1/*
2 *  security.h
3 *  kext_tools
4 *
5 *  Copyright 20012 Apple Inc. All rights reserved.
6 *
7 */
8#ifndef _SECURITY_H
9#define _SECURITY_H
10
11#include <CoreFoundation/CoreFoundation.h>
12#include <IOKit/kext/OSKext.h>
13#include <mach/mach_error.h>
14
15//  <rdar://problem/12435992>
16#include <asl.h>
17#include <Security/SecCode.h>
18#include <Security/SecCodeSigner.h>
19#include <Security/SecStaticCode.h>
20#include <Security/SecRequirement.h>
21#include <Security/SecRequirementPriv.h>
22#include <Security/SecCodePriv.h>
23#include <Security/cssmerr.h>
24
25#define kMessageTracerDomainKey     "com.apple.message.domain"
26#define kMessageTracerHashKey       "com.apple.message.hash"
27#define kMessageTracerBundleIDKey   "com.apple.message.bundleID"
28#define kMessageTracerVersionKey    "com.apple.message.version"
29#define kMessageTracerKextNameKey   "com.apple.message.kextname"
30#define kMessageTracerFatKey        "com.apple.message.fat"
31#define kMessageTracerArchKey       "com.apple.message.architecture"
32
33#define kMessageTracerTeamIdKey     "com.apple.message.teamid"
34#define kMessageTracerSubjectCNKey  "com.apple.message.subjectcn"
35#define kMessageTracerIssuerCNKey   "com.apple.message.issuercn"
36
37#define kMessageTracerSignatureTypeKey "com.apple.message.signaturetype"
38#define kMessageTracerPathKey       "com.apple.message.kextpath"
39
40#define kAppleKextWithAppleRoot \
41"Apple kext with Apple root"
42#define k3rdPartyKextWithAppleRoot \
43"3rd-party kext with Apple root"
44#define k3rdPartyKextWithoutAppleRoot \
45"3rd-party kext without Apple root"
46#define k3rdPartyKextWithDevIdPlus \
47"3rd-party kext with devid+ certificate"
48#define k3rdPartyKextWithRevokedDevIdPlus \
49"3rd-party kext with revoked devid+ certificate"
50#define kUnsignedKext \
51"Unsigned kext"
52
53/* "com.apple.libkext.kext.loading" was used in 10.8
54 * "com.apple.libkext.kext.loading.v3"  is used in 10.9 */
55#define kMTKextLoadingDomain        "com.apple.libkext.kext.loading.v3"
56#define kMTKextBlockedDomain        "com.apple.libkext.kext.blocked"
57
58void    messageTraceExcludedKext(OSKextRef aKext);
59void    recordKextLoadListForMT(CFArrayRef kextList);
60void    recordKextLoadForMT(OSKextRef aKext);
61
62Boolean isDebugSetInBootargs(void);
63OSStatus checkKextSignature(OSKextRef aKext, Boolean checkExceptionList);
64Boolean isInExceptionList(OSKextRef aKext, Boolean useCache);
65Boolean isInLibraryExtensionsFolder(OSKextRef theKext);
66
67#endif // _SECURITY_H
68