1*0f4c859eSApple OSS Distributions /* 2*0f4c859eSApple OSS Distributions * Copyright (c) 2022 Apple Computer, Inc. All rights reserved. 3*0f4c859eSApple OSS Distributions * 4*0f4c859eSApple OSS Distributions * @APPLE_LICENSE_HEADER_START@ 5*0f4c859eSApple OSS Distributions * 6*0f4c859eSApple OSS Distributions * The contents of this file constitute Original Code as defined in and 7*0f4c859eSApple OSS Distributions * are subject to the Apple Public Source License Version 1.1 (the 8*0f4c859eSApple OSS Distributions * "License"). You may not use this file except in compliance with the 9*0f4c859eSApple OSS Distributions * License. Please obtain a copy of the License at 10*0f4c859eSApple OSS Distributions * http://www.apple.com/publicsource and read it before using this file. 11*0f4c859eSApple OSS Distributions * 12*0f4c859eSApple OSS Distributions * This Original Code and all software distributed under the License are 13*0f4c859eSApple OSS Distributions * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER 14*0f4c859eSApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 15*0f4c859eSApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 16*0f4c859eSApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the 17*0f4c859eSApple OSS Distributions * License for the specific language governing rights and limitations 18*0f4c859eSApple OSS Distributions * under the License. 19*0f4c859eSApple OSS Distributions * 20*0f4c859eSApple OSS Distributions * @APPLE_LICENSE_HEADER_END@ 21*0f4c859eSApple OSS Distributions */ 22*0f4c859eSApple OSS Distributions 23*0f4c859eSApple OSS Distributions #ifndef _SYS_CODE_SIGNING_INTERNAL_H_ 24*0f4c859eSApple OSS Distributions #define _SYS_CODE_SIGNING_INTERNAL_H_ 25*0f4c859eSApple OSS Distributions 26*0f4c859eSApple OSS Distributions #include <sys/cdefs.h> 27*0f4c859eSApple OSS Distributions __BEGIN_DECLS 28*0f4c859eSApple OSS Distributions 29*0f4c859eSApple OSS Distributions #ifdef XNU_KERNEL_PRIVATE 30*0f4c859eSApple OSS Distributions 31*0f4c859eSApple OSS Distributions #include <mach/boolean.h> 32*0f4c859eSApple OSS Distributions #include <mach/kern_return.h> 33*0f4c859eSApple OSS Distributions #include <kern/cs_blobs.h> 34*0f4c859eSApple OSS Distributions #include <vm/pmap.h> 35*0f4c859eSApple OSS Distributions #include <vm/pmap_cs.h> 36*0f4c859eSApple OSS Distributions #include <img4/firmware.h> 37*0f4c859eSApple OSS Distributions 38*0f4c859eSApple OSS Distributions #if PMAP_CS_PPL_MONITOR 39*0f4c859eSApple OSS Distributions /* Page Protection Layer -- PMAP_CS */ 40*0f4c859eSApple OSS Distributions #define CODE_SIGNING_MONITOR 1 41*0f4c859eSApple OSS Distributions #define CODE_SIGNING_MONITOR_PREFIX ppl 42*0f4c859eSApple OSS Distributions 43*0f4c859eSApple OSS Distributions #else 44*0f4c859eSApple OSS Distributions /* No monitor -- XNU */ 45*0f4c859eSApple OSS Distributions #define CODE_SIGNING_MONITOR 0 46*0f4c859eSApple OSS Distributions #define CODE_SIGNING_MONITOR_PREFIX xnu 47*0f4c859eSApple OSS Distributions 48*0f4c859eSApple OSS Distributions #endif /* */ 49*0f4c859eSApple OSS Distributions 50*0f4c859eSApple OSS Distributions /** 51*0f4c859eSApple OSS Distributions * This macro can be used by code which is abstracting out the concept of the code 52*0f4c859eSApple OSS Distributions * signing monitor in order to redirect calls to the correct monitor environment. 53*0f4c859eSApple OSS Distributions */ 54*0f4c859eSApple OSS Distributions #define __CSM_PREFIX(prefix, name) prefix##_##name 55*0f4c859eSApple OSS Distributions #define _CSM_PREFIX(prefix, name) __CSM_PREFIX(prefix, name) 56*0f4c859eSApple OSS Distributions #define CSM_PREFIX(name) _CSM_PREFIX(CODE_SIGNING_MONITOR_PREFIX, name) 57*0f4c859eSApple OSS Distributions 58*0f4c859eSApple OSS Distributions void CSM_PREFIX(toggle_developer_mode)( 59*0f4c859eSApple OSS Distributions bool state); 60*0f4c859eSApple OSS Distributions 61*0f4c859eSApple OSS Distributions void CSM_PREFIX(set_compilation_service_cdhash)( 62*0f4c859eSApple OSS Distributions const uint8_t cdhash[CS_CDHASH_LEN]); 63*0f4c859eSApple OSS Distributions 64*0f4c859eSApple OSS Distributions bool CSM_PREFIX(match_compilation_service_cdhash)( 65*0f4c859eSApple OSS Distributions const uint8_t cdhash[CS_CDHASH_LEN]); 66*0f4c859eSApple OSS Distributions 67*0f4c859eSApple OSS Distributions void CSM_PREFIX(set_local_signing_public_key)( 68*0f4c859eSApple OSS Distributions const uint8_t * public_key); 69*0f4c859eSApple OSS Distributions 70*0f4c859eSApple OSS Distributions uint8_t* CSM_PREFIX(get_local_signing_public_key)(void); 71*0f4c859eSApple OSS Distributions 72*0f4c859eSApple OSS Distributions void* CSM_PREFIX(image4_storage_data)( 73*0f4c859eSApple OSS Distributions size_t * allocated_size); 74*0f4c859eSApple OSS Distributions 75*0f4c859eSApple OSS Distributions void CSM_PREFIX(image4_set_nonce)( 76*0f4c859eSApple OSS Distributions const img4_nonce_domain_index_t ndi, 77*0f4c859eSApple OSS Distributions const img4_nonce_t *nonce); 78*0f4c859eSApple OSS Distributions 79*0f4c859eSApple OSS Distributions void CSM_PREFIX(image4_roll_nonce)( 80*0f4c859eSApple OSS Distributions const img4_nonce_domain_index_t ndi); 81*0f4c859eSApple OSS Distributions 82*0f4c859eSApple OSS Distributions errno_t CSM_PREFIX(image4_copy_nonce)( 83*0f4c859eSApple OSS Distributions const img4_nonce_domain_index_t ndi, 84*0f4c859eSApple OSS Distributions img4_nonce_t *nonce_out); 85*0f4c859eSApple OSS Distributions 86*0f4c859eSApple OSS Distributions errno_t CSM_PREFIX(image4_execute_object)( 87*0f4c859eSApple OSS Distributions img4_runtime_object_spec_index_t obj_spec_index, 88*0f4c859eSApple OSS Distributions const img4_buff_t *payload, 89*0f4c859eSApple OSS Distributions const img4_buff_t *manifest); 90*0f4c859eSApple OSS Distributions 91*0f4c859eSApple OSS Distributions errno_t CSM_PREFIX(image4_copy_object)( 92*0f4c859eSApple OSS Distributions img4_runtime_object_spec_index_t obj_spec_index, 93*0f4c859eSApple OSS Distributions vm_address_t object_out, 94*0f4c859eSApple OSS Distributions size_t *object_length); 95*0f4c859eSApple OSS Distributions 96*0f4c859eSApple OSS Distributions const void* CSM_PREFIX(image4_get_monitor_exports)(void); 97*0f4c859eSApple OSS Distributions 98*0f4c859eSApple OSS Distributions errno_t CSM_PREFIX(image4_set_release_type)( 99*0f4c859eSApple OSS Distributions const char *release_type); 100*0f4c859eSApple OSS Distributions 101*0f4c859eSApple OSS Distributions errno_t CSM_PREFIX(image4_set_bnch_shadow)( 102*0f4c859eSApple OSS Distributions const img4_nonce_domain_index_t ndi); 103*0f4c859eSApple OSS Distributions 104*0f4c859eSApple OSS Distributions #if CODE_SIGNING_MONITOR 105*0f4c859eSApple OSS Distributions /* Function prototypes needed only when we have a monitor environment */ 106*0f4c859eSApple OSS Distributions 107*0f4c859eSApple OSS Distributions bool CSM_PREFIX(code_signing_enabled)(void); 108*0f4c859eSApple OSS Distributions 109*0f4c859eSApple OSS Distributions vm_size_t CSM_PREFIX(managed_code_signature_size)(void); 110*0f4c859eSApple OSS Distributions 111*0f4c859eSApple OSS Distributions void CSM_PREFIX(unrestrict_local_signing_cdhash)( 112*0f4c859eSApple OSS Distributions const uint8_t cdhash[CS_CDHASH_LEN]); 113*0f4c859eSApple OSS Distributions 114*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(register_provisioning_profile)( 115*0f4c859eSApple OSS Distributions const void *profile_blob, 116*0f4c859eSApple OSS Distributions const size_t profile_blob_size, 117*0f4c859eSApple OSS Distributions void **profile_obj); 118*0f4c859eSApple OSS Distributions 119*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(unregister_provisioning_profile)( 120*0f4c859eSApple OSS Distributions void *profile_obj); 121*0f4c859eSApple OSS Distributions 122*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(associate_provisioning_profile)( 123*0f4c859eSApple OSS Distributions void *sig_obj, 124*0f4c859eSApple OSS Distributions void *profile_obj); 125*0f4c859eSApple OSS Distributions 126*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(disassociate_provisioning_profile)( 127*0f4c859eSApple OSS Distributions void *sig_obj); 128*0f4c859eSApple OSS Distributions 129*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(register_code_signature)( 130*0f4c859eSApple OSS Distributions const vm_address_t signature_addr, 131*0f4c859eSApple OSS Distributions const vm_size_t signature_size, 132*0f4c859eSApple OSS Distributions const vm_offset_t code_directory_offset, 133*0f4c859eSApple OSS Distributions const char *signature_path, 134*0f4c859eSApple OSS Distributions void **sig_obj, 135*0f4c859eSApple OSS Distributions vm_address_t *txm_signature_addr); 136*0f4c859eSApple OSS Distributions 137*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(unregister_code_signature)( 138*0f4c859eSApple OSS Distributions void *sig_obj); 139*0f4c859eSApple OSS Distributions 140*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(verify_code_signature)( 141*0f4c859eSApple OSS Distributions void *sig_obj); 142*0f4c859eSApple OSS Distributions 143*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(reconstitute_code_signature)( 144*0f4c859eSApple OSS Distributions void *sig, 145*0f4c859eSApple OSS Distributions vm_address_t *unneeded_addr, 146*0f4c859eSApple OSS Distributions vm_size_t *unneeded_size); 147*0f4c859eSApple OSS Distributions 148*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(associate_code_signature)( 149*0f4c859eSApple OSS Distributions pmap_t pmap, 150*0f4c859eSApple OSS Distributions void *sig_obj, 151*0f4c859eSApple OSS Distributions const vm_address_t region_addr, 152*0f4c859eSApple OSS Distributions const vm_size_t region_size, 153*0f4c859eSApple OSS Distributions const vm_offset_t region_offset); 154*0f4c859eSApple OSS Distributions 155*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(allow_jit_region)( 156*0f4c859eSApple OSS Distributions pmap_t pmap); 157*0f4c859eSApple OSS Distributions 158*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(associate_jit_region)( 159*0f4c859eSApple OSS Distributions pmap_t pmap, 160*0f4c859eSApple OSS Distributions const vm_address_t region_addr, 161*0f4c859eSApple OSS Distributions const vm_size_t region_size); 162*0f4c859eSApple OSS Distributions 163*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(associate_debug_region)( 164*0f4c859eSApple OSS Distributions pmap_t pmap, 165*0f4c859eSApple OSS Distributions const vm_address_t region_addr, 166*0f4c859eSApple OSS Distributions const vm_size_t region_size); 167*0f4c859eSApple OSS Distributions 168*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(address_space_debugged)( 169*0f4c859eSApple OSS Distributions pmap_t pmap); 170*0f4c859eSApple OSS Distributions 171*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(allow_invalid_code)( 172*0f4c859eSApple OSS Distributions pmap_t pmap); 173*0f4c859eSApple OSS Distributions 174*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(get_trust_level_kdp)( 175*0f4c859eSApple OSS Distributions pmap_t pmap, 176*0f4c859eSApple OSS Distributions uint32_t *trust_level); 177*0f4c859eSApple OSS Distributions 178*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(address_space_exempt)( 179*0f4c859eSApple OSS Distributions const pmap_t pmap); 180*0f4c859eSApple OSS Distributions 181*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(fork_prepare)( 182*0f4c859eSApple OSS Distributions pmap_t old_pmap, 183*0f4c859eSApple OSS Distributions pmap_t new_pmap); 184*0f4c859eSApple OSS Distributions 185*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(acquire_signing_identifier)( 186*0f4c859eSApple OSS Distributions const void *sig_obj, 187*0f4c859eSApple OSS Distributions const char **signing_id); 188*0f4c859eSApple OSS Distributions 189*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(associate_kernel_entitlements)( 190*0f4c859eSApple OSS Distributions void *sig_obj, 191*0f4c859eSApple OSS Distributions const void *kernel_entitlements); 192*0f4c859eSApple OSS Distributions 193*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(resolve_kernel_entitlements)( 194*0f4c859eSApple OSS Distributions pmap_t pmap, 195*0f4c859eSApple OSS Distributions const void **kernel_entitlements); 196*0f4c859eSApple OSS Distributions 197*0f4c859eSApple OSS Distributions kern_return_t CSM_PREFIX(accelerate_entitlements)( 198*0f4c859eSApple OSS Distributions void *sig_obj, 199*0f4c859eSApple OSS Distributions CEQueryContext_t *ce_ctx); 200*0f4c859eSApple OSS Distributions 201*0f4c859eSApple OSS Distributions #endif /* CODE_SIGNING_MONITOR */ 202*0f4c859eSApple OSS Distributions 203*0f4c859eSApple OSS Distributions #endif /* XNU_KERNEL_PRIVATE */ 204*0f4c859eSApple OSS Distributions 205*0f4c859eSApple OSS Distributions __END_DECLS 206*0f4c859eSApple OSS Distributions #endif /* _SYS_CODE_SIGNING_INTERNAL_H_ */ 207