/kern_return.h>
33 #include <kern/cs_blobs.h>
34 #include <vm/pmap.h>
35 #include <vm/pmap_cs.h>
36 #include <img4/firmware.h>
37 
38 #if   PMAP_CS_PPL_MONITOR
39 /* Page Protection Layer -- PMAP_CS */
40 #define CODE_SIGNING_MONITOR 1
41 #define CODE_SIGNING_MONITOR_PREFIX ppl
42 
43 #else
44 /* No monitor -- XNU */
45 #define CODE_SIGNING_MONITOR 0
46 #define CODE_SIGNING_MONITOR_PREFIX xnu
47 
48 #endif /* */
49 
50 /**
51  * This macro can be used by code which is abstracting out the concept of the code
52  * signing monitor in order to redirect calls to the correct monitor environment.
53  */
54 #define __CSM_PREFIX(prefix, name) prefix##_##name
55 #define _CSM_PREFIX(prefix, name)  __CSM_PREFIX(prefix, name)
56 #define CSM_PREFIX(name)           _CSM_PREFIX(CODE_SIGNING_MONITOR_PREFIX, name)
57 
58 void CSM_PREFIX(toggle_developer_mode)(
59 	bool state);
60 
61 void CSM_PREFIX(set_compilation_service_cdhash)(
62 	const uint8_t cdhash[CS_CDHASH_LEN]);
63 
64 bool CSM_PREFIX(match_compilation_service_cdhash)(
65 	const uint8_t cdhash[CS_CDHASH_LEN]);
66 
67 void CSM_PREFIX(set_local_signing_public_key)(
68 	const uint8_t * public_key);
69 
70 uint8_t* CSM_PREFIX(get_local_signing_public_key)(void);
71 
72 void* CSM_PREFIX(image4_storage_data)(
73 	size_t * allocated_size);
74 
75 void CSM_PREFIX(image4_set_nonce)(
76 	const img4_nonce_domain_index_t ndi,
77 	const img4_nonce_t *nonce);
78 
79 void CSM_PREFIX(image4_roll_nonce)(
80 	const img4_nonce_domain_index_t ndi);
81 
82 errno_t CSM_PREFIX(image4_copy_nonce)(
83 	const img4_nonce_domain_index_t ndi,
84 	img4_nonce_t *nonce_out);
85 
86 errno_t CSM_PREFIX(image4_execute_object)(
87 	img4_runtime_object_spec_index_t obj_spec_index,
88 	const img4_buff_t *payload,
89 	const img4_buff_t *manifest);
90 
91 errno_t CSM_PREFIX(image4_copy_object)(
92 	img4_runtime_object_spec_index_t obj_spec_index,
93 	vm_address_t object_out,
94 	size_t *object_length);
95 
96 const void* CSM_PREFIX(image4_get_monitor_exports)(void);
97 
98 errno_t CSM_PREFIX(image4_set_release_type)(
99 	const char *release_type);
100 
101 errno_t CSM_PREFIX(image4_set_bnch_shadow)(
102 	const img4_nonce_domain_index_t ndi);
103 
104 #if CODE_SIGNING_MONITOR
105 /* Function prototypes needed only when we have a monitor environment */
106 
107 bool CSM_PREFIX(code_signing_enabled)(void);
108 
109 vm_size_t CSM_PREFIX(managed_code_signature_size)(void);
110 
111 void CSM_PREFIX(unrestrict_local_signing_cdhash)(
112 	const uint8_t cdhash[CS_CDHASH_LEN]);
113 
114 kern_return_t CSM_PREFIX(register_provisioning_profile)(
115 	const void *profile_blob,
116 	const size_t profile_blob_size,
117 	void **profile_obj);
118 
119 kern_return_t CSM_PREFIX(unregister_provisioning_profile)(
120 	void *profile_obj);
121 
122 kern_return_t CSM_PREFIX(associate_provisioning_profile)(
123 	void *sig_obj,
124 	void *profile_obj);
125 
126 kern_return_t CSM_PREFIX(disassociate_provisioning_profile)(
127 	void *sig_obj);
128 
129 kern_return_t CSM_PREFIX(register_code_signature)(
130 	const vm_address_t signature_addr,
131 	const vm_size_t signature_size,
132 	const vm_offset_t code_directory_offset,
133 	const char *signature_path,
134 	void **sig_obj,
135 	vm_address_t *txm_signature_addr);
136 
137 kern_return_t CSM_PREFIX(unregister_code_signature)(
138 	void *sig_obj);
139 
140 kern_return_t CSM_PREFIX(verify_code_signature)(
141 	void *sig_obj);
142 
143 kern_return_t CSM_PREFIX(reconstitute_code_signature)(
144 	void *sig,
145 	vm_address_t *unneeded_addr,
146 	vm_size_t *unneeded_size);
147 
148 kern_return_t CSM_PREFIX(associate_code_signature)(
149 	pmap_t pmap,
150 	void *sig_obj,
151 	const vm_address_t region_addr,
152 	const vm_size_t region_size,
153 	const vm_offset_t region_offset);
154 
155 kern_return_t CSM_PREFIX(allow_jit_region)(
156 	pmap_t pmap);
157 
158 kern_return_t CSM_PREFIX(associate_jit_region)(
159 	pmap_t pmap,
160 	const vm_address_t region_addr,
161 	const vm_size_t region_size);
162 
163 kern_return_t CSM_PREFIX(associate_debug_region)(
164 	pmap_t pmap,
165 	const vm_address_t region_addr,
166 	const vm_size_t region_size);
167 
168 kern_return_t CSM_PREFIX(address_space_debugged)(
169 	pmap_t pmap);
170 
171 kern_return_t CSM_PREFIX(allow_invalid_code)(
172 	pmap_t pmap);
173 
174 kern_return_t CSM_PREFIX(get_trust_level_kdp)(
175 	pmap_t pmap,
176 	uint32_t *trust_level);
177 
178 kern_return_t CSM_PREFIX(address_space_exempt)(
179 	const pmap_t pmap);
180 
181 kern_return_t CSM_PREFIX(fork_prepare)(
182 	pmap_t old_pmap,
183 	pmap_t new_pmap);
184 
185 kern_return_t CSM_PREFIX(acquire_signing_identifier)(
186 	const void *sig_obj,
187 	const char **signing_id);
188 
189 kern_return_t CSM_PREFIX(associate_kernel_entitlements)(
190 	void *sig_obj,
191 	const void *kernel_entitlements);
192 
193 kern_return_t CSM_PREFIX(resolve_kernel_entitlements)(
194 	pmap_t pmap,
195 	const void **kernel_entitlements);
196 
197 kern_return_t CSM_PREFIX(accelerate_entitlements)(
198 	void *sig_obj,
199 	CEQueryContext_t *ce_ctx);
200 
201 #endif /* CODE_SIGNING_MONITOR */
202 
203 #endif /* XNU_KERNEL_PRIVATE */
204 
205 __END_DECLS
206 #endif /* _SYS_CODE_SIGNING_INTERNAL_H_ */
207