1/* 2 * security.h 3 * kext_tools 4 * 5 * Copyright 20012 Apple Inc. All rights reserved. 6 * 7 */ 8#ifndef _SECURITY_H 9#define _SECURITY_H 10 11#include <CoreFoundation/CoreFoundation.h> 12#include <IOKit/kext/OSKext.h> 13#include <mach/mach_error.h> 14 15// <rdar://problem/12435992> 16#include <asl.h> 17#include <Security/SecCode.h> 18#include <Security/SecCodeSigner.h> 19#include <Security/SecStaticCode.h> 20#include <Security/SecRequirement.h> 21#include <Security/SecRequirementPriv.h> 22#include <Security/SecCodePriv.h> 23 24#define kMessageTracerDomainKey "com.apple.message.domain" 25#define kMessageTracerHashKey "com.apple.message.hash" 26#define kMessageTracerBundleIDKey "com.apple.message.bundleID" 27#define kMessageTracerVersionKey "com.apple.message.version" 28#define kMessageTracerKextNameKey "com.apple.message.kextname" 29#define kMessageTracerFatKey "com.apple.message.fat" 30#define kMessageTracerArchKey "com.apple.message.architecture" 31 32#define kMessageTracerTeamIdKey "com.apple.message.teamid" 33#define kMessageTracerSubjectCNKey "com.apple.message.subjectcn" 34#define kMessageTracerIssuerCNKey "com.apple.message.issuercn" 35 36#define kMessageTracerSignatureTypeKey "com.apple.message.signaturetype" 37#define kMessageTracerPathKey "com.apple.message.kextpath" 38 39#define kAppleKextWithAppleRoot \ 40"Apple kext with Apple root" 41#define k3rdPartyKextWithAppleRoot \ 42"3rd-party kext with Apple root" 43#define k3rdPartyKextWithoutAppleRoot \ 44"3rd-party kext without Apple root" 45#define k3rdPartyKextWithDevIdPlus \ 46"3rd-party kext with devid+ certificate" 47#define k3rdPartyKextWithRevokedDevIdPlus \ 48"3rd-party kext with revoked devid+ certificate" 49#define kUnsignedKext \ 50"Unsigned kext" 51 52/* "com.apple.libkext.kext.loading" was used in 10.8 53 * "com.apple.libkext.kext.loading.v3" is used in 10.9 */ 54#define kMTKextLoadingDomain "com.apple.libkext.kext.loading.v3" 55#define kMTKextBlockedDomain "com.apple.libkext.kext.blocked" 56 57void messageTraceExcludedKext(OSKextRef aKext); 58void recordKextLoadListForMT(CFArrayRef kextList); 59void recordKextLoadForMT(OSKextRef aKext); 60 61OSStatus checkKextSignature(OSKextRef aKext, 62 Boolean checkExceptionList, 63 Boolean earlyBoot); 64Boolean isInExceptionList(OSKextRef theKext, CFURLRef theKextURL, Boolean useCache); 65Boolean isInLibraryExtensionsFolder(OSKextRef theKext); 66Boolean isInSystemLibraryExtensionsFolder(OSKextRef theKext); 67Boolean isDevMode(void); 68Boolean isInvalidSignatureAllowed(void); 69Boolean isKextdRunning(void); 70int callSecKeychainMDSInstall( void ); 71 72#endif // _SECURITY_H 73