]> git.saurik.com Git - apple/libc.git/blame - os/variant_private.h
Libc-1272.200.26.tar.gz
[apple/libc.git] / os / variant_private.h
CommitLineData
b061a43b
A
1/*
2 * Copyright (c) 2017 Apple Inc. All rights reserved.
3 *
4 * @APPLE_APACHE_LICENSE_HEADER_START@
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *
18 * @APPLE_APACHE_LICENSE_HEADER_END@
19 */
20
21#ifndef __OS_VARIANT_H__
22#define __OS_VARIANT_H__
23
24#include <stdbool.h>
25
26#include <os/base.h>
27#include <os/availability.h>
28
29/*! @header
30 * OS Variant SPI
31 *
32 * Provides a mechanism to determine the currently running OS variant.
33 *
34 * Any of these APIs may be overridden to its non-internal behavior on a
35 * device by creating on override file. On macOS, this file is placed
36 * at:
37 * /var/db/os_variant_override
38 * On embedded platforms, this file is placed at:
39 * /usr/share/misc/os_variant_override
40 *
41 * Individual internal behaviors can be selectively disabled (ie.
42 * individual os_variant_has_internal_*() predicates can be overriden to
43 * false) by writing the file with a comma- or newline-delimited list of
44 * names to disable. To disable all internal behaviors, empty the file.
45 *
46 * Each of these functions takes a constant string argument for the requesting
47 * subsystem. This should be a reverse-DNS string describing the subsystem
48 * performing the check. This may be used in the future for auditing and
49 * selective overriding of checks.
50 *
51 */
52
53__BEGIN_DECLS
54
55/*!
56 * @function os_variant_has_internal_content
57 *
58 * @abstract returns whether this system variant has internal content installed
59 * ("content")
60 *
61 * @result
62 * Returns true if this build has this property. False otherwise or upon error.
63 */
64API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
65OS_EXPORT OS_WARN_RESULT
66bool
67os_variant_has_internal_content(const char *subsystem);
68
69/*!
70 * @function os_variant_has_internal_diagnostics
71 *
72 * @abstract returns whether this system variant has internal diagnostics
73 * enabled ("diagnostics")
74 *
75 * @description
76 *
77 * Internal diagnostics include behaviors that emit extra diagnostic or
78 * debugging information when an error occurs.
79 *
80 * On macOS, this check will look for presence of AppleInternal content or the
81 * AppleInternalDiagnostics profile to be installed.
82 *
83 * On embedded platforms, this check will look for an internal install variant
84 * in a manner similar to the MobileGestalt check for InternalBuild.
85 *
86 * @result
87 * Returns true if this build has this property. False otherwise or upon error.
88 */
89API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
90OS_EXPORT OS_WARN_RESULT
91bool
92os_variant_has_internal_diagnostics(const char *subsystem);
93
94/*!
95 * @function os_variant_has_internal_ui
96 *
97 * @abstract returns whether this system variant has internal UI visible ("ui")
98 *
99 * @description
100 *
101 * Internal UI includes debug menus and internal settings.
102 *
103 * On macOS, this will check for the presence of AppleInternal content. On
104 * embedded platforms, this check will look for an internal install variant in
105 * a manor similar to the MobileGestalt check for InternalBuild.
106 *
107 * @result
108 * Returns true if this build has this property. False otherwise or upon error.
109 */
110API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
111OS_EXPORT OS_WARN_RESULT
112bool
113os_variant_has_internal_ui(const char *subsystem);
114
115/*!
116 * @function os_variant_allows_internal_security_policies
117 *
118 * @abstract returns whether this system variant allows internal security policies
119 * ("security")
120 *
121 * @description
122 *
123 * On macOS, this will check the CSR status for whether AppleInternal policies
124 * are enabled.
125 *
126 * On embedded platforms, this will check for a build/device combination that
127 * allows for removal of codesigning and debugging restrictions. This usually
128 * returns whether the hardware is development fused and may return true on
129 * such hardware even if a customer build is installed.
130 *
131 * n.b. The result of this API should /not/ be used to automatically enable
132 * relaxed security policies, only to signal that other mechanisms to enable
133 * them are allowed, e.g. a "defaults write".
134 *
135 * @result
136 * Returns true if this build has this property. False otherwise or upon error.
137 */
138API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
139OS_EXPORT OS_WARN_RESULT
140bool
141os_variant_allows_internal_security_policies(const char *subsystem);
142
143__END_DECLS
144
145#endif // __os_variant_H__