[apple/libc.git] / os / variant_private.h

/*
 * Copyright (c) 2017 Apple Inc. All rights reserved.
 *
 * @APPLE_APACHE_LICENSE_HEADER_START@
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * @APPLE_APACHE_LICENSE_HEADER_END@
 */

#ifndef __OS_VARIANT_H__
#define __OS_VARIANT_H__

#include <stdbool.h>

#include <os/base.h>
#include <os/availability.h>

/*! @header
 * OS Variant SPI
 *
 * Provides a mechanism to determine the currently running OS variant.
 *
 * Any of these APIs may be overridden to its non-internal behavior on a
 * device by creating on override file.  On macOS, this file is placed
 * at:
 *    /var/db/os_variant_override
 * On embedded platforms, this file is placed at:
 *    /usr/share/misc/os_variant_override
 *
 * Individual internal behaviors can be selectively disabled (ie.
 * individual os_variant_has_internal_*() predicates can be overriden to
 * false) by writing the file with a comma- or newline-delimited list of
 * names to disable.  To disable all internal behaviors, empty the file.
 *
 * Each of these functions takes a constant string argument for the requesting
 * subsystem.  This should be a reverse-DNS string describing the subsystem
 * performing the check.  This may be used in the future for auditing and
 * selective overriding of checks.
 *
 */

__BEGIN_DECLS

/*!
 * @function os_variant_has_internal_content
 *
 * @abstract returns whether this system variant has internal content installed
 * ("content")
 *
 * @result
 * Returns true if this build has this property.  False otherwise or upon error.
 */
API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
OS_EXPORT OS_WARN_RESULT
bool
os_variant_has_internal_content(const char *subsystem);

/*!
 * @function os_variant_has_internal_diagnostics
 *
 * @abstract returns whether this system variant has internal diagnostics
 * enabled ("diagnostics")
 *
 * @description
 *
 * Internal diagnostics include behaviors that emit extra diagnostic or
 * debugging information when an error occurs.
 *
 * On macOS, this check will look for presence of AppleInternal content or the
 * AppleInternalDiagnostics profile to be installed.
 *
 * On embedded platforms, this check will look for an internal install variant
 * in a manner similar to the MobileGestalt check for InternalBuild.
 *
 * @result
 * Returns true if this build has this property.  False otherwise or upon error.
 */
API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
OS_EXPORT OS_WARN_RESULT
bool
os_variant_has_internal_diagnostics(const char *subsystem);

/*!
 * @function os_variant_has_internal_ui
 *
 * @abstract returns whether this system variant has internal UI visible ("ui")
 *
 * @description
 *
 * Internal UI includes debug menus and internal settings.
 *
 * On macOS, this will check for the presence of AppleInternal content.  On
 * embedded platforms, this check will look for an internal install variant in
 * a manor similar to the MobileGestalt check for InternalBuild.
 *
 * @result
 * Returns true if this build has this property.  False otherwise or upon error.
 */
API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
OS_EXPORT OS_WARN_RESULT
bool
os_variant_has_internal_ui(const char *subsystem);

/*!
 * @function os_variant_allows_internal_security_policies
 *
 * @abstract returns whether this system variant allows internal security policies
 * ("security")
 *
 * @description
 *
 * On macOS, this will check the CSR status for whether AppleInternal policies
 * are enabled.
 *
 * On embedded platforms, this will check for a build/device combination that
 * allows for removal of codesigning and debugging restrictions.  This usually
 * returns whether the hardware is development fused and may return true on
 * such hardware even if a customer build is installed.
 *
 * n.b. The result of this API should /not/ be used to automatically enable
 * relaxed security policies, only to signal that other mechanisms to enable
 * them are allowed, e.g. a "defaults write".
 *
 * @result
 * Returns true if this build has this property.  False otherwise or upon error.
 */
API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
OS_EXPORT OS_WARN_RESULT
bool
os_variant_allows_internal_security_policies(const char *subsystem);

__END_DECLS

#endif // __os_variant_H__
Commit	Line	Data
b061a43b A	1	/*
	2	* Copyright (c) 2017 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_APACHE_LICENSE_HEADER_START@
	5	*
	6	* Licensed under the Apache License, Version 2.0 (the "License");
	7	* you may not use this file except in compliance with the License.
	8	* You may obtain a copy of the License at
	9	*
	10	* http://www.apache.org/licenses/LICENSE-2.0
	11	*
	12	* Unless required by applicable law or agreed to in writing, software
	13	* distributed under the License is distributed on an "AS IS" BASIS,
	14	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	15	* See the License for the specific language governing permissions and
	16	* limitations under the License.
	17	*
	18	* @APPLE_APACHE_LICENSE_HEADER_END@
	19	*/
	20
	21	#ifndef __OS_VARIANT_H__
	22	#define __OS_VARIANT_H__
	23
	24	#include <stdbool.h>
	25
	26	#include <os/base.h>
	27	#include <os/availability.h>
	28
	29	/*! @header
	30	* OS Variant SPI
	31	*
	32	* Provides a mechanism to determine the currently running OS variant.
	33	*
	34	* Any of these APIs may be overridden to its non-internal behavior on a
	35	* device by creating on override file. On macOS, this file is placed
	36	* at:
	37	* /var/db/os_variant_override
	38	* On embedded platforms, this file is placed at:
	39	* /usr/share/misc/os_variant_override
	40	*
	41	* Individual internal behaviors can be selectively disabled (ie.
	42	* individual os_variant_has_internal_*() predicates can be overriden to
	43	* false) by writing the file with a comma- or newline-delimited list of
	44	* names to disable. To disable all internal behaviors, empty the file.
	45	*
	46	* Each of these functions takes a constant string argument for the requesting
	47	* subsystem. This should be a reverse-DNS string describing the subsystem
	48	* performing the check. This may be used in the future for auditing and
	49	* selective overriding of checks.
	50	*
	51	*/
	52
	53	__BEGIN_DECLS
	54
	55	/*!
	56	* @function os_variant_has_internal_content
	57	*
	58	* @abstract returns whether this system variant has internal content installed
	59	* ("content")
	60	*
	61	* @result
	62	* Returns true if this build has this property. False otherwise or upon error.
	63	*/
	64	API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
65	OS_EXPORT OS_WARN_RESULT
66	bool
67	os_variant_has_internal_content(const char *subsystem);
68
69	/*!
70	* @function os_variant_has_internal_diagnostics
71	*
72	* @abstract returns whether this system variant has internal diagnostics
73	* enabled ("diagnostics")
74	*
75	* @description
76	*
77	* Internal diagnostics include behaviors that emit extra diagnostic or
78	* debugging information when an error occurs.
79	*
80	* On macOS, this check will look for presence of AppleInternal content or the
81	* AppleInternalDiagnostics profile to be installed.
82	*
83	* On embedded platforms, this check will look for an internal install variant
84	* in a manner similar to the MobileGestalt check for InternalBuild.
85	*
86	* @result
87	* Returns true if this build has this property. False otherwise or upon error.
88	*/
89	API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
90	OS_EXPORT OS_WARN_RESULT
91	bool
92	os_variant_has_internal_diagnostics(const char *subsystem);
93
94	/*!
95	* @function os_variant_has_internal_ui
96	*
97	* @abstract returns whether this system variant has internal UI visible ("ui")
98	*
99	* @description
100	*
101	* Internal UI includes debug menus and internal settings.
102	*
103	* On macOS, this will check for the presence of AppleInternal content. On
104	* embedded platforms, this check will look for an internal install variant in
105	* a manor similar to the MobileGestalt check for InternalBuild.
106	*
107	* @result
108	* Returns true if this build has this property. False otherwise or upon error.
109	*/
110	API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
111	OS_EXPORT OS_WARN_RESULT
112	bool
113	os_variant_has_internal_ui(const char *subsystem);
114
115	/*!
116	* @function os_variant_allows_internal_security_policies
117	*
118	* @abstract returns whether this system variant allows internal security policies
119	* ("security")
120	*
121	* @description
122	*
123	* On macOS, this will check the CSR status for whether AppleInternal policies
124	* are enabled.
125	*
126	* On embedded platforms, this will check for a build/device combination that
127	* allows for removal of codesigning and debugging restrictions. This usually
128	* returns whether the hardware is development fused and may return true on
129	* such hardware even if a customer build is installed.
130	*
131	* n.b. The result of this API should /not/ be used to automatically enable
132	* relaxed security policies, only to signal that other mechanisms to enable
133	* them are allowed, e.g. a "defaults write".
134	*
135	* @result
136	* Returns true if this build has this property. False otherwise or upon error.
137	*/
138	API_AVAILABLE(macosx(10.13), ios(11.0), tvos(11.0), watchos(4.0))
139	OS_EXPORT OS_WARN_RESULT
140	bool
141	os_variant_allows_internal_security_policies(const char *subsystem);
142
143	__END_DECLS
144
145	#endif // __os_variant_H__