2 * Copyright (c) 2017 Apple Computer, Inc. All rights reserved.
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
29 #ifndef _KERN_CODESIGN_H_
30 #define _KERN_CODESIGN_H_
34 /* code signing attributes of a process */
35 #define CS_VALID 0x00000001 /* dynamically valid */
36 #define CS_ADHOC 0x00000002 /* ad hoc signed */
37 #define CS_GET_TASK_ALLOW 0x00000004 /* has get-task-allow entitlement */
38 #define CS_INSTALLER 0x00000008 /* has installer entitlement */
40 #define CS_FORCED_LV 0x00000010 /* Library Validation required by Hardened System Policy */
41 #define CS_INVALID_ALLOWED 0x00000020 /* (macOS Only) Page invalidation allowed by task port policy */
43 #define CS_HARD 0x00000100 /* don't load invalid pages */
44 #define CS_KILL 0x00000200 /* kill process if it becomes invalid */
45 #define CS_CHECK_EXPIRATION 0x00000400 /* force expiration checking */
46 #define CS_RESTRICT 0x00000800 /* tell dyld to treat restricted */
48 #define CS_ENFORCEMENT 0x00001000 /* require enforcement */
49 #define CS_REQUIRE_LV 0x00002000 /* require library validation */
50 #define CS_ENTITLEMENTS_VALIDATED 0x00004000 /* code signature permits restricted entitlements */
51 #define CS_NVRAM_UNRESTRICTED 0x00008000 /* has com.apple.rootless.restricted-nvram-variables.heritable entitlement */
53 #define CS_RUNTIME 0x00010000 /* Apply hardened runtime policies */
54 #define CS_LINKER_SIGNED 0x00020000 /* Automatically signed by the linker */
56 #define CS_ALLOWED_MACHO (CS_ADHOC | CS_HARD | CS_KILL | CS_CHECK_EXPIRATION | \
57 CS_RESTRICT | CS_ENFORCEMENT | CS_REQUIRE_LV | CS_RUNTIME | CS_LINKER_SIGNED)
59 #define CS_EXEC_SET_HARD 0x00100000 /* set CS_HARD on any exec'ed process */
60 #define CS_EXEC_SET_KILL 0x00200000 /* set CS_KILL on any exec'ed process */
61 #define CS_EXEC_SET_ENFORCEMENT 0x00400000 /* set CS_ENFORCEMENT on any exec'ed process */
62 #define CS_EXEC_INHERIT_SIP 0x00800000 /* set CS_INSTALLER on any exec'ed process */
64 #define CS_KILLED 0x01000000 /* was killed by kernel for invalidity */
65 #define CS_DYLD_PLATFORM 0x02000000 /* dyld used to load this is a platform binary */
66 #define CS_PLATFORM_BINARY 0x04000000 /* this is a platform binary */
67 #define CS_PLATFORM_PATH 0x08000000 /* platform binary by the fact of path (osx only) */
69 #define CS_DEBUGGED 0x10000000 /* process is currently or has previously been debugged and allowed to run with invalid pages */
70 #define CS_SIGNED 0x20000000 /* process has a signature (may have gone invalid) */
71 #define CS_DEV_CODE 0x40000000 /* code is dev signed, cannot be loaded into prod signed code (will go away with rdar://problem/28322552) */
72 #define CS_DATAVAULT_CONTROLLER 0x80000000 /* has Data Vault controller entitlement */
74 #define CS_ENTITLEMENT_FLAGS (CS_GET_TASK_ALLOW | CS_INSTALLER | CS_DATAVAULT_CONTROLLER | CS_NVRAM_UNRESTRICTED)
76 /* executable segment flags */
78 #define CS_EXECSEG_MAIN_BINARY 0x1 /* executable segment denotes main binary */
79 #define CS_EXECSEG_ALLOW_UNSIGNED 0x10 /* allow unsigned pages (for debugging) */
80 #define CS_EXECSEG_DEBUGGER 0x20 /* main binary is debugger */
81 #define CS_EXECSEG_JIT 0x40 /* JIT enabled */
82 #define CS_EXECSEG_SKIP_LV 0x80 /* OBSOLETE: skip library validation */
83 #define CS_EXECSEG_CAN_LOAD_CDHASH 0x100 /* can bless cdhash for execution */
84 #define CS_EXECSEG_CAN_EXEC_CDHASH 0x200 /* can execute blessed cdhash */
87 * Magic numbers used by Code Signing
90 CSMAGIC_REQUIREMENT
= 0xfade0c00, /* single Requirement blob */
91 CSMAGIC_REQUIREMENTS
= 0xfade0c01, /* Requirements vector (internal requirements) */
92 CSMAGIC_CODEDIRECTORY
= 0xfade0c02, /* CodeDirectory blob */
93 CSMAGIC_EMBEDDED_SIGNATURE
= 0xfade0cc0, /* embedded form of signature data */
94 CSMAGIC_EMBEDDED_SIGNATURE_OLD
= 0xfade0b02, /* XXX */
95 CSMAGIC_EMBEDDED_ENTITLEMENTS
= 0xfade7171, /* embedded entitlements */
96 CSMAGIC_DETACHED_SIGNATURE
= 0xfade0cc1, /* multi-arch collection of embedded signatures */
97 CSMAGIC_BLOBWRAPPER
= 0xfade0b01, /* CMS Signature, among other things */
99 CS_SUPPORTSSCATTER
= 0x20100,
100 CS_SUPPORTSTEAMID
= 0x20200,
101 CS_SUPPORTSCODELIMIT64
= 0x20300,
102 CS_SUPPORTSEXECSEG
= 0x20400,
103 CS_SUPPORTSRUNTIME
= 0x20500,
104 CS_SUPPORTSLINKAGE
= 0x20600,
106 CSSLOT_CODEDIRECTORY
= 0, /* slot index for CodeDirectory */
108 CSSLOT_REQUIREMENTS
= 2,
109 CSSLOT_RESOURCEDIR
= 3,
110 CSSLOT_APPLICATION
= 4,
111 CSSLOT_ENTITLEMENTS
= 5,
113 CSSLOT_ALTERNATE_CODEDIRECTORIES
= 0x1000, /* first alternate CodeDirectory, if any */
114 CSSLOT_ALTERNATE_CODEDIRECTORY_MAX
= 5, /* max number of alternate CD slots */
115 CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT
= CSSLOT_ALTERNATE_CODEDIRECTORIES
+ CSSLOT_ALTERNATE_CODEDIRECTORY_MAX
, /* one past the last */
117 CSSLOT_SIGNATURESLOT
= 0x10000, /* CMS Signature */
118 CSSLOT_IDENTIFICATIONSLOT
= 0x10001,
119 CSSLOT_TICKETSLOT
= 0x10002,
121 CSTYPE_INDEX_REQUIREMENTS
= 0x00000002, /* compat with amfi */
122 CSTYPE_INDEX_ENTITLEMENTS
= 0x00000005, /* compat with amfi */
124 CS_HASHTYPE_SHA1
= 1,
125 CS_HASHTYPE_SHA256
= 2,
126 CS_HASHTYPE_SHA256_TRUNCATED
= 3,
127 CS_HASHTYPE_SHA384
= 4,
131 CS_SHA256_TRUNCATED_LEN
= 20,
133 CS_CDHASH_LEN
= 20, /* always - larger hashes are truncated */
134 CS_HASH_MAX_SIZE
= 48, /* max size of the hash we'll support */
137 * Currently only to support Legacy VPN plugins, and Mac App Store
138 * but intended to replace all the various platform code, dev code etc. bits.
140 CS_SIGNER_TYPE_UNKNOWN
= 0,
141 CS_SIGNER_TYPE_LEGACYVPN
= 5,
142 CS_SIGNER_TYPE_MAC_APP_STORE
= 6,
144 CS_SUPPL_SIGNER_TYPE_UNKNOWN
= 0,
145 CS_SUPPL_SIGNER_TYPE_TRUSTCACHE
= 7,
146 CS_SUPPL_SIGNER_TYPE_LOCAL
= 8,
149 #define KERNEL_HAVE_CS_CODEDIRECTORY 1
150 #define KERNEL_CS_CODEDIRECTORY_HAVE_PLATFORM 1
153 * C form of a CodeDirectory.
155 typedef struct __CodeDirectory
{
156 uint32_t magic
; /* magic number (CSMAGIC_CODEDIRECTORY) */
157 uint32_t length
; /* total length of CodeDirectory blob */
158 uint32_t version
; /* compatibility version */
159 uint32_t flags
; /* setup and mode flags */
160 uint32_t hashOffset
; /* offset of hash slot element at index zero */
161 uint32_t identOffset
; /* offset of identifier string */
162 uint32_t nSpecialSlots
; /* number of special hash slots */
163 uint32_t nCodeSlots
; /* number of ordinary (code) hash slots */
164 uint32_t codeLimit
; /* limit to main image signature range */
165 uint8_t hashSize
; /* size of each hash in bytes */
166 uint8_t hashType
; /* type of hash (cdHashType* constants) */
167 uint8_t platform
; /* platform identifier; zero if not platform binary */
168 uint8_t pageSize
; /* log2(page size in bytes); 0 => infinite */
169 uint32_t spare2
; /* unused (must be zero) */
171 char end_earliest
[0];
173 /* Version 0x20100 */
174 uint32_t scatterOffset
; /* offset of optional scatter vector */
175 char end_withScatter
[0];
177 /* Version 0x20200 */
178 uint32_t teamOffset
; /* offset of optional team identifier */
179 char end_withTeam
[0];
181 /* Version 0x20300 */
182 uint32_t spare3
; /* unused (must be zero) */
183 uint64_t codeLimit64
; /* limit to main image signature range, 64 bits */
184 char end_withCodeLimit64
[0];
186 /* Version 0x20400 */
187 uint64_t execSegBase
; /* offset of executable segment */
188 uint64_t execSegLimit
; /* limit of executable segment */
189 uint64_t execSegFlags
; /* executable segment flags */
190 char end_withExecSeg
[0];
191 /* Version 0x20500 */
193 uint32_t preEncryptOffset
;
194 char end_withPreEncryptOffset
[0];
196 /* Version 0x20600 */
197 uint8_t linkageHashType
;
198 uint8_t linkageTruncated
;
200 uint32_t linkageOffset
;
201 uint32_t linkageSize
;
202 char end_withLinkage
[0];
205 /* followed by dynamic content as located by offset fields above */
207 __attribute__ ((aligned(1)));
210 * Structure of an embedded-signature SuperBlob
213 typedef struct __BlobIndex
{
214 uint32_t type
; /* type of entry */
215 uint32_t offset
; /* offset of entry */
217 __attribute__ ((aligned(1)));
219 typedef struct __SC_SuperBlob
{
220 uint32_t magic
; /* magic number */
221 uint32_t length
; /* total length of SuperBlob */
222 uint32_t count
; /* number of index entries following */
223 CS_BlobIndex index
[]; /* (count) entries */
224 /* followed by Blobs in no particular order as indicated by offsets in index */
226 __attribute__ ((aligned(1)));
228 #define KERNEL_HAVE_CS_GENERICBLOB 1
229 typedef struct __SC_GenericBlob
{
230 uint32_t magic
; /* magic number */
231 uint32_t length
; /* total length of blob */
234 __attribute__ ((aligned(1)));
236 typedef struct __SC_Scatter
{
237 uint32_t count
; // number of pages; zero for sentinel (only)
238 uint32_t base
; // first page number
239 uint64_t targetOffset
; // offset in target
240 uint64_t spare
; // reserved
242 __attribute__ ((aligned(1)));
245 #endif /* _KERN_CODESIGN_H */
projects / apple / xnu.git / blob