1*0f4c859eSApple OSS Distributions /*
2*0f4c859eSApple OSS Distributions * Copyright (c) 2021 Apple Computer, Inc. All rights reserved.
3*0f4c859eSApple OSS Distributions *
4*0f4c859eSApple OSS Distributions * @APPLE_LICENSE_HEADER_START@
5*0f4c859eSApple OSS Distributions *
6*0f4c859eSApple OSS Distributions * The contents of this file constitute Original Code as defined in and
7*0f4c859eSApple OSS Distributions * are subject to the Apple Public Source License Version 1.1 (the
8*0f4c859eSApple OSS Distributions * "License"). You may not use this file except in compliance with the
9*0f4c859eSApple OSS Distributions * License. Please obtain a copy of the License at
10*0f4c859eSApple OSS Distributions * http://www.apple.com/publicsource and read it before using this file.
11*0f4c859eSApple OSS Distributions *
12*0f4c859eSApple OSS Distributions * This Original Code and all software distributed under the License are
13*0f4c859eSApple OSS Distributions * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14*0f4c859eSApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15*0f4c859eSApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16*0f4c859eSApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17*0f4c859eSApple OSS Distributions * License for the specific language governing rights and limitations
18*0f4c859eSApple OSS Distributions * under the License.
19*0f4c859eSApple OSS Distributions *
20*0f4c859eSApple OSS Distributions * @APPLE_LICENSE_HEADER_END@
21*0f4c859eSApple OSS Distributions */
22*0f4c859eSApple OSS Distributions
23*0f4c859eSApple OSS Distributions #include <os/overflow.h>
24*0f4c859eSApple OSS Distributions #include <machine/atomic.h>
25*0f4c859eSApple OSS Distributions #include <mach/vm_param.h>
26*0f4c859eSApple OSS Distributions #include <vm/vm_kern.h>
27*0f4c859eSApple OSS Distributions #include <vm/pmap.h>
28*0f4c859eSApple OSS Distributions #include <vm/pmap_cs.h>
29*0f4c859eSApple OSS Distributions #include <vm/vm_map.h>
30*0f4c859eSApple OSS Distributions #include <kern/zalloc.h>
31*0f4c859eSApple OSS Distributions #include <kern/kalloc.h>
32*0f4c859eSApple OSS Distributions #include <kern/assert.h>
33*0f4c859eSApple OSS Distributions #include <kern/locks.h>
34*0f4c859eSApple OSS Distributions #include <kern/lock_rw.h>
35*0f4c859eSApple OSS Distributions #include <libkern/libkern.h>
36*0f4c859eSApple OSS Distributions #include <libkern/section_keywords.h>
37*0f4c859eSApple OSS Distributions #include <libkern/coretrust/coretrust.h>
38*0f4c859eSApple OSS Distributions #include <pexpert/pexpert.h>
39*0f4c859eSApple OSS Distributions #include <sys/vm.h>
40*0f4c859eSApple OSS Distributions #include <sys/proc.h>
41*0f4c859eSApple OSS Distributions #include <sys/proc_require.h>
42*0f4c859eSApple OSS Distributions #include <sys/codesign.h>
43*0f4c859eSApple OSS Distributions #include <sys/code_signing.h>
44*0f4c859eSApple OSS Distributions #include <sys/sysctl.h>
45*0f4c859eSApple OSS Distributions #include <uuid/uuid.h>
46*0f4c859eSApple OSS Distributions #include <IOKit/IOBSD.h>
47*0f4c859eSApple OSS Distributions
48*0f4c859eSApple OSS Distributions
49*0f4c859eSApple OSS Distributions SYSCTL_DECL(_security);
50*0f4c859eSApple OSS Distributions SYSCTL_DECL(_security_codesigning);
51*0f4c859eSApple OSS Distributions SYSCTL_NODE(_security, OID_AUTO, codesigning, CTLFLAG_RD, 0, "XNU Code Signing");
52*0f4c859eSApple OSS Distributions
53*0f4c859eSApple OSS Distributions static SECURITY_READ_ONLY_LATE(bool) cs_config_set = false;
54*0f4c859eSApple OSS Distributions static SECURITY_READ_ONLY_LATE(code_signing_monitor_type_t) cs_monitor = CS_MONITOR_TYPE_NONE;
55*0f4c859eSApple OSS Distributions static SECURITY_READ_ONLY_LATE(code_signing_config_t) cs_config = 0;
56*0f4c859eSApple OSS Distributions
57*0f4c859eSApple OSS Distributions SYSCTL_UINT(_security_codesigning, OID_AUTO, monitor, CTLFLAG_RD, &cs_monitor, 0, "code signing monitor type");
58*0f4c859eSApple OSS Distributions SYSCTL_UINT(_security_codesigning, OID_AUTO, config, CTLFLAG_RD, &cs_config, 0, "code signing configuration");
59*0f4c859eSApple OSS Distributions
60*0f4c859eSApple OSS Distributions void
code_signing_configuration(code_signing_monitor_type_t * monitor_type_out,code_signing_config_t * config_out)61*0f4c859eSApple OSS Distributions code_signing_configuration(
62*0f4c859eSApple OSS Distributions code_signing_monitor_type_t *monitor_type_out,
63*0f4c859eSApple OSS Distributions code_signing_config_t *config_out)
64*0f4c859eSApple OSS Distributions {
65*0f4c859eSApple OSS Distributions code_signing_monitor_type_t monitor_type = CS_MONITOR_TYPE_NONE;
66*0f4c859eSApple OSS Distributions code_signing_config_t config = 0;
67*0f4c859eSApple OSS Distributions
68*0f4c859eSApple OSS Distributions /*
69*0f4c859eSApple OSS Distributions * Since we read this variable with load-acquire semantics, if we observe a value
70*0f4c859eSApple OSS Distributions * of true, it means we should be able to observe writes to cs_monitor and also
71*0f4c859eSApple OSS Distributions * cs_config.
72*0f4c859eSApple OSS Distributions */
73*0f4c859eSApple OSS Distributions if (os_atomic_load(&cs_config_set, acquire) == true) {
74*0f4c859eSApple OSS Distributions goto config_set;
75*0f4c859eSApple OSS Distributions }
76*0f4c859eSApple OSS Distributions
77*0f4c859eSApple OSS Distributions /*
78*0f4c859eSApple OSS Distributions * Add support for all the code signing features. This function is called very
79*0f4c859eSApple OSS Distributions * early in the system boot, much before kernel extensions such as Apple Mobile
80*0f4c859eSApple OSS Distributions * File Integrity come online. As a result, this function assumes that all the
81*0f4c859eSApple OSS Distributions * code signing features are enabled, and later on, different components can
82*0f4c859eSApple OSS Distributions * disable support for different features using disable_code_signing_feature().
83*0f4c859eSApple OSS Distributions */
84*0f4c859eSApple OSS Distributions config |= CS_CONFIG_MAP_JIT;
85*0f4c859eSApple OSS Distributions config |= CS_CONFIG_DEVELOPER_MODE_SUPPORTED;
86*0f4c859eSApple OSS Distributions config |= CS_CONFIG_COMPILATION_SERVICE;
87*0f4c859eSApple OSS Distributions config |= CS_CONFIG_LOCAL_SIGNING;
88*0f4c859eSApple OSS Distributions config |= CS_CONFIG_OOP_JIT;
89*0f4c859eSApple OSS Distributions
90*0f4c859eSApple OSS Distributions #if CODE_SIGNING_MONITOR
91*0f4c859eSApple OSS Distributions /* Mark the code signing monitor as enabled if required */
92*0f4c859eSApple OSS Distributions if (csm_enabled() == true) {
93*0f4c859eSApple OSS Distributions config |= CS_CONFIG_CSM_ENABLED;
94*0f4c859eSApple OSS Distributions }
95*0f4c859eSApple OSS Distributions
96*0f4c859eSApple OSS Distributions #if PMAP_CS_PPL_MONITOR
97*0f4c859eSApple OSS Distributions monitor_type = CS_MONITOR_TYPE_PPL;
98*0f4c859eSApple OSS Distributions #endif /* */
99*0f4c859eSApple OSS Distributions #endif /* CODE_SIGNING_MONITOR */
100*0f4c859eSApple OSS Distributions
101*0f4c859eSApple OSS Distributions #if DEVELOPMENT || DEBUG
102*0f4c859eSApple OSS Distributions /*
103*0f4c859eSApple OSS Distributions * We only ever need to parse for boot-args based exemption state on DEVELOPMENT
104*0f4c859eSApple OSS Distributions * or DEBUG builds as this state is not respected by any code signing component
105*0f4c859eSApple OSS Distributions * on RELEASE builds.
106*0f4c859eSApple OSS Distributions */
107*0f4c859eSApple OSS Distributions
108*0f4c859eSApple OSS Distributions #define CS_AMFI_MASK_UNRESTRICT_TASK_FOR_PID 0x01
109*0f4c859eSApple OSS Distributions #define CS_AMFI_MASK_ALLOW_ANY_SIGNATURE 0x02
110*0f4c859eSApple OSS Distributions #define CS_AMFI_MASK_GET_OUT_OF_MY_WAY 0x80
111*0f4c859eSApple OSS Distributions
112*0f4c859eSApple OSS Distributions int amfi_mask = 0;
113*0f4c859eSApple OSS Distributions int amfi_allow_any_signature = 0;
114*0f4c859eSApple OSS Distributions int amfi_unrestrict_task_for_pid = 0;
115*0f4c859eSApple OSS Distributions int amfi_get_out_of_my_way = 0;
116*0f4c859eSApple OSS Distributions int cs_enforcement_disabled = 0;
117*0f4c859eSApple OSS Distributions int cs_integrity_skip = 0;
118*0f4c859eSApple OSS Distributions
119*0f4c859eSApple OSS Distributions /* Parse the AMFI mask */
120*0f4c859eSApple OSS Distributions PE_parse_boot_argn("amfi", &amfi_mask, sizeof(amfi_mask));
121*0f4c859eSApple OSS Distributions
122*0f4c859eSApple OSS Distributions /* Parse the AMFI soft-bypass */
123*0f4c859eSApple OSS Distributions PE_parse_boot_argn(
124*0f4c859eSApple OSS Distributions "amfi_allow_any_signature",
125*0f4c859eSApple OSS Distributions &amfi_allow_any_signature,
126*0f4c859eSApple OSS Distributions sizeof(amfi_allow_any_signature));
127*0f4c859eSApple OSS Distributions
128*0f4c859eSApple OSS Distributions /* Parse the AMFI debug-bypass */
129*0f4c859eSApple OSS Distributions PE_parse_boot_argn(
130*0f4c859eSApple OSS Distributions "amfi_unrestrict_task_for_pid",
131*0f4c859eSApple OSS Distributions &amfi_unrestrict_task_for_pid,
132*0f4c859eSApple OSS Distributions sizeof(amfi_unrestrict_task_for_pid));
133*0f4c859eSApple OSS Distributions
134*0f4c859eSApple OSS Distributions /* Parse the AMFI hard-bypass */
135*0f4c859eSApple OSS Distributions PE_parse_boot_argn(
136*0f4c859eSApple OSS Distributions "amfi_get_out_of_my_way",
137*0f4c859eSApple OSS Distributions &amfi_get_out_of_my_way,
138*0f4c859eSApple OSS Distributions sizeof(amfi_get_out_of_my_way));
139*0f4c859eSApple OSS Distributions
140*0f4c859eSApple OSS Distributions /* Parse the system code signing hard-bypass */
141*0f4c859eSApple OSS Distributions PE_parse_boot_argn(
142*0f4c859eSApple OSS Distributions "cs_enforcement_disable",
143*0f4c859eSApple OSS Distributions &cs_enforcement_disabled,
144*0f4c859eSApple OSS Distributions sizeof(cs_enforcement_disabled));
145*0f4c859eSApple OSS Distributions
146*0f4c859eSApple OSS Distributions /* Parse the system code signing integrity-check bypass */
147*0f4c859eSApple OSS Distributions PE_parse_boot_argn(
148*0f4c859eSApple OSS Distributions "cs_integrity_skip",
149*0f4c859eSApple OSS Distributions &cs_integrity_skip,
150*0f4c859eSApple OSS Distributions sizeof(cs_integrity_skip));
151*0f4c859eSApple OSS Distributions
152*0f4c859eSApple OSS Distributions /* CS_CONFIG_UNRESTRICTED_DEBUGGING */
153*0f4c859eSApple OSS Distributions if (amfi_mask & CS_AMFI_MASK_UNRESTRICT_TASK_FOR_PID) {
154*0f4c859eSApple OSS Distributions config |= CS_CONFIG_UNRESTRICTED_DEBUGGING;
155*0f4c859eSApple OSS Distributions } else if (amfi_unrestrict_task_for_pid) {
156*0f4c859eSApple OSS Distributions config |= CS_CONFIG_UNRESTRICTED_DEBUGGING;
157*0f4c859eSApple OSS Distributions }
158*0f4c859eSApple OSS Distributions
159*0f4c859eSApple OSS Distributions /* CS_CONFIG_ALLOW_ANY_SIGNATURE */
160*0f4c859eSApple OSS Distributions if (amfi_mask & CS_AMFI_MASK_ALLOW_ANY_SIGNATURE) {
161*0f4c859eSApple OSS Distributions config |= CS_CONFIG_ALLOW_ANY_SIGNATURE;
162*0f4c859eSApple OSS Distributions } else if (amfi_mask & CS_AMFI_MASK_GET_OUT_OF_MY_WAY) {
163*0f4c859eSApple OSS Distributions config |= CS_CONFIG_ALLOW_ANY_SIGNATURE;
164*0f4c859eSApple OSS Distributions } else if (amfi_allow_any_signature) {
165*0f4c859eSApple OSS Distributions config |= CS_CONFIG_ALLOW_ANY_SIGNATURE;
166*0f4c859eSApple OSS Distributions } else if (amfi_get_out_of_my_way) {
167*0f4c859eSApple OSS Distributions config |= CS_CONFIG_ALLOW_ANY_SIGNATURE;
168*0f4c859eSApple OSS Distributions } else if (cs_enforcement_disabled) {
169*0f4c859eSApple OSS Distributions config |= CS_CONFIG_ALLOW_ANY_SIGNATURE;
170*0f4c859eSApple OSS Distributions }
171*0f4c859eSApple OSS Distributions
172*0f4c859eSApple OSS Distributions /* CS_CONFIG_ENFORCEMENT_DISABLED */
173*0f4c859eSApple OSS Distributions if (cs_enforcement_disabled) {
174*0f4c859eSApple OSS Distributions config |= CS_CONFIG_ENFORCEMENT_DISABLED;
175*0f4c859eSApple OSS Distributions }
176*0f4c859eSApple OSS Distributions
177*0f4c859eSApple OSS Distributions /* CS_CONFIG_GET_OUT_OF_MY_WAY */
178*0f4c859eSApple OSS Distributions if (amfi_mask & CS_AMFI_MASK_GET_OUT_OF_MY_WAY) {
179*0f4c859eSApple OSS Distributions config |= CS_CONFIG_GET_OUT_OF_MY_WAY;
180*0f4c859eSApple OSS Distributions } else if (amfi_get_out_of_my_way) {
181*0f4c859eSApple OSS Distributions config |= CS_CONFIG_GET_OUT_OF_MY_WAY;
182*0f4c859eSApple OSS Distributions } else if (cs_enforcement_disabled) {
183*0f4c859eSApple OSS Distributions config |= CS_CONFIG_GET_OUT_OF_MY_WAY;
184*0f4c859eSApple OSS Distributions }
185*0f4c859eSApple OSS Distributions
186*0f4c859eSApple OSS Distributions /* CS_CONFIG_INTEGRITY_SKIP */
187*0f4c859eSApple OSS Distributions if (cs_integrity_skip) {
188*0f4c859eSApple OSS Distributions config |= CS_CONFIG_INTEGRITY_SKIP;
189*0f4c859eSApple OSS Distributions }
190*0f4c859eSApple OSS Distributions
191*0f4c859eSApple OSS Distributions #if PMAP_CS_PPL_MONITOR
192*0f4c859eSApple OSS Distributions
193*0f4c859eSApple OSS Distributions if (csm_enabled() == true) {
194*0f4c859eSApple OSS Distributions int pmap_cs_allow_any_signature = 0;
195*0f4c859eSApple OSS Distributions bool override = PE_parse_boot_argn(
196*0f4c859eSApple OSS Distributions "pmap_cs_allow_any_signature",
197*0f4c859eSApple OSS Distributions &pmap_cs_allow_any_signature,
198*0f4c859eSApple OSS Distributions sizeof(pmap_cs_allow_any_signature));
199*0f4c859eSApple OSS Distributions
200*0f4c859eSApple OSS Distributions if (!pmap_cs_allow_any_signature && override) {
201*0f4c859eSApple OSS Distributions config &= ~CS_CONFIG_ALLOW_ANY_SIGNATURE;
202*0f4c859eSApple OSS Distributions }
203*0f4c859eSApple OSS Distributions
204*0f4c859eSApple OSS Distributions int pmap_cs_unrestrict_task_for_pid = 0;
205*0f4c859eSApple OSS Distributions override = PE_parse_boot_argn(
206*0f4c859eSApple OSS Distributions "pmap_cs_unrestrict_pmap_cs_disable",
207*0f4c859eSApple OSS Distributions &pmap_cs_unrestrict_task_for_pid,
208*0f4c859eSApple OSS Distributions sizeof(pmap_cs_unrestrict_task_for_pid));
209*0f4c859eSApple OSS Distributions
210*0f4c859eSApple OSS Distributions if (!pmap_cs_unrestrict_task_for_pid && override) {
211*0f4c859eSApple OSS Distributions config &= ~CS_CONFIG_UNRESTRICTED_DEBUGGING;
212*0f4c859eSApple OSS Distributions }
213*0f4c859eSApple OSS Distributions
214*0f4c859eSApple OSS Distributions int pmap_cs_enforcement_disable = 0;
215*0f4c859eSApple OSS Distributions override = PE_parse_boot_argn(
216*0f4c859eSApple OSS Distributions "pmap_cs_allow_modified_code_pages",
217*0f4c859eSApple OSS Distributions &pmap_cs_enforcement_disable,
218*0f4c859eSApple OSS Distributions sizeof(pmap_cs_enforcement_disable));
219*0f4c859eSApple OSS Distributions
220*0f4c859eSApple OSS Distributions if (!pmap_cs_enforcement_disable && override) {
221*0f4c859eSApple OSS Distributions config &= ~CS_CONFIG_ENFORCEMENT_DISABLED;
222*0f4c859eSApple OSS Distributions }
223*0f4c859eSApple OSS Distributions }
224*0f4c859eSApple OSS Distributions
225*0f4c859eSApple OSS Distributions #endif /* */
226*0f4c859eSApple OSS Distributions #endif /* DEVELOPMENT || DEBUG */
227*0f4c859eSApple OSS Distributions
228*0f4c859eSApple OSS Distributions os_atomic_store(&cs_monitor, monitor_type, relaxed);
229*0f4c859eSApple OSS Distributions os_atomic_store(&cs_config, config, relaxed);
230*0f4c859eSApple OSS Distributions
231*0f4c859eSApple OSS Distributions /*
232*0f4c859eSApple OSS Distributions * We write the cs_config_set variable with store-release semantics which means
233*0f4c859eSApple OSS Distributions * no writes before this call will be re-ordered to after this call. Hence, if
234*0f4c859eSApple OSS Distributions * someone reads this variable with load-acquire semantics, and they observe a
235*0f4c859eSApple OSS Distributions * value of true, then they will be able to observe the correct values of the
236*0f4c859eSApple OSS Distributions * cs_monitor and the cs_config variables as well.
237*0f4c859eSApple OSS Distributions */
238*0f4c859eSApple OSS Distributions os_atomic_store(&cs_config_set, true, release);
239*0f4c859eSApple OSS Distributions
240*0f4c859eSApple OSS Distributions config_set:
241*0f4c859eSApple OSS Distributions /* Ensure configuration has been set */
242*0f4c859eSApple OSS Distributions assert(os_atomic_load(&cs_config_set, relaxed) == true);
243*0f4c859eSApple OSS Distributions
244*0f4c859eSApple OSS Distributions /* Set the monitor type */
245*0f4c859eSApple OSS Distributions if (monitor_type_out) {
246*0f4c859eSApple OSS Distributions *monitor_type_out = os_atomic_load(&cs_monitor, relaxed);
247*0f4c859eSApple OSS Distributions }
248*0f4c859eSApple OSS Distributions
249*0f4c859eSApple OSS Distributions /* Set the configuration */
250*0f4c859eSApple OSS Distributions if (config_out) {
251*0f4c859eSApple OSS Distributions *config_out = os_atomic_load(&cs_config, relaxed);
252*0f4c859eSApple OSS Distributions }
253*0f4c859eSApple OSS Distributions }
254*0f4c859eSApple OSS Distributions
255*0f4c859eSApple OSS Distributions void
disable_code_signing_feature(code_signing_config_t feature)256*0f4c859eSApple OSS Distributions disable_code_signing_feature(
257*0f4c859eSApple OSS Distributions code_signing_config_t feature)
258*0f4c859eSApple OSS Distributions {
259*0f4c859eSApple OSS Distributions /*
260*0f4c859eSApple OSS Distributions * We require that this function be called only after the code signing config
261*0f4c859eSApple OSS Distributions * has been setup initially with a call to code_signing_configuration.
262*0f4c859eSApple OSS Distributions */
263*0f4c859eSApple OSS Distributions if (os_atomic_load(&cs_config_set, acquire) == false) {
264*0f4c859eSApple OSS Distributions panic("attempted to disable code signing feature without init: %u", feature);
265*0f4c859eSApple OSS Distributions }
266*0f4c859eSApple OSS Distributions
267*0f4c859eSApple OSS Distributions /*
268*0f4c859eSApple OSS Distributions * We require that only a single feature be disabled through a single call to this
269*0f4c859eSApple OSS Distributions * function. Moreover, we ensure that only valid features are being disabled.
270*0f4c859eSApple OSS Distributions */
271*0f4c859eSApple OSS Distributions switch (feature) {
272*0f4c859eSApple OSS Distributions case CS_CONFIG_DEVELOPER_MODE_SUPPORTED:
273*0f4c859eSApple OSS Distributions cs_config &= ~CS_CONFIG_DEVELOPER_MODE_SUPPORTED;
274*0f4c859eSApple OSS Distributions break;
275*0f4c859eSApple OSS Distributions
276*0f4c859eSApple OSS Distributions case CS_CONFIG_COMPILATION_SERVICE:
277*0f4c859eSApple OSS Distributions cs_config &= ~CS_CONFIG_COMPILATION_SERVICE;
278*0f4c859eSApple OSS Distributions break;
279*0f4c859eSApple OSS Distributions
280*0f4c859eSApple OSS Distributions case CS_CONFIG_LOCAL_SIGNING:
281*0f4c859eSApple OSS Distributions cs_config &= ~CS_CONFIG_LOCAL_SIGNING;
282*0f4c859eSApple OSS Distributions break;
283*0f4c859eSApple OSS Distributions
284*0f4c859eSApple OSS Distributions case CS_CONFIG_OOP_JIT:
285*0f4c859eSApple OSS Distributions cs_config &= ~CS_CONFIG_OOP_JIT;
286*0f4c859eSApple OSS Distributions break;
287*0f4c859eSApple OSS Distributions
288*0f4c859eSApple OSS Distributions default:
289*0f4c859eSApple OSS Distributions panic("attempted to disable a code signing feature invalidly: %u", feature);
290*0f4c859eSApple OSS Distributions }
291*0f4c859eSApple OSS Distributions
292*0f4c859eSApple OSS Distributions /* Ensure all readers can observe the latest data */
293*0f4c859eSApple OSS Distributions #if defined(__arm64__)
294*0f4c859eSApple OSS Distributions __asm__ volatile ("dmb ish" ::: "memory");
295*0f4c859eSApple OSS Distributions #elif defined(__x86_64__)
296*0f4c859eSApple OSS Distributions __asm__ volatile ("mfence" ::: "memory");
297*0f4c859eSApple OSS Distributions #else
298*0f4c859eSApple OSS Distributions #error "Unknown platform -- fence instruction unavailable"
299*0f4c859eSApple OSS Distributions #endif
300*0f4c859eSApple OSS Distributions }
301*0f4c859eSApple OSS Distributions
302*0f4c859eSApple OSS Distributions #pragma mark Developer Mode
303*0f4c859eSApple OSS Distributions
304*0f4c859eSApple OSS Distributions void
enable_developer_mode(void)305*0f4c859eSApple OSS Distributions enable_developer_mode(void)
306*0f4c859eSApple OSS Distributions {
307*0f4c859eSApple OSS Distributions CSM_PREFIX(toggle_developer_mode)(true);
308*0f4c859eSApple OSS Distributions }
309*0f4c859eSApple OSS Distributions
310*0f4c859eSApple OSS Distributions void
disable_developer_mode(void)311*0f4c859eSApple OSS Distributions disable_developer_mode(void)
312*0f4c859eSApple OSS Distributions {
313*0f4c859eSApple OSS Distributions CSM_PREFIX(toggle_developer_mode)(false);
314*0f4c859eSApple OSS Distributions }
315*0f4c859eSApple OSS Distributions
316*0f4c859eSApple OSS Distributions bool
developer_mode_state(void)317*0f4c859eSApple OSS Distributions developer_mode_state(void)
318*0f4c859eSApple OSS Distributions {
319*0f4c859eSApple OSS Distributions /* Assume false if the pointer isn't setup */
320*0f4c859eSApple OSS Distributions if (developer_mode_enabled == NULL) {
321*0f4c859eSApple OSS Distributions return false;
322*0f4c859eSApple OSS Distributions }
323*0f4c859eSApple OSS Distributions
324*0f4c859eSApple OSS Distributions return os_atomic_load(developer_mode_enabled, relaxed);
325*0f4c859eSApple OSS Distributions }
326*0f4c859eSApple OSS Distributions
327*0f4c859eSApple OSS Distributions #pragma mark Provisioning Profiles
328*0f4c859eSApple OSS Distributions /*
329*0f4c859eSApple OSS Distributions * AMFI performs full profile validation by itself. XNU only needs to manage provisioning
330*0f4c859eSApple OSS Distributions * profiles when we have a monitor since the monitor needs to independently verify the
331*0f4c859eSApple OSS Distributions * profile data as well.
332*0f4c859eSApple OSS Distributions */
333*0f4c859eSApple OSS Distributions
334*0f4c859eSApple OSS Distributions void
garbage_collect_provisioning_profiles(void)335*0f4c859eSApple OSS Distributions garbage_collect_provisioning_profiles(void)
336*0f4c859eSApple OSS Distributions {
337*0f4c859eSApple OSS Distributions #if CODE_SIGNING_MONITOR
338*0f4c859eSApple OSS Distributions csm_free_provisioning_profiles();
339*0f4c859eSApple OSS Distributions #endif
340*0f4c859eSApple OSS Distributions }
341*0f4c859eSApple OSS Distributions
342*0f4c859eSApple OSS Distributions #if CODE_SIGNING_MONITOR
343*0f4c859eSApple OSS Distributions
344*0f4c859eSApple OSS Distributions /* Structure used to maintain the set of registered profiles on the system */
345*0f4c859eSApple OSS Distributions typedef struct _cs_profile {
346*0f4c859eSApple OSS Distributions /* The UUID of the registered profile */
347*0f4c859eSApple OSS Distributions uuid_t profile_uuid;
348*0f4c859eSApple OSS Distributions
349*0f4c859eSApple OSS Distributions /* The profile validation object from the monitor */
350*0f4c859eSApple OSS Distributions void *profile_obj;
351*0f4c859eSApple OSS Distributions
352*0f4c859eSApple OSS Distributions /*
353*0f4c859eSApple OSS Distributions * In order to minimize the number of times the same profile would need to be
354*0f4c859eSApple OSS Distributions * registered, we allow frequently used profiles to skip the garbage collector
355*0f4c859eSApple OSS Distributions * for one pass.
356*0f4c859eSApple OSS Distributions */
357*0f4c859eSApple OSS Distributions bool skip_collector;
358*0f4c859eSApple OSS Distributions
359*0f4c859eSApple OSS Distributions /* Linked list linkage */
360*0f4c859eSApple OSS Distributions SLIST_ENTRY(_cs_profile) link;
361*0f4c859eSApple OSS Distributions } cs_profile_t;
362*0f4c859eSApple OSS Distributions
363*0f4c859eSApple OSS Distributions /* Linked list head for registered profiles */
364*0f4c859eSApple OSS Distributions static SLIST_HEAD(, _cs_profile) all_profiles = SLIST_HEAD_INITIALIZER(all_profiles);
365*0f4c859eSApple OSS Distributions
366*0f4c859eSApple OSS Distributions /* Lock for the provisioning profiles */
367*0f4c859eSApple OSS Distributions LCK_GRP_DECLARE(profiles_lck_grp, "profiles_lck_grp");
368*0f4c859eSApple OSS Distributions decl_lck_rw_data(, profiles_lock);
369*0f4c859eSApple OSS Distributions
370*0f4c859eSApple OSS Distributions void
csm_initialize_provisioning_profiles(void)371*0f4c859eSApple OSS Distributions csm_initialize_provisioning_profiles(void)
372*0f4c859eSApple OSS Distributions {
373*0f4c859eSApple OSS Distributions /* Ensure the CoreTrust kernel extension has loaded */
374*0f4c859eSApple OSS Distributions if (coretrust == NULL) {
375*0f4c859eSApple OSS Distributions panic("coretrust interface not available");
376*0f4c859eSApple OSS Distributions }
377*0f4c859eSApple OSS Distributions
378*0f4c859eSApple OSS Distributions /* Initialize the provisoning profiles lock */
379*0f4c859eSApple OSS Distributions lck_rw_init(&profiles_lock, &profiles_lck_grp, 0);
380*0f4c859eSApple OSS Distributions printf("initialized XNU provisioning profile data\n");
381*0f4c859eSApple OSS Distributions
382*0f4c859eSApple OSS Distributions #if PMAP_CS_PPL_MONITOR
383*0f4c859eSApple OSS Distributions pmap_initialize_provisioning_profiles();
384*0f4c859eSApple OSS Distributions #endif
385*0f4c859eSApple OSS Distributions }
386*0f4c859eSApple OSS Distributions
387*0f4c859eSApple OSS Distributions static cs_profile_t*
search_for_profile_uuid(const uuid_t profile_uuid)388*0f4c859eSApple OSS Distributions search_for_profile_uuid(
389*0f4c859eSApple OSS Distributions const uuid_t profile_uuid)
390*0f4c859eSApple OSS Distributions {
391*0f4c859eSApple OSS Distributions cs_profile_t *profile = NULL;
392*0f4c859eSApple OSS Distributions
393*0f4c859eSApple OSS Distributions /* Caller is required to acquire the lock */
394*0f4c859eSApple OSS Distributions lck_rw_assert(&profiles_lock, LCK_RW_ASSERT_HELD);
395*0f4c859eSApple OSS Distributions
396*0f4c859eSApple OSS Distributions SLIST_FOREACH(profile, &all_profiles, link) {
397*0f4c859eSApple OSS Distributions if (uuid_compare(profile_uuid, profile->profile_uuid) == 0) {
398*0f4c859eSApple OSS Distributions return profile;
399*0f4c859eSApple OSS Distributions }
400*0f4c859eSApple OSS Distributions }
401*0f4c859eSApple OSS Distributions
402*0f4c859eSApple OSS Distributions return NULL;
403*0f4c859eSApple OSS Distributions }
404*0f4c859eSApple OSS Distributions
405*0f4c859eSApple OSS Distributions kern_return_t
csm_register_provisioning_profile(const uuid_t profile_uuid,const void * profile_blob,const size_t profile_blob_size)406*0f4c859eSApple OSS Distributions csm_register_provisioning_profile(
407*0f4c859eSApple OSS Distributions const uuid_t profile_uuid,
408*0f4c859eSApple OSS Distributions const void *profile_blob,
409*0f4c859eSApple OSS Distributions const size_t profile_blob_size)
410*0f4c859eSApple OSS Distributions {
411*0f4c859eSApple OSS Distributions cs_profile_t *profile = NULL;
412*0f4c859eSApple OSS Distributions void *monitor_profile_obj = NULL;
413*0f4c859eSApple OSS Distributions kern_return_t ret = KERN_DENIED;
414*0f4c859eSApple OSS Distributions
415*0f4c859eSApple OSS Distributions /* Allocate storage for the profile wrapper object */
416*0f4c859eSApple OSS Distributions profile = kalloc_type(cs_profile_t, Z_WAITOK_ZERO);
417*0f4c859eSApple OSS Distributions assert(profile != NULL);
418*0f4c859eSApple OSS Distributions
419*0f4c859eSApple OSS Distributions /* Lock the profile set exclusively */
420*0f4c859eSApple OSS Distributions lck_rw_lock_exclusive(&profiles_lock);
421*0f4c859eSApple OSS Distributions
422*0f4c859eSApple OSS Distributions /* Check to make sure this isn't a duplicate UUID */
423*0f4c859eSApple OSS Distributions cs_profile_t *dup_profile = search_for_profile_uuid(profile_uuid);
424*0f4c859eSApple OSS Distributions if (dup_profile != NULL) {
425*0f4c859eSApple OSS Distributions /* This profile might be used soon -- skip garbage collector */
426*0f4c859eSApple OSS Distributions dup_profile->skip_collector = true;
427*0f4c859eSApple OSS Distributions
428*0f4c859eSApple OSS Distributions ret = KERN_ALREADY_IN_SET;
429*0f4c859eSApple OSS Distributions goto exit;
430*0f4c859eSApple OSS Distributions }
431*0f4c859eSApple OSS Distributions
432*0f4c859eSApple OSS Distributions ret = CSM_PREFIX(register_provisioning_profile)(
433*0f4c859eSApple OSS Distributions profile_blob,
434*0f4c859eSApple OSS Distributions profile_blob_size,
435*0f4c859eSApple OSS Distributions &monitor_profile_obj);
436*0f4c859eSApple OSS Distributions
437*0f4c859eSApple OSS Distributions if (ret == KERN_SUCCESS) {
438*0f4c859eSApple OSS Distributions /* Copy in the profile UUID */
439*0f4c859eSApple OSS Distributions uuid_copy(profile->profile_uuid, profile_uuid);
440*0f4c859eSApple OSS Distributions
441*0f4c859eSApple OSS Distributions /* Setup the monitor's profile object */
442*0f4c859eSApple OSS Distributions profile->profile_obj = monitor_profile_obj;
443*0f4c859eSApple OSS Distributions
444*0f4c859eSApple OSS Distributions /* This profile might be used soon -- skip garbage collector */
445*0f4c859eSApple OSS Distributions profile->skip_collector = true;
446*0f4c859eSApple OSS Distributions
447*0f4c859eSApple OSS Distributions /* Insert at the head of the profile set */
448*0f4c859eSApple OSS Distributions SLIST_INSERT_HEAD(&all_profiles, profile, link);
449*0f4c859eSApple OSS Distributions }
450*0f4c859eSApple OSS Distributions
451*0f4c859eSApple OSS Distributions exit:
452*0f4c859eSApple OSS Distributions /* Unlock the profile set */
453*0f4c859eSApple OSS Distributions lck_rw_unlock_exclusive(&profiles_lock);
454*0f4c859eSApple OSS Distributions
455*0f4c859eSApple OSS Distributions if (ret != KERN_SUCCESS) {
456*0f4c859eSApple OSS Distributions /* Free the profile wrapper object */
457*0f4c859eSApple OSS Distributions kfree_type(cs_profile_t, profile);
458*0f4c859eSApple OSS Distributions profile = NULL;
459*0f4c859eSApple OSS Distributions
460*0f4c859eSApple OSS Distributions if (ret != KERN_ALREADY_IN_SET) {
461*0f4c859eSApple OSS Distributions printf("unable to register profile with monitor: %d\n", ret);
462*0f4c859eSApple OSS Distributions }
463*0f4c859eSApple OSS Distributions }
464*0f4c859eSApple OSS Distributions
465*0f4c859eSApple OSS Distributions return ret;
466*0f4c859eSApple OSS Distributions }
467*0f4c859eSApple OSS Distributions
468*0f4c859eSApple OSS Distributions kern_return_t
csm_associate_provisioning_profile(void * monitor_sig_obj,const uuid_t profile_uuid)469*0f4c859eSApple OSS Distributions csm_associate_provisioning_profile(
470*0f4c859eSApple OSS Distributions void *monitor_sig_obj,
471*0f4c859eSApple OSS Distributions const uuid_t profile_uuid)
472*0f4c859eSApple OSS Distributions {
473*0f4c859eSApple OSS Distributions cs_profile_t *profile = NULL;
474*0f4c859eSApple OSS Distributions kern_return_t ret = KERN_DENIED;
475*0f4c859eSApple OSS Distributions
476*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
477*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
478*0f4c859eSApple OSS Distributions }
479*0f4c859eSApple OSS Distributions
480*0f4c859eSApple OSS Distributions /* Lock the profile set as shared */
481*0f4c859eSApple OSS Distributions lck_rw_lock_shared(&profiles_lock);
482*0f4c859eSApple OSS Distributions
483*0f4c859eSApple OSS Distributions /* Search for the provisioning profile */
484*0f4c859eSApple OSS Distributions profile = search_for_profile_uuid(profile_uuid);
485*0f4c859eSApple OSS Distributions if (profile == NULL) {
486*0f4c859eSApple OSS Distributions ret = KERN_NOT_FOUND;
487*0f4c859eSApple OSS Distributions goto exit;
488*0f4c859eSApple OSS Distributions }
489*0f4c859eSApple OSS Distributions
490*0f4c859eSApple OSS Distributions ret = CSM_PREFIX(associate_provisioning_profile)(
491*0f4c859eSApple OSS Distributions monitor_sig_obj,
492*0f4c859eSApple OSS Distributions profile->profile_obj);
493*0f4c859eSApple OSS Distributions
494*0f4c859eSApple OSS Distributions if (ret == KERN_SUCCESS) {
495*0f4c859eSApple OSS Distributions /*
496*0f4c859eSApple OSS Distributions * This seems like an active profile -- let it skip the garbage collector on
497*0f4c859eSApple OSS Distributions * the next pass. We can modify this field even though we've only taken a shared
498*0f4c859eSApple OSS Distributions * lock as in this case we're always setting it to a fixed value.
499*0f4c859eSApple OSS Distributions */
500*0f4c859eSApple OSS Distributions profile->skip_collector = true;
501*0f4c859eSApple OSS Distributions }
502*0f4c859eSApple OSS Distributions
503*0f4c859eSApple OSS Distributions exit:
504*0f4c859eSApple OSS Distributions /* Unlock the profile set */
505*0f4c859eSApple OSS Distributions lck_rw_unlock_shared(&profiles_lock);
506*0f4c859eSApple OSS Distributions
507*0f4c859eSApple OSS Distributions if (ret != KERN_SUCCESS) {
508*0f4c859eSApple OSS Distributions printf("unable to associate profile: %d\n", ret);
509*0f4c859eSApple OSS Distributions }
510*0f4c859eSApple OSS Distributions return ret;
511*0f4c859eSApple OSS Distributions }
512*0f4c859eSApple OSS Distributions
513*0f4c859eSApple OSS Distributions kern_return_t
csm_disassociate_provisioning_profile(void * monitor_sig_obj)514*0f4c859eSApple OSS Distributions csm_disassociate_provisioning_profile(
515*0f4c859eSApple OSS Distributions void *monitor_sig_obj)
516*0f4c859eSApple OSS Distributions {
517*0f4c859eSApple OSS Distributions kern_return_t ret = KERN_DENIED;
518*0f4c859eSApple OSS Distributions
519*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
520*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
521*0f4c859eSApple OSS Distributions }
522*0f4c859eSApple OSS Distributions
523*0f4c859eSApple OSS Distributions /* Call out to the monitor */
524*0f4c859eSApple OSS Distributions ret = CSM_PREFIX(disassociate_provisioning_profile)(monitor_sig_obj);
525*0f4c859eSApple OSS Distributions
526*0f4c859eSApple OSS Distributions if ((ret != KERN_SUCCESS) && (ret != KERN_NOT_FOUND)) {
527*0f4c859eSApple OSS Distributions printf("unable to disassociate profile: %d\n", ret);
528*0f4c859eSApple OSS Distributions }
529*0f4c859eSApple OSS Distributions return ret;
530*0f4c859eSApple OSS Distributions }
531*0f4c859eSApple OSS Distributions
532*0f4c859eSApple OSS Distributions static kern_return_t
unregister_provisioning_profile(cs_profile_t * profile)533*0f4c859eSApple OSS Distributions unregister_provisioning_profile(
534*0f4c859eSApple OSS Distributions cs_profile_t *profile)
535*0f4c859eSApple OSS Distributions {
536*0f4c859eSApple OSS Distributions kern_return_t ret = KERN_DENIED;
537*0f4c859eSApple OSS Distributions
538*0f4c859eSApple OSS Distributions /* Call out to the monitor */
539*0f4c859eSApple OSS Distributions ret = CSM_PREFIX(unregister_provisioning_profile)(profile->profile_obj);
540*0f4c859eSApple OSS Distributions
541*0f4c859eSApple OSS Distributions /*
542*0f4c859eSApple OSS Distributions * KERN_FAILURE represents the case when the unregistration failed because the
543*0f4c859eSApple OSS Distributions * monitor noted that the profile was still being used. Other than that, there
544*0f4c859eSApple OSS Distributions * is no other error expected out of this interface. In fact, there is no easy
545*0f4c859eSApple OSS Distributions * way to deal with other errors, as the profile state may be corrupted. If we
546*0f4c859eSApple OSS Distributions * see a different error, then we panic.
547*0f4c859eSApple OSS Distributions */
548*0f4c859eSApple OSS Distributions if ((ret != KERN_SUCCESS) && (ret != KERN_FAILURE)) {
549*0f4c859eSApple OSS Distributions panic("unable to unregister profile from monitor: %d | %p\n", ret, profile);
550*0f4c859eSApple OSS Distributions }
551*0f4c859eSApple OSS Distributions
552*0f4c859eSApple OSS Distributions return ret;
553*0f4c859eSApple OSS Distributions }
554*0f4c859eSApple OSS Distributions
555*0f4c859eSApple OSS Distributions void
csm_free_provisioning_profiles(void)556*0f4c859eSApple OSS Distributions csm_free_provisioning_profiles(void)
557*0f4c859eSApple OSS Distributions {
558*0f4c859eSApple OSS Distributions kern_return_t ret = KERN_DENIED;
559*0f4c859eSApple OSS Distributions cs_profile_t *profile = NULL;
560*0f4c859eSApple OSS Distributions cs_profile_t *temp_profile = NULL;
561*0f4c859eSApple OSS Distributions
562*0f4c859eSApple OSS Distributions /* Lock the profile set exclusively */
563*0f4c859eSApple OSS Distributions lck_rw_lock_exclusive(&profiles_lock);
564*0f4c859eSApple OSS Distributions
565*0f4c859eSApple OSS Distributions SLIST_FOREACH_SAFE(profile, &all_profiles, link, temp_profile) {
566*0f4c859eSApple OSS Distributions if (profile->skip_collector == true) {
567*0f4c859eSApple OSS Distributions profile->skip_collector = false;
568*0f4c859eSApple OSS Distributions continue;
569*0f4c859eSApple OSS Distributions }
570*0f4c859eSApple OSS Distributions
571*0f4c859eSApple OSS Distributions /* Attempt to unregister this profile from the system */
572*0f4c859eSApple OSS Distributions ret = unregister_provisioning_profile(profile);
573*0f4c859eSApple OSS Distributions if (ret == KERN_SUCCESS) {
574*0f4c859eSApple OSS Distributions /* Remove the profile from the profile set */
575*0f4c859eSApple OSS Distributions SLIST_REMOVE(&all_profiles, profile, _cs_profile, link);
576*0f4c859eSApple OSS Distributions
577*0f4c859eSApple OSS Distributions /* Free the memory consumed for the profile wrapper object */
578*0f4c859eSApple OSS Distributions kfree_type(cs_profile_t, profile);
579*0f4c859eSApple OSS Distributions profile = NULL;
580*0f4c859eSApple OSS Distributions }
581*0f4c859eSApple OSS Distributions }
582*0f4c859eSApple OSS Distributions
583*0f4c859eSApple OSS Distributions /* Unlock the profile set */
584*0f4c859eSApple OSS Distributions lck_rw_unlock_exclusive(&profiles_lock);
585*0f4c859eSApple OSS Distributions }
586*0f4c859eSApple OSS Distributions
587*0f4c859eSApple OSS Distributions #endif /* CODE_SIGNING_MONITOR */
588*0f4c859eSApple OSS Distributions
589*0f4c859eSApple OSS Distributions #pragma mark Code Signing
590*0f4c859eSApple OSS Distributions /*
591*0f4c859eSApple OSS Distributions * AMFI performs full signature validation by itself. For some things, AMFI uses XNU in
592*0f4c859eSApple OSS Distributions * order to abstract away the underlying implementation for data storage, but for most of
593*0f4c859eSApple OSS Distributions * these, AMFI doesn't directly interact with them, and they're only required when we have
594*0f4c859eSApple OSS Distributions * a code signing monitor on the system.
595*0f4c859eSApple OSS Distributions */
596*0f4c859eSApple OSS Distributions
597*0f4c859eSApple OSS Distributions void
set_compilation_service_cdhash(const uint8_t cdhash[CS_CDHASH_LEN])598*0f4c859eSApple OSS Distributions set_compilation_service_cdhash(
599*0f4c859eSApple OSS Distributions const uint8_t cdhash[CS_CDHASH_LEN])
600*0f4c859eSApple OSS Distributions {
601*0f4c859eSApple OSS Distributions CSM_PREFIX(set_compilation_service_cdhash)(cdhash);
602*0f4c859eSApple OSS Distributions }
603*0f4c859eSApple OSS Distributions
604*0f4c859eSApple OSS Distributions bool
match_compilation_service_cdhash(const uint8_t cdhash[CS_CDHASH_LEN])605*0f4c859eSApple OSS Distributions match_compilation_service_cdhash(
606*0f4c859eSApple OSS Distributions const uint8_t cdhash[CS_CDHASH_LEN])
607*0f4c859eSApple OSS Distributions {
608*0f4c859eSApple OSS Distributions return CSM_PREFIX(match_compilation_service_cdhash)(cdhash);
609*0f4c859eSApple OSS Distributions }
610*0f4c859eSApple OSS Distributions
611*0f4c859eSApple OSS Distributions void
set_local_signing_public_key(const uint8_t public_key[XNU_LOCAL_SIGNING_KEY_SIZE])612*0f4c859eSApple OSS Distributions set_local_signing_public_key(
613*0f4c859eSApple OSS Distributions const uint8_t public_key[XNU_LOCAL_SIGNING_KEY_SIZE])
614*0f4c859eSApple OSS Distributions {
615*0f4c859eSApple OSS Distributions CSM_PREFIX(set_local_signing_public_key)(public_key);
616*0f4c859eSApple OSS Distributions }
617*0f4c859eSApple OSS Distributions
618*0f4c859eSApple OSS Distributions uint8_t*
get_local_signing_public_key(void)619*0f4c859eSApple OSS Distributions get_local_signing_public_key(void)
620*0f4c859eSApple OSS Distributions {
621*0f4c859eSApple OSS Distributions return CSM_PREFIX(get_local_signing_public_key)();
622*0f4c859eSApple OSS Distributions }
623*0f4c859eSApple OSS Distributions
624*0f4c859eSApple OSS Distributions void
unrestrict_local_signing_cdhash(__unused const uint8_t cdhash[CS_CDHASH_LEN])625*0f4c859eSApple OSS Distributions unrestrict_local_signing_cdhash(
626*0f4c859eSApple OSS Distributions __unused const uint8_t cdhash[CS_CDHASH_LEN])
627*0f4c859eSApple OSS Distributions {
628*0f4c859eSApple OSS Distributions /*
629*0f4c859eSApple OSS Distributions * Since AMFI manages code signing on its own, we only need to unrestrict the
630*0f4c859eSApple OSS Distributions * local signing cdhash when we have a monitor environment.
631*0f4c859eSApple OSS Distributions */
632*0f4c859eSApple OSS Distributions
633*0f4c859eSApple OSS Distributions #if CODE_SIGNING_MONITOR
634*0f4c859eSApple OSS Distributions CSM_PREFIX(unrestrict_local_signing_cdhash)(cdhash);
635*0f4c859eSApple OSS Distributions #endif
636*0f4c859eSApple OSS Distributions }
637*0f4c859eSApple OSS Distributions
638*0f4c859eSApple OSS Distributions kern_return_t
get_trust_level_kdp(__unused pmap_t pmap,__unused uint32_t * trust_level)639*0f4c859eSApple OSS Distributions get_trust_level_kdp(
640*0f4c859eSApple OSS Distributions __unused pmap_t pmap,
641*0f4c859eSApple OSS Distributions __unused uint32_t *trust_level)
642*0f4c859eSApple OSS Distributions {
643*0f4c859eSApple OSS Distributions #if CODE_SIGNING_MONITOR
644*0f4c859eSApple OSS Distributions return csm_get_trust_level_kdp(pmap, trust_level);
645*0f4c859eSApple OSS Distributions #else
646*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
647*0f4c859eSApple OSS Distributions #endif
648*0f4c859eSApple OSS Distributions }
649*0f4c859eSApple OSS Distributions
650*0f4c859eSApple OSS Distributions kern_return_t
csm_resolve_os_entitlements_from_proc(__unused const proc_t process,__unused const void ** os_entitlements)651*0f4c859eSApple OSS Distributions csm_resolve_os_entitlements_from_proc(
652*0f4c859eSApple OSS Distributions __unused const proc_t process,
653*0f4c859eSApple OSS Distributions __unused const void **os_entitlements)
654*0f4c859eSApple OSS Distributions {
655*0f4c859eSApple OSS Distributions #if CODE_SIGNING_MONITOR
656*0f4c859eSApple OSS Distributions task_t task = NULL;
657*0f4c859eSApple OSS Distributions vm_map_t task_map = NULL;
658*0f4c859eSApple OSS Distributions pmap_t task_pmap = NULL;
659*0f4c859eSApple OSS Distributions kern_return_t ret = KERN_DENIED;
660*0f4c859eSApple OSS Distributions
661*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
662*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
663*0f4c859eSApple OSS Distributions }
664*0f4c859eSApple OSS Distributions
665*0f4c859eSApple OSS Distributions /* Ensure the process comes from the proc_task zone */
666*0f4c859eSApple OSS Distributions proc_require(process, PROC_REQUIRE_ALLOW_ALL);
667*0f4c859eSApple OSS Distributions
668*0f4c859eSApple OSS Distributions /* Acquire the task from the proc */
669*0f4c859eSApple OSS Distributions task = proc_task(process);
670*0f4c859eSApple OSS Distributions if (task == NULL) {
671*0f4c859eSApple OSS Distributions return KERN_NOT_FOUND;
672*0f4c859eSApple OSS Distributions }
673*0f4c859eSApple OSS Distributions
674*0f4c859eSApple OSS Distributions /* Acquire the virtual memory map from the task -- takes a reference on it */
675*0f4c859eSApple OSS Distributions task_map = get_task_map_reference(task);
676*0f4c859eSApple OSS Distributions if (task_map == NULL) {
677*0f4c859eSApple OSS Distributions return KERN_NOT_FOUND;
678*0f4c859eSApple OSS Distributions }
679*0f4c859eSApple OSS Distributions
680*0f4c859eSApple OSS Distributions /* Acquire the pmap from the virtual memory map */
681*0f4c859eSApple OSS Distributions task_pmap = vm_map_get_pmap(task_map);
682*0f4c859eSApple OSS Distributions assert(task_pmap != NULL);
683*0f4c859eSApple OSS Distributions
684*0f4c859eSApple OSS Distributions /* Call into the monitor to resolve the entitlements */
685*0f4c859eSApple OSS Distributions ret = CSM_PREFIX(resolve_kernel_entitlements)(task_pmap, os_entitlements);
686*0f4c859eSApple OSS Distributions
687*0f4c859eSApple OSS Distributions /* Release the reference on the virtual memory map */
688*0f4c859eSApple OSS Distributions vm_map_deallocate(task_map);
689*0f4c859eSApple OSS Distributions
690*0f4c859eSApple OSS Distributions return ret;
691*0f4c859eSApple OSS Distributions #else
692*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
693*0f4c859eSApple OSS Distributions #endif
694*0f4c859eSApple OSS Distributions }
695*0f4c859eSApple OSS Distributions
696*0f4c859eSApple OSS Distributions kern_return_t
address_space_debugged(const proc_t process)697*0f4c859eSApple OSS Distributions address_space_debugged(
698*0f4c859eSApple OSS Distributions const proc_t process)
699*0f4c859eSApple OSS Distributions {
700*0f4c859eSApple OSS Distributions /* Must pass in a valid proc_t */
701*0f4c859eSApple OSS Distributions if (process == NULL) {
702*0f4c859eSApple OSS Distributions printf("%s: provided a NULL process\n", __FUNCTION__);
703*0f4c859eSApple OSS Distributions return KERN_DENIED;
704*0f4c859eSApple OSS Distributions }
705*0f4c859eSApple OSS Distributions proc_require(process, PROC_REQUIRE_ALLOW_ALL);
706*0f4c859eSApple OSS Distributions
707*0f4c859eSApple OSS Distributions /* Developer mode must always be enabled for this to return successfully */
708*0f4c859eSApple OSS Distributions if (developer_mode_state() == false) {
709*0f4c859eSApple OSS Distributions return KERN_DENIED;
710*0f4c859eSApple OSS Distributions }
711*0f4c859eSApple OSS Distributions
712*0f4c859eSApple OSS Distributions #if CODE_SIGNING_MONITOR
713*0f4c859eSApple OSS Distributions task_t task = NULL;
714*0f4c859eSApple OSS Distributions vm_map_t task_map = NULL;
715*0f4c859eSApple OSS Distributions pmap_t task_pmap = NULL;
716*0f4c859eSApple OSS Distributions
717*0f4c859eSApple OSS Distributions if (csm_enabled() == true) {
718*0f4c859eSApple OSS Distributions /* Acquire the task from the proc */
719*0f4c859eSApple OSS Distributions task = proc_task(process);
720*0f4c859eSApple OSS Distributions if (task == NULL) {
721*0f4c859eSApple OSS Distributions return KERN_NOT_FOUND;
722*0f4c859eSApple OSS Distributions }
723*0f4c859eSApple OSS Distributions
724*0f4c859eSApple OSS Distributions /* Acquire the virtual memory map from the task -- takes a reference on it */
725*0f4c859eSApple OSS Distributions task_map = get_task_map_reference(task);
726*0f4c859eSApple OSS Distributions if (task_map == NULL) {
727*0f4c859eSApple OSS Distributions return KERN_NOT_FOUND;
728*0f4c859eSApple OSS Distributions }
729*0f4c859eSApple OSS Distributions
730*0f4c859eSApple OSS Distributions /* Acquire the pmap from the virtual memory map */
731*0f4c859eSApple OSS Distributions task_pmap = vm_map_get_pmap(task_map);
732*0f4c859eSApple OSS Distributions assert(task_pmap != NULL);
733*0f4c859eSApple OSS Distributions
734*0f4c859eSApple OSS Distributions /* Acquire the state from the monitor */
735*0f4c859eSApple OSS Distributions kern_return_t ret = CSM_PREFIX(address_space_debugged)(task_pmap);
736*0f4c859eSApple OSS Distributions
737*0f4c859eSApple OSS Distributions /* Release the reference on the virtual memory map */
738*0f4c859eSApple OSS Distributions vm_map_deallocate(task_map);
739*0f4c859eSApple OSS Distributions
740*0f4c859eSApple OSS Distributions return ret;
741*0f4c859eSApple OSS Distributions }
742*0f4c859eSApple OSS Distributions #endif /* CODE_SIGNING_MONITOR */
743*0f4c859eSApple OSS Distributions
744*0f4c859eSApple OSS Distributions /* Check read-only process flags for state */
745*0f4c859eSApple OSS Distributions if (proc_getcsflags(process) & CS_DEBUGGED) {
746*0f4c859eSApple OSS Distributions return KERN_SUCCESS;
747*0f4c859eSApple OSS Distributions }
748*0f4c859eSApple OSS Distributions
749*0f4c859eSApple OSS Distributions return KERN_DENIED;
750*0f4c859eSApple OSS Distributions }
751*0f4c859eSApple OSS Distributions
752*0f4c859eSApple OSS Distributions #if CODE_SIGNING_MONITOR
753*0f4c859eSApple OSS Distributions
754*0f4c859eSApple OSS Distributions bool
csm_enabled(void)755*0f4c859eSApple OSS Distributions csm_enabled(void)
756*0f4c859eSApple OSS Distributions {
757*0f4c859eSApple OSS Distributions return CSM_PREFIX(code_signing_enabled)();
758*0f4c859eSApple OSS Distributions }
759*0f4c859eSApple OSS Distributions
760*0f4c859eSApple OSS Distributions vm_size_t
csm_signature_size_limit(void)761*0f4c859eSApple OSS Distributions csm_signature_size_limit(void)
762*0f4c859eSApple OSS Distributions {
763*0f4c859eSApple OSS Distributions return CSM_PREFIX(managed_code_signature_size)();
764*0f4c859eSApple OSS Distributions }
765*0f4c859eSApple OSS Distributions
766*0f4c859eSApple OSS Distributions kern_return_t
csm_register_code_signature(const vm_address_t signature_addr,const vm_size_t signature_size,const vm_offset_t code_directory_offset,const char * signature_path,void ** monitor_sig_obj,vm_address_t * monitor_signature_addr)767*0f4c859eSApple OSS Distributions csm_register_code_signature(
768*0f4c859eSApple OSS Distributions const vm_address_t signature_addr,
769*0f4c859eSApple OSS Distributions const vm_size_t signature_size,
770*0f4c859eSApple OSS Distributions const vm_offset_t code_directory_offset,
771*0f4c859eSApple OSS Distributions const char *signature_path,
772*0f4c859eSApple OSS Distributions void **monitor_sig_obj,
773*0f4c859eSApple OSS Distributions vm_address_t *monitor_signature_addr)
774*0f4c859eSApple OSS Distributions {
775*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
776*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
777*0f4c859eSApple OSS Distributions }
778*0f4c859eSApple OSS Distributions
779*0f4c859eSApple OSS Distributions return CSM_PREFIX(register_code_signature)(
780*0f4c859eSApple OSS Distributions signature_addr,
781*0f4c859eSApple OSS Distributions signature_size,
782*0f4c859eSApple OSS Distributions code_directory_offset,
783*0f4c859eSApple OSS Distributions signature_path,
784*0f4c859eSApple OSS Distributions monitor_sig_obj,
785*0f4c859eSApple OSS Distributions monitor_signature_addr);
786*0f4c859eSApple OSS Distributions }
787*0f4c859eSApple OSS Distributions
788*0f4c859eSApple OSS Distributions kern_return_t
csm_unregister_code_signature(void * monitor_sig_obj)789*0f4c859eSApple OSS Distributions csm_unregister_code_signature(
790*0f4c859eSApple OSS Distributions void *monitor_sig_obj)
791*0f4c859eSApple OSS Distributions {
792*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
793*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
794*0f4c859eSApple OSS Distributions }
795*0f4c859eSApple OSS Distributions
796*0f4c859eSApple OSS Distributions return CSM_PREFIX(unregister_code_signature)(monitor_sig_obj);
797*0f4c859eSApple OSS Distributions }
798*0f4c859eSApple OSS Distributions
799*0f4c859eSApple OSS Distributions kern_return_t
csm_verify_code_signature(void * monitor_sig_obj)800*0f4c859eSApple OSS Distributions csm_verify_code_signature(
801*0f4c859eSApple OSS Distributions void *monitor_sig_obj)
802*0f4c859eSApple OSS Distributions {
803*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
804*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
805*0f4c859eSApple OSS Distributions }
806*0f4c859eSApple OSS Distributions
807*0f4c859eSApple OSS Distributions return CSM_PREFIX(verify_code_signature)(monitor_sig_obj);
808*0f4c859eSApple OSS Distributions }
809*0f4c859eSApple OSS Distributions
810*0f4c859eSApple OSS Distributions kern_return_t
csm_reconstitute_code_signature(void * monitor_sig_obj,vm_address_t * unneeded_addr,vm_size_t * unneeded_size)811*0f4c859eSApple OSS Distributions csm_reconstitute_code_signature(
812*0f4c859eSApple OSS Distributions void *monitor_sig_obj,
813*0f4c859eSApple OSS Distributions vm_address_t *unneeded_addr,
814*0f4c859eSApple OSS Distributions vm_size_t *unneeded_size)
815*0f4c859eSApple OSS Distributions {
816*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
817*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
818*0f4c859eSApple OSS Distributions }
819*0f4c859eSApple OSS Distributions
820*0f4c859eSApple OSS Distributions return CSM_PREFIX(reconstitute_code_signature)(
821*0f4c859eSApple OSS Distributions monitor_sig_obj,
822*0f4c859eSApple OSS Distributions unneeded_addr,
823*0f4c859eSApple OSS Distributions unneeded_size);
824*0f4c859eSApple OSS Distributions }
825*0f4c859eSApple OSS Distributions
826*0f4c859eSApple OSS Distributions kern_return_t
csm_associate_code_signature(pmap_t monitor_pmap,void * monitor_sig_obj,const vm_address_t region_addr,const vm_size_t region_size,const vm_offset_t region_offset)827*0f4c859eSApple OSS Distributions csm_associate_code_signature(
828*0f4c859eSApple OSS Distributions pmap_t monitor_pmap,
829*0f4c859eSApple OSS Distributions void *monitor_sig_obj,
830*0f4c859eSApple OSS Distributions const vm_address_t region_addr,
831*0f4c859eSApple OSS Distributions const vm_size_t region_size,
832*0f4c859eSApple OSS Distributions const vm_offset_t region_offset)
833*0f4c859eSApple OSS Distributions {
834*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
835*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
836*0f4c859eSApple OSS Distributions }
837*0f4c859eSApple OSS Distributions
838*0f4c859eSApple OSS Distributions return CSM_PREFIX(associate_code_signature)(
839*0f4c859eSApple OSS Distributions monitor_pmap,
840*0f4c859eSApple OSS Distributions monitor_sig_obj,
841*0f4c859eSApple OSS Distributions region_addr,
842*0f4c859eSApple OSS Distributions region_size,
843*0f4c859eSApple OSS Distributions region_offset);
844*0f4c859eSApple OSS Distributions }
845*0f4c859eSApple OSS Distributions
846*0f4c859eSApple OSS Distributions kern_return_t
csm_allow_jit_region(pmap_t monitor_pmap)847*0f4c859eSApple OSS Distributions csm_allow_jit_region(
848*0f4c859eSApple OSS Distributions pmap_t monitor_pmap)
849*0f4c859eSApple OSS Distributions {
850*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
851*0f4c859eSApple OSS Distributions return KERN_SUCCESS;
852*0f4c859eSApple OSS Distributions } else if (monitor_pmap == NULL) {
853*0f4c859eSApple OSS Distributions return KERN_DENIED;
854*0f4c859eSApple OSS Distributions }
855*0f4c859eSApple OSS Distributions
856*0f4c859eSApple OSS Distributions kern_return_t ret = CSM_PREFIX(allow_jit_region)(monitor_pmap);
857*0f4c859eSApple OSS Distributions if (ret == KERN_NOT_SUPPORTED) {
858*0f4c859eSApple OSS Distributions /*
859*0f4c859eSApple OSS Distributions * Some monitor environments do not support this API and as a result will
860*0f4c859eSApple OSS Distributions * return KERN_NOT_SUPPORTED. The caller here should not interpret that as
861*0f4c859eSApple OSS Distributions * a failure.
862*0f4c859eSApple OSS Distributions */
863*0f4c859eSApple OSS Distributions ret = KERN_SUCCESS;
864*0f4c859eSApple OSS Distributions }
865*0f4c859eSApple OSS Distributions
866*0f4c859eSApple OSS Distributions return ret;
867*0f4c859eSApple OSS Distributions }
868*0f4c859eSApple OSS Distributions
869*0f4c859eSApple OSS Distributions kern_return_t
csm_associate_jit_region(pmap_t monitor_pmap,const vm_address_t region_addr,const vm_size_t region_size)870*0f4c859eSApple OSS Distributions csm_associate_jit_region(
871*0f4c859eSApple OSS Distributions pmap_t monitor_pmap,
872*0f4c859eSApple OSS Distributions const vm_address_t region_addr,
873*0f4c859eSApple OSS Distributions const vm_size_t region_size)
874*0f4c859eSApple OSS Distributions {
875*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
876*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
877*0f4c859eSApple OSS Distributions }
878*0f4c859eSApple OSS Distributions
879*0f4c859eSApple OSS Distributions return CSM_PREFIX(associate_jit_region)(
880*0f4c859eSApple OSS Distributions monitor_pmap,
881*0f4c859eSApple OSS Distributions region_addr,
882*0f4c859eSApple OSS Distributions region_size);
883*0f4c859eSApple OSS Distributions }
884*0f4c859eSApple OSS Distributions
885*0f4c859eSApple OSS Distributions kern_return_t
csm_associate_debug_region(pmap_t monitor_pmap,const vm_address_t region_addr,const vm_size_t region_size)886*0f4c859eSApple OSS Distributions csm_associate_debug_region(
887*0f4c859eSApple OSS Distributions pmap_t monitor_pmap,
888*0f4c859eSApple OSS Distributions const vm_address_t region_addr,
889*0f4c859eSApple OSS Distributions const vm_size_t region_size)
890*0f4c859eSApple OSS Distributions {
891*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
892*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
893*0f4c859eSApple OSS Distributions }
894*0f4c859eSApple OSS Distributions
895*0f4c859eSApple OSS Distributions return CSM_PREFIX(associate_debug_region)(
896*0f4c859eSApple OSS Distributions monitor_pmap,
897*0f4c859eSApple OSS Distributions region_addr,
898*0f4c859eSApple OSS Distributions region_size);
899*0f4c859eSApple OSS Distributions }
900*0f4c859eSApple OSS Distributions
901*0f4c859eSApple OSS Distributions kern_return_t
csm_allow_invalid_code(pmap_t pmap)902*0f4c859eSApple OSS Distributions csm_allow_invalid_code(
903*0f4c859eSApple OSS Distributions pmap_t pmap)
904*0f4c859eSApple OSS Distributions {
905*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
906*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
907*0f4c859eSApple OSS Distributions }
908*0f4c859eSApple OSS Distributions
909*0f4c859eSApple OSS Distributions return CSM_PREFIX(allow_invalid_code)(pmap);
910*0f4c859eSApple OSS Distributions }
911*0f4c859eSApple OSS Distributions
912*0f4c859eSApple OSS Distributions kern_return_t
csm_get_trust_level_kdp(pmap_t pmap,uint32_t * trust_level)913*0f4c859eSApple OSS Distributions csm_get_trust_level_kdp(
914*0f4c859eSApple OSS Distributions pmap_t pmap,
915*0f4c859eSApple OSS Distributions uint32_t *trust_level)
916*0f4c859eSApple OSS Distributions {
917*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
918*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
919*0f4c859eSApple OSS Distributions }
920*0f4c859eSApple OSS Distributions
921*0f4c859eSApple OSS Distributions return CSM_PREFIX(get_trust_level_kdp)(pmap, trust_level);
922*0f4c859eSApple OSS Distributions }
923*0f4c859eSApple OSS Distributions
924*0f4c859eSApple OSS Distributions kern_return_t
csm_address_space_exempt(const pmap_t pmap)925*0f4c859eSApple OSS Distributions csm_address_space_exempt(
926*0f4c859eSApple OSS Distributions const pmap_t pmap)
927*0f4c859eSApple OSS Distributions {
928*0f4c859eSApple OSS Distributions /*
929*0f4c859eSApple OSS Distributions * These exemptions are actually orthogonal to the code signing enforcement. As
930*0f4c859eSApple OSS Distributions * a result, we let each monitor explicitly decide how to deal with the exemption
931*0f4c859eSApple OSS Distributions * in case code signing enforcement is disabled.
932*0f4c859eSApple OSS Distributions */
933*0f4c859eSApple OSS Distributions
934*0f4c859eSApple OSS Distributions return CSM_PREFIX(address_space_exempt)(pmap);
935*0f4c859eSApple OSS Distributions }
936*0f4c859eSApple OSS Distributions
937*0f4c859eSApple OSS Distributions kern_return_t
csm_fork_prepare(pmap_t old_pmap,pmap_t new_pmap)938*0f4c859eSApple OSS Distributions csm_fork_prepare(
939*0f4c859eSApple OSS Distributions pmap_t old_pmap,
940*0f4c859eSApple OSS Distributions pmap_t new_pmap)
941*0f4c859eSApple OSS Distributions {
942*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
943*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
944*0f4c859eSApple OSS Distributions }
945*0f4c859eSApple OSS Distributions
946*0f4c859eSApple OSS Distributions return CSM_PREFIX(fork_prepare)(old_pmap, new_pmap);
947*0f4c859eSApple OSS Distributions }
948*0f4c859eSApple OSS Distributions
949*0f4c859eSApple OSS Distributions kern_return_t
csm_acquire_signing_identifier(const void * monitor_sig_obj,const char ** signing_id)950*0f4c859eSApple OSS Distributions csm_acquire_signing_identifier(
951*0f4c859eSApple OSS Distributions const void *monitor_sig_obj,
952*0f4c859eSApple OSS Distributions const char **signing_id)
953*0f4c859eSApple OSS Distributions {
954*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
955*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
956*0f4c859eSApple OSS Distributions }
957*0f4c859eSApple OSS Distributions
958*0f4c859eSApple OSS Distributions return CSM_PREFIX(acquire_signing_identifier)(monitor_sig_obj, signing_id);
959*0f4c859eSApple OSS Distributions }
960*0f4c859eSApple OSS Distributions
961*0f4c859eSApple OSS Distributions kern_return_t
csm_associate_os_entitlements(void * monitor_sig_obj,const void * os_entitlements)962*0f4c859eSApple OSS Distributions csm_associate_os_entitlements(
963*0f4c859eSApple OSS Distributions void *monitor_sig_obj,
964*0f4c859eSApple OSS Distributions const void *os_entitlements)
965*0f4c859eSApple OSS Distributions {
966*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
967*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
968*0f4c859eSApple OSS Distributions } else if (os_entitlements == NULL) {
969*0f4c859eSApple OSS Distributions /* Not every signature has entitlements */
970*0f4c859eSApple OSS Distributions return KERN_SUCCESS;
971*0f4c859eSApple OSS Distributions }
972*0f4c859eSApple OSS Distributions
973*0f4c859eSApple OSS Distributions return CSM_PREFIX(associate_kernel_entitlements)(monitor_sig_obj, os_entitlements);
974*0f4c859eSApple OSS Distributions }
975*0f4c859eSApple OSS Distributions
976*0f4c859eSApple OSS Distributions kern_return_t
csm_accelerate_entitlements(void * monitor_sig_obj,CEQueryContext_t * ce_ctx)977*0f4c859eSApple OSS Distributions csm_accelerate_entitlements(
978*0f4c859eSApple OSS Distributions void *monitor_sig_obj,
979*0f4c859eSApple OSS Distributions CEQueryContext_t *ce_ctx)
980*0f4c859eSApple OSS Distributions {
981*0f4c859eSApple OSS Distributions if (csm_enabled() == false) {
982*0f4c859eSApple OSS Distributions return KERN_NOT_SUPPORTED;
983*0f4c859eSApple OSS Distributions }
984*0f4c859eSApple OSS Distributions
985*0f4c859eSApple OSS Distributions return CSM_PREFIX(accelerate_entitlements)(monitor_sig_obj, ce_ctx);
986*0f4c859eSApple OSS Distributions }
987*0f4c859eSApple OSS Distributions
988*0f4c859eSApple OSS Distributions #endif /* CODE_SIGNING_MONITOR */
989*0f4c859eSApple OSS Distributions
990*0f4c859eSApple OSS Distributions #pragma mark AppleImage4
991*0f4c859eSApple OSS Distributions /*
992*0f4c859eSApple OSS Distributions * AppleImage4 uses the monitor environment to safeguard critical security data.
993*0f4c859eSApple OSS Distributions * In order to ease the implementation specific, AppleImage4 always depends on these
994*0f4c859eSApple OSS Distributions * abstracted APIs, regardless of whether the system has a monitor environment or
995*0f4c859eSApple OSS Distributions * not.
996*0f4c859eSApple OSS Distributions */
997*0f4c859eSApple OSS Distributions
998*0f4c859eSApple OSS Distributions void*
kernel_image4_storage_data(size_t * allocated_size)999*0f4c859eSApple OSS Distributions kernel_image4_storage_data(
1000*0f4c859eSApple OSS Distributions size_t *allocated_size)
1001*0f4c859eSApple OSS Distributions {
1002*0f4c859eSApple OSS Distributions return CSM_PREFIX(image4_storage_data)(allocated_size);
1003*0f4c859eSApple OSS Distributions }
1004*0f4c859eSApple OSS Distributions
1005*0f4c859eSApple OSS Distributions void
kernel_image4_set_nonce(const img4_nonce_domain_index_t ndi,const img4_nonce_t * nonce)1006*0f4c859eSApple OSS Distributions kernel_image4_set_nonce(
1007*0f4c859eSApple OSS Distributions const img4_nonce_domain_index_t ndi,
1008*0f4c859eSApple OSS Distributions const img4_nonce_t *nonce)
1009*0f4c859eSApple OSS Distributions {
1010*0f4c859eSApple OSS Distributions return CSM_PREFIX(image4_set_nonce)(ndi, nonce);
1011*0f4c859eSApple OSS Distributions }
1012*0f4c859eSApple OSS Distributions
1013*0f4c859eSApple OSS Distributions void
kernel_image4_roll_nonce(const img4_nonce_domain_index_t ndi)1014*0f4c859eSApple OSS Distributions kernel_image4_roll_nonce(
1015*0f4c859eSApple OSS Distributions const img4_nonce_domain_index_t ndi)
1016*0f4c859eSApple OSS Distributions {
1017*0f4c859eSApple OSS Distributions return CSM_PREFIX(image4_roll_nonce)(ndi);
1018*0f4c859eSApple OSS Distributions }
1019*0f4c859eSApple OSS Distributions
1020*0f4c859eSApple OSS Distributions errno_t
kernel_image4_copy_nonce(const img4_nonce_domain_index_t ndi,img4_nonce_t * nonce_out)1021*0f4c859eSApple OSS Distributions kernel_image4_copy_nonce(
1022*0f4c859eSApple OSS Distributions const img4_nonce_domain_index_t ndi,
1023*0f4c859eSApple OSS Distributions img4_nonce_t *nonce_out)
1024*0f4c859eSApple OSS Distributions {
1025*0f4c859eSApple OSS Distributions return CSM_PREFIX(image4_copy_nonce)(ndi, nonce_out);
1026*0f4c859eSApple OSS Distributions }
1027*0f4c859eSApple OSS Distributions
1028*0f4c859eSApple OSS Distributions errno_t
kernel_image4_execute_object(img4_runtime_object_spec_index_t obj_spec_index,const img4_buff_t * payload,const img4_buff_t * manifest)1029*0f4c859eSApple OSS Distributions kernel_image4_execute_object(
1030*0f4c859eSApple OSS Distributions img4_runtime_object_spec_index_t obj_spec_index,
1031*0f4c859eSApple OSS Distributions const img4_buff_t *payload,
1032*0f4c859eSApple OSS Distributions const img4_buff_t *manifest)
1033*0f4c859eSApple OSS Distributions {
1034*0f4c859eSApple OSS Distributions return CSM_PREFIX(image4_execute_object)(
1035*0f4c859eSApple OSS Distributions obj_spec_index,
1036*0f4c859eSApple OSS Distributions payload,
1037*0f4c859eSApple OSS Distributions manifest);
1038*0f4c859eSApple OSS Distributions }
1039*0f4c859eSApple OSS Distributions
1040*0f4c859eSApple OSS Distributions errno_t
kernel_image4_copy_object(img4_runtime_object_spec_index_t obj_spec_index,vm_address_t object_out,size_t * object_length)1041*0f4c859eSApple OSS Distributions kernel_image4_copy_object(
1042*0f4c859eSApple OSS Distributions img4_runtime_object_spec_index_t obj_spec_index,
1043*0f4c859eSApple OSS Distributions vm_address_t object_out,
1044*0f4c859eSApple OSS Distributions size_t *object_length)
1045*0f4c859eSApple OSS Distributions {
1046*0f4c859eSApple OSS Distributions return CSM_PREFIX(image4_copy_object)(
1047*0f4c859eSApple OSS Distributions obj_spec_index,
1048*0f4c859eSApple OSS Distributions object_out,
1049*0f4c859eSApple OSS Distributions object_length);
1050*0f4c859eSApple OSS Distributions }
1051*0f4c859eSApple OSS Distributions
1052*0f4c859eSApple OSS Distributions const void*
kernel_image4_get_monitor_exports(void)1053*0f4c859eSApple OSS Distributions kernel_image4_get_monitor_exports(void)
1054*0f4c859eSApple OSS Distributions {
1055*0f4c859eSApple OSS Distributions return CSM_PREFIX(image4_get_monitor_exports)();
1056*0f4c859eSApple OSS Distributions }
1057*0f4c859eSApple OSS Distributions
1058*0f4c859eSApple OSS Distributions errno_t
kernel_image4_set_release_type(const char * release_type)1059*0f4c859eSApple OSS Distributions kernel_image4_set_release_type(
1060*0f4c859eSApple OSS Distributions const char *release_type)
1061*0f4c859eSApple OSS Distributions {
1062*0f4c859eSApple OSS Distributions return CSM_PREFIX(image4_set_release_type)(release_type);
1063*0f4c859eSApple OSS Distributions }
1064*0f4c859eSApple OSS Distributions
1065*0f4c859eSApple OSS Distributions errno_t
kernel_image4_set_bnch_shadow(const img4_nonce_domain_index_t ndi)1066*0f4c859eSApple OSS Distributions kernel_image4_set_bnch_shadow(
1067*0f4c859eSApple OSS Distributions const img4_nonce_domain_index_t ndi)
1068*0f4c859eSApple OSS Distributions {
1069*0f4c859eSApple OSS Distributions return CSM_PREFIX(image4_set_bnch_shadow)(ndi);
1070*0f4c859eSApple OSS Distributions }
1071