1/*
2 *  security.h
3 *  kext_tools
4 *
5 *  Copyright 20012 Apple Inc. All rights reserved.
6 *
7 */
8#ifndef _SECURITY_H
9#define _SECURITY_H
10
11#include <CoreFoundation/CoreFoundation.h>
12#include <IOKit/kext/OSKext.h>
13#include <mach/mach_error.h>
14
15//  <rdar://problem/12435992>
16#include <asl.h>
17#include <Security/SecCode.h>
18#include <Security/SecCodeSigner.h>
19#include <Security/SecStaticCode.h>
20#include <Security/SecRequirement.h>
21#include <Security/SecRequirementPriv.h>
22#include <Security/SecCodePriv.h>
23
24#define kMessageTracerDomainKey     "com.apple.message.domain"
25#define kMessageTracerHashKey       "com.apple.message.hash"
26#define kMessageTracerBundleIDKey   "com.apple.message.bundleID"
27#define kMessageTracerVersionKey    "com.apple.message.version"
28#define kMessageTracerKextNameKey   "com.apple.message.kextname"
29#define kMessageTracerFatKey        "com.apple.message.fat"
30#define kMessageTracerArchKey       "com.apple.message.architecture"
31
32#define kMessageTracerTeamIdKey     "com.apple.message.teamid"
33#define kMessageTracerSubjectCNKey  "com.apple.message.subjectcn"
34#define kMessageTracerIssuerCNKey   "com.apple.message.issuercn"
35
36#define kMessageTracerSignatureTypeKey "com.apple.message.signaturetype"
37#define kMessageTracerPathKey       "com.apple.message.kextpath"
38
39#define kAppleKextWithAppleRoot \
40"Apple kext with Apple root"
41#define k3rdPartyKextWithAppleRoot \
42"3rd-party kext with Apple root"
43#define k3rdPartyKextWithoutAppleRoot \
44"3rd-party kext without Apple root"
45#define k3rdPartyKextWithDevIdPlus \
46"3rd-party kext with devid+ certificate"
47#define k3rdPartyKextWithRevokedDevIdPlus \
48"3rd-party kext with revoked devid+ certificate"
49#define kUnsignedKext \
50"Unsigned kext"
51
52/* "com.apple.libkext.kext.loading" was used in 10.8
53 * "com.apple.libkext.kext.loading.v3"  is used in 10.9 */
54#define kMTKextLoadingDomain        "com.apple.libkext.kext.loading.v3"
55#define kMTKextBlockedDomain        "com.apple.libkext.kext.blocked"
56
57void    messageTraceExcludedKext(OSKextRef aKext);
58void    recordKextLoadListForMT(CFArrayRef kextList);
59void    recordKextLoadForMT(OSKextRef aKext);
60
61OSStatus checkKextSignature(OSKextRef aKext,
62                            Boolean checkExceptionList,
63                            Boolean earlyBoot);
64Boolean isInExceptionList(OSKextRef theKext, CFURLRef theKextURL, Boolean useCache);
65Boolean isInLibraryExtensionsFolder(OSKextRef theKext);
66Boolean isInSystemLibraryExtensionsFolder(OSKextRef theKext);
67Boolean isDevMode(void);
68Boolean isInvalidSignatureAllowed(void);
69Boolean isKextdRunning(void);
70int callSecKeychainMDSInstall( void );
71
72#endif // _SECURITY_H
73