]> git.saurik.com Git - apple/xnu.git/blame_incremental - bsd/sys/cprotect.h
xnu-1699.22.81.tar.gz
[apple/xnu.git] / bsd / sys / cprotect.h
... / ...
CommitLineData
1/*
2 * Copyright (c) 2009 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29#ifndef _SYS_CPROTECT_H_
30#define _SYS_CPROTECT_H_
31
32#ifdef __cplusplus
33extern "C" {
34#endif
35
36#if KERNEL_PRIVATE
37
38#include <sys/cdefs.h>
39#include <sys/content_protection.h>
40#include <sys/kernel_types.h>
41
42#define CP_KEYSIZE 32 /* 8x4 = 32, 32x8 = 256 */
43#define CP_WRAPPEDKEYSIZE 40 /* 2x4 = 8, 8x8 = 64 */
44
45/* lock events from AppleKeyStore */
46#define CP_LOCKED_STATE 0 /* Device is locked */
47#define CP_UNLOCKED_STATE 1 /* Device is unlocked */
48
49#define CP_LOCKED_KEYCHAIN 0
50#define CP_UNLOCKED_KEYCHAIN 1
51
52/* For struct cprotect: cp_flags */
53#define CP_NEEDS_KEYS 0x1 /* File needs persistent keys */
54#define CP_KEY_FLUSHED 0x2 /* File's unwrapped key has been purged from memory */
55#define CP_NO_XATTR 0x4 /* Key info has not been saved as EA to the FS */
56
57/* Content Protection VNOP Operation flags */
58#define CP_READ_ACCESS 0x1
59#define CP_WRITE_ACCESS 0x2
60
61#define CONTENT_PROTECTION_XATTR_NAME "com.apple.system.cprotect"
62#define CP_CURRENT_MAJOR_VERS 2
63#define CP_CURRENT_MINOR_VERS 0
64
65
66typedef struct cprotect *cprotect_t;
67typedef struct cp_wrap_func *cp_wrap_func_t;
68typedef struct cp_global_state *cp_global_state_t;
69typedef struct cp_xattr *cp_xattr_t;
70
71typedef struct cnode * cnode_ptr_t;
72//forward declare the struct.
73struct hfsmount;
74
75/* The wrappers are invoked by the AKS kext */
76typedef int wrapper_t(uint32_t properties, void *key_bytes, size_t key_length, void *wrapped_data, size_t *wrapped_length);
77typedef int unwrapper_t(uint32_t properties, void *wrapped_data, size_t wrapped_data_length, void *key_bytes, size_t *key_length);
78
79/*
80 * Runtime-only structure containing the content protection status
81 * for the given file. This is contained within the cnode
82 */
83struct cprotect {
84 uint8_t cp_cache_key[CP_KEYSIZE];
85 uint8_t cp_persistent_key[CP_WRAPPEDKEYSIZE];
86 uint32_t cp_flags;
87 uint32_t cp_pclass;
88};
89
90struct cp_wrap_func {
91 wrapper_t *wrapper;
92 unwrapper_t *unwrapper;
93};
94
95struct cp_global_state {
96 uint8_t wrap_functions_set;
97 uint8_t lock_state;
98};
99
100/*
101 * On-disk structure written as the per-file EA payload
102 * All on-disk multi-byte fields for the CP XATTR must be stored
103 * little-endian on-disk. This means they must be endian swapped to
104 * L.E on getxattr() and converted to LE on setxattr().
105 */
106struct cp_xattr {
107 u_int16_t xattr_major_version;
108 u_int16_t xattr_minor_version;
109 u_int32_t flags;
110 u_int32_t persistent_class;
111 u_int32_t key_size;
112 uint8_t persistent_key[CP_WRAPPEDKEYSIZE];
113};
114
115/* Same is true for the root EA, all fields must be written little endian. */
116struct cp_root_xattr {
117 u_int16_t major_version;
118 u_int16_t minor_version;
119 u_int64_t flags;
120 u_int32_t reserved1;
121 u_int32_t reserved2;
122 u_int32_t reserved3;
123 u_int32_t reserved4;
124};
125
126
127/*
128 * Functions to check the status of a CP and to query
129 * the containing filesystem to see if it is supported.
130 */
131int cp_vnode_getclass(vnode_t, int *);
132int cp_vnode_setclass(vnode_t, uint32_t);
133
134int cp_key_store_action(int);
135int cp_register_wraps(cp_wrap_func_t);
136
137int cp_entry_init(cnode_ptr_t, struct mount *);
138int cp_entry_create_keys(cnode_ptr_t);
139void cp_entry_destroy(cnode_ptr_t);
140
141cnode_ptr_t cp_get_protected_cnode(vnode_t);
142int cp_handle_vnop(cnode_ptr_t, int);
143int cp_fs_protected (mount_t);
144int cp_getrootxattr (struct hfsmount *hfsmp, struct cp_root_xattr *outxattr);
145int cp_setrootxattr (struct hfsmount *hfsmp, struct cp_root_xattr *newxattr);
146int cp_handle_relocate (cnode_ptr_t cp);
147
148#endif /* KERNEL_PRIVATE */
149
150#ifdef __cplusplus
151};
152#endif
153
154#endif /* !_SYS_CPROTECT_H_ */