1/*
2 * Copyright (c) 2006,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24//
25// cskernel - Kernel implementation of the Code Signing Host Interface
26//
27#ifndef _H_CSKERNEL
28#define _H_CSKERNEL
29
30#include "Code.h"
31#include "StaticCode.h"
32#include <security_utilities/utilities.h>
33
34namespace Security {
35namespace CodeSigning {
36
37
38class ProcessCode;
39
40
41//
42// The nominal StaticCode representing the kernel on disk.
43// This is barely used, since we don't validate the kernel (it's the root of trust)
44// and we don't activate new kernels at runtime.
45//
46class KernelStaticCode : public SecStaticCode {
47public:
48	KernelStaticCode();
49
50private:
51};
52
53
54//
55// A SecCode that represents the system's running kernel.
56// We usually only have one of those in the system at one time. :-)
57//
58class KernelCode : public SecCode {
59public:
60	KernelCode();
61
62	SecCode *locateGuest(CFDictionaryRef attributes);
63	SecStaticCode *identifyGuest(SecCode *guest, CFDataRef *cdhash);
64	SecCodeStatus getGuestStatus(SecCode *guest);
65	void changeGuestStatus(SecCode *guest, SecCodeStatusOperation operation, CFDictionaryRef arguments);
66
67	static KernelCode *active()		{ return globals().code; }
68
69public:
70	struct Globals {
71		Globals();
72		SecPointer<KernelCode> code;
73		SecPointer<KernelStaticCode> staticCode;
74	};
75	static ModuleNexus<Globals> globals;
76
77protected:
78	void identify();
79	void csops(ProcessCode *proc, unsigned int op, void *addr = NULL, size_t length = 0);
80};
81
82
83} // end namespace CodeSigning
84} // end namespace Security
85
86#endif // !_H_CSKERNEL
87