1/* 2 * Copyright (c) 2006,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24// 25// cskernel - Kernel implementation of the Code Signing Host Interface 26// 27#ifndef _H_CSKERNEL 28#define _H_CSKERNEL 29 30#include "Code.h" 31#include "StaticCode.h" 32#include <security_utilities/utilities.h> 33 34namespace Security { 35namespace CodeSigning { 36 37 38class ProcessCode; 39 40 41// 42// The nominal StaticCode representing the kernel on disk. 43// This is barely used, since we don't validate the kernel (it's the root of trust) 44// and we don't activate new kernels at runtime. 45// 46class KernelStaticCode : public SecStaticCode { 47public: 48 KernelStaticCode(); 49 50private: 51}; 52 53 54// 55// A SecCode that represents the system's running kernel. 56// We usually only have one of those in the system at one time. :-) 57// 58class KernelCode : public SecCode { 59public: 60 KernelCode(); 61 62 SecCode *locateGuest(CFDictionaryRef attributes); 63 SecStaticCode *identifyGuest(SecCode *guest, CFDataRef *cdhash); 64 SecCodeStatus getGuestStatus(SecCode *guest); 65 void changeGuestStatus(SecCode *guest, SecCodeStatusOperation operation, CFDictionaryRef arguments); 66 67 static KernelCode *active() { return globals().code; } 68 69public: 70 struct Globals { 71 Globals(); 72 SecPointer<KernelCode> code; 73 SecPointer<KernelStaticCode> staticCode; 74 }; 75 static ModuleNexus<Globals> globals; 76 77protected: 78 void identify(); 79 void csops(ProcessCode *proc, unsigned int op, void *addr = NULL, size_t length = 0); 80}; 81 82 83} // end namespace CodeSigning 84} // end namespace Security 85 86#endif // !_H_CSKERNEL 87