+1

platform-include/System/sys

reviewed

··· 1 1 + ../sys

+3 -3

src/CoreServices/SystemVersion.plist

reviewed

··· 5 5 <key>ProductBuildVersion</key> 6 6 <string>Darling</string> 7 7 <key>ProductCopyright</key> 8 8 - <string>2012-2017 Lubos Dolezel</string> 8 8 + <string>2012-2019 Lubos Dolezel</string> 9 9 <key>ProductName</key> 10 10 <string>Mac OS X</string> 11 11 <key>ProductUserVisibleVersion</key> 12 12 - <string>10.12</string> 12 12 + <string>10.14</string> 13 13 <key>ProductVersion</key> 14 14 - <string>10.12</string> 14 14 + <string>10.14</string> 15 15 </dict> 16 16 </plist>

+1

src/libc/CMakeLists.txt

reviewed

··· 199 199 macho 200 200 system_duct 201 201 system_asl 202 202 + xpc 202 203 LINK_FLAGS 203 204 "-Wl,-alias_list,${CMAKE_CURRENT_SOURCE_DIR}/xcodescripts/alias.list" 204 205 )

+3 -1

src/libc/darwin/CMakeLists.txt

reviewed

··· 7 7 compatibility_hacks.c 8 8 forceLibcToBuild.c 9 9 init_cpu_capabilities.c 10 10 - kvm.c) 10 10 + kvm.c 11 11 + variant.c 12 12 + ) 11 13 12 14 add_library(libc-darwin OBJECT ${darwin_sources})

+494

src/libc/darwin/variant.c

reviewed

··· 1 1 + /* 2 2 + * Copyright (c) 2016 Apple Computer, Inc. All rights reserved. 3 3 + * 4 4 + * @APPLE_LICENSE_HEADER_START@ 5 5 + * 6 6 + * This file contains Original Code and/or Modifications of Original Code 7 7 + * as defined in and that are subject to the Apple Public Source License 8 8 + * Version 2.0 (the 'License'). You may not use this file except in 9 9 + * compliance with the License. Please obtain a copy of the License at 10 10 + * http://www.opensource.apple.com/apsl/ and read it before using this 11 11 + * file. 12 12 + * 13 13 + * The Original Code and all software distributed under the License are 14 14 + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 15 + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 16 + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 17 + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 18 + * Please see the License for the specific language governing rights and 19 19 + * limitations under the License. 20 20 + * 21 21 + * @APPLE_LICENSE_HEADER_END@ 22 22 + */ 23 23 + 24 24 + #include <stdlib.h> 25 25 + #include <unistd.h> 26 26 + #include <sys/stat.h> 27 27 + #include <sys/sysctl.h> 28 28 + #include <sys/types.h> 29 29 + #include <dispatch/dispatch.h> 30 30 + #include <xpc/xpc.h> 31 31 + #include <xpc/private.h> 32 32 + #include <System/sys/csr.h> 33 33 + #include <System/machine/cpu_capabilities.h> 34 34 + 35 35 + #include <os/assumes.h> 36 36 + #include <os/variant_private.h> 37 37 + 38 38 + enum variant_property { 39 39 + VP_ALL = 0, 40 40 + VP_CONTENT, 41 41 + VP_DIAGNOSTICS, 42 42 + VP_UI, 43 43 + VP_SECURITY, 44 44 + VP_MAX 45 45 + }; 46 46 + 47 47 + enum check_status { 48 48 + S_UNKNOWN = 0, 49 49 + S_NO = 2, 50 50 + S_YES = 3 51 51 + }; 52 52 + 53 53 + static bool 54 54 + status2bool(enum check_status status) { 55 55 + switch (status) { 56 56 + case S_NO: 57 57 + return false; 58 58 + case S_YES: 59 59 + return true; 60 60 + default: 61 61 + os_crash("os_variant had unexpected status"); 62 62 + } 63 63 + } 64 64 + 65 65 + #define VAR_FILE_LEGACY "/var/db/disableAppleInternal" 66 66 + 67 67 + #if TARGET_OS_OSX 68 68 + #define VAR_FILE_OVERRIDE "/var/db/os_variant_override" 69 69 + #else 70 70 + #define VAR_FILE_OVERRIDE "/usr/share/misc/os_variant_override" 71 71 + #endif 72 72 + 73 73 + #if !TARGET_OS_SIMULATOR 74 74 + #define INTERNAL_CONTENT_PATH "/System/Library/CoreServices/AppleInternalVariant.plist" 75 75 + #else 76 76 + #define INTERNAL_CONTENT_PATH "/AppleInternal" 77 77 + #endif 78 78 + 79 79 + #define SYSTEM_VERSION_PLIST_PATH "/System/Library/CoreServices/SystemVersion.plist" 80 80 + #define SYSTEM_VERSION_PLIST_KEY "ReleaseType" 81 81 + 82 82 + #if TARGET_OS_IPHONE 83 83 + #define INTERNAL_SETTINGS_PATH "/AppleInternal/Library/PreferenceBundles/Internal Settings.bundle" 84 84 + #else 85 85 + #define INTERNAL_DIAGS_PROFILE_PATH "/var/db/ConfigurationProfiles/Settings/com.apple.InternalDiagnostics.plist" 86 86 + #endif 87 87 + 88 88 + #if !TARGET_OS_SIMULATOR 89 89 + #define CACHE_SYSCTL_NAME "kern.osvariant_status" 90 90 + 91 91 + static void _restore_cached_check_status(uint64_t status); 92 92 + static uint64_t _get_cached_check_status(void); 93 93 + 94 94 + static char * _read_file(const char *path, size_t *size_out) 95 95 + { 96 96 + char *buf = NULL; 97 97 + 98 98 + int fd = open(path, O_RDONLY); 99 99 + if (fd == -1) return NULL; 100 100 + 101 101 + struct stat sb; 102 102 + int rc = fstat(fd, &sb); 103 103 + if (rc != 0 || sb.st_size == 0) { 104 104 + goto error; 105 105 + } 106 106 + 107 107 + size_t size_limit = (size_out && *size_out != 0) ? *size_out : 1024; 108 108 + size_t size = (size_t)sb.st_size; 109 109 + if (size_out) *size_out = (size_t)sb.st_size; 110 110 + if (size > size_limit) { 111 111 + goto error; 112 112 + } 113 113 + 114 114 + buf = malloc(size + 1); 115 115 + if (!buf) { 116 116 + goto error; 117 117 + } 118 118 + 119 119 + ssize_t bytes_read = read(fd, buf, size); 120 120 + buf[size] = '\0'; 121 121 + 122 122 + 123 123 + if (bytes_read == (ssize_t)size) { 124 124 + close(fd); 125 125 + return buf; 126 126 + } 127 127 + 128 128 + error: 129 129 + close(fd); 130 130 + free(buf); 131 131 + return NULL; 132 132 + } 133 133 + 134 134 + static xpc_object_t read_plist(const char *path) 135 135 + { 136 136 + size_t size = 16 * 1024; 137 137 + uint8_t *buf = (uint8_t*)_read_file(path, &size); 138 138 + if (!buf) return NULL; 139 139 + 140 140 + xpc_object_t plist = xpc_create_from_plist(buf, size); 141 141 + if (plist && xpc_get_type(plist) != XPC_TYPE_DICTIONARY) { 142 142 + xpc_release(plist); 143 143 + plist = NULL; 144 144 + } 145 145 + 146 146 + free(buf); 147 147 + 148 148 + return plist; 149 149 + } 150 150 + #endif 151 151 + 152 152 + #if !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR 153 153 + static enum check_status internal_content = S_UNKNOWN; 154 154 + #endif 155 155 + #if !TARGET_OS_SIMULATOR 156 156 + static enum check_status can_has_debugger = S_UNKNOWN; 157 157 + #if TARGET_OS_IPHONE 158 158 + static enum check_status internal_release_type = S_UNKNOWN; 159 159 + #else // TARGET_OS_IPHONE 160 160 + static enum check_status internal_diags_profile = S_UNKNOWN; 161 161 + #endif // TARGET_OS_IPHONE 162 162 + #endif // !TARGET_OS_SIMULATOR 163 163 + 164 164 + static bool disabled_status[VP_MAX] = {}; 165 165 + 166 166 + static void _parse_disabled_status(char *test_string) 167 167 + { 168 168 + #if TARGET_OS_SIMULATOR 169 169 + #pragma unused(test_string) 170 170 + #else // TARGET_OS_SIMULATOR 171 171 + char *override_str = NULL; 172 172 + 173 173 + bzero(disabled_status, sizeof(disabled_status)); 174 174 + 175 175 + if (test_string != NULL) { 176 176 + /* used for unit tests */ 177 177 + override_str = strdup(test_string); 178 178 + } else { 179 179 + if (access(VAR_FILE_LEGACY, F_OK) == 0) { 180 180 + goto disable_all; 181 181 + } else if (access(VAR_FILE_OVERRIDE, F_OK) != 0) { 182 182 + return; 183 183 + } 184 184 + 185 185 + override_str = _read_file(VAR_FILE_OVERRIDE, NULL); 186 186 + } 187 187 + 188 188 + if (override_str == NULL) goto disable_all; 189 189 + 190 190 + char *token, *string = override_str; 191 191 + while ((token = strsep(&string, ",\n")) != NULL) { 192 192 + if (strcmp(token, "content") == 0) { 193 193 + disabled_status[VP_CONTENT] = true; 194 194 + } else if (strcmp(token, "diagnostics") == 0) { 195 195 + disabled_status[VP_DIAGNOSTICS] = true; 196 196 + } else if (strcmp(token, "ui") == 0) { 197 197 + disabled_status[VP_UI] = true; 198 198 + } else if (strcmp(token, "security") == 0) { 199 199 + disabled_status[VP_SECURITY] = true; 200 200 + } 201 201 + } 202 202 + 203 203 + free(override_str); 204 204 + return; 205 205 + 206 206 + disable_all: 207 207 + for (int i = 0; i < VP_MAX; i++) { 208 208 + disabled_status[i] = true; 209 209 + } 210 210 + #endif //!TARGET_OS_SIMULATOR 211 211 + } 212 212 + 213 213 + #if !TARGET_OS_SIMULATOR 214 214 + static bool _load_cached_status(void) 215 215 + { 216 216 + uint64_t status = 0; 217 217 + size_t status_size = sizeof(status); 218 218 + int ret = sysctlbyname(CACHE_SYSCTL_NAME, &status, &status_size, NULL, 0); 219 219 + if (ret != 0) { 220 220 + return false; 221 221 + } 222 222 + 223 223 + if (status) { 224 224 + _restore_cached_check_status(status); 225 225 + return true; 226 226 + } 227 227 + 228 228 + if (status == 0 && getpid() == 1) { 229 229 + /* 230 230 + * Looks like we are in launchd; try to set the status. 231 231 + * 232 232 + * We don't actually care if this works because we'll have warmed our state. 233 233 + */ 234 234 + status = _get_cached_check_status(); 235 235 + sysctlbyname(CACHE_SYSCTL_NAME, NULL, 0, &status, status_size); 236 236 + return true; 237 237 + } 238 238 + 239 239 + return false; 240 240 + } 241 241 + #endif 242 242 + 243 243 + static void _initialize_status(void * __unused ctx) 244 244 + { 245 245 + #if !TARGET_OS_SIMULATOR 246 246 + if (!_load_cached_status()) { 247 247 + _parse_disabled_status(NULL); 248 248 + } 249 249 + #else 250 250 + _parse_disabled_status(NULL); 251 251 + #endif 252 252 + } 253 253 + 254 254 + static bool _check_disabled(enum variant_property variant_property) 255 255 + { 256 256 + static dispatch_once_t disabled_status_pred; 257 257 + dispatch_once_f(&disabled_status_pred, NULL, _initialize_status); 258 258 + 259 259 + return disabled_status[variant_property]; 260 260 + } 261 261 + 262 262 + #if !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR 263 263 + static bool _check_internal_content(void) 264 264 + { 265 265 + if (internal_content == S_UNKNOWN) { 266 266 + #if !TARGET_OS_SIMULATOR 267 267 + const char * path = INTERNAL_CONTENT_PATH; 268 268 + #else 269 269 + char *simulator_root = getenv("IPHONE_SIMULATOR_ROOT"); 270 270 + char *to_free = NULL, *path = NULL; 271 271 + if (simulator_root) { 272 272 + asprintf(&path, "%s/%s", simulator_root, INTERNAL_CONTENT_PATH); 273 273 + if (path == NULL) { 274 274 + return false; 275 275 + } 276 276 + to_free = path; 277 277 + } 278 278 + #endif 279 279 + internal_content = (access(path, F_OK) == 0) ? S_YES : S_NO; 280 280 + #if TARGET_OS_SIMULATOR 281 281 + free(to_free); 282 282 + #endif 283 283 + } 284 284 + return status2bool(internal_content); 285 285 + } 286 286 + #endif // !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR 287 287 + 288 288 + #if TARGET_OS_IPHONE 289 289 + 290 290 + /* 291 291 + * This set of criteria was taken from copyInternalBuild in MobileGestalt.c 292 292 + */ 293 293 + static bool _check_internal_release_type(void) 294 294 + { 295 295 + #if TARGET_OS_SIMULATOR 296 296 + return _check_internal_content(); 297 297 + #else // TARGET_OS_SIMULATOR 298 298 + if (internal_release_type == S_UNKNOWN) { 299 299 + xpc_object_t system_version_plist = read_plist(SYSTEM_VERSION_PLIST_PATH); 300 300 + if (system_version_plist) { 301 301 + const char *release_type = 302 302 + xpc_dictionary_get_string(system_version_plist, 303 303 + SYSTEM_VERSION_PLIST_KEY); 304 304 + 305 305 + if (release_type == NULL) { 306 306 + /* 307 307 + * Confusingly, customer images are just completely missing this key. 308 308 + */ 309 309 + internal_release_type = S_NO; 310 310 + } else if (strcmp(release_type, "Internal") == 0 || 311 311 + strcmp(release_type, "Lite Internal") == 0 || 312 312 + strcmp(release_type, "NonUI") == 0) { 313 313 + internal_release_type = S_YES; 314 314 + } else { 315 315 + internal_release_type = S_NO; 316 316 + } 317 317 + 318 318 + xpc_release(system_version_plist); 319 319 + } else { 320 320 + internal_release_type = (access(INTERNAL_SETTINGS_PATH, F_OK) == 0) ? S_YES : S_NO; 321 321 + } 322 322 + } 323 323 + 324 324 + return status2bool(internal_release_type); 325 325 + #endif // TARGET_OS_SIMULATOR 326 326 + } 327 327 + 328 328 + #else 329 329 + 330 330 + static bool _check_internal_diags_profile() { 331 331 + static enum check_status internal_diags_profile = S_UNKNOWN; 332 332 + 333 333 + if (internal_diags_profile == S_UNKNOWN) { 334 334 + xpc_object_t profile_settings = read_plist(INTERNAL_DIAGS_PROFILE_PATH); 335 335 + if (profile_settings) { 336 336 + internal_diags_profile = xpc_dictionary_get_bool(profile_settings, "AppleInternal") ? S_YES : S_NO; 337 337 + xpc_release(profile_settings); 338 338 + } else { 339 339 + internal_diags_profile = S_NO; 340 340 + } 341 341 + } 342 342 + 343 343 + return status2bool(internal_diags_profile); 344 344 + } 345 345 + 346 346 + #endif 347 347 + 348 348 + static bool _check_can_has_debugger(void) 349 349 + { 350 350 + #if TARGET_OS_SIMULATOR 351 351 + return _check_internal_content(); 352 352 + #else 353 353 + if (can_has_debugger == S_UNKNOWN) { 354 354 + #if TARGET_OS_IPHONE 355 355 + can_has_debugger = *((uint32_t *)_COMM_PAGE_DEV_FIRM) ? S_YES : S_NO; 356 356 + #else 357 357 + /* 358 358 + * The comm page bit does exist on macOS, but also requires kernel 359 359 + * debugging in the CSR configuration. We don't need to be that strict 360 360 + * here. 361 361 + */ 362 362 + can_has_debugger = (csr_check(CSR_ALLOW_APPLE_INTERNAL) == 0) ? S_YES : S_NO; 363 363 + #endif 364 364 + } 365 365 + return status2bool(can_has_debugger); 366 366 + #endif // TARGET_OS_SIMULATOR 367 367 + } 368 368 + 369 369 + // For unit tests 370 370 + #ifndef VARIANT_SKIP_EXPORTED 371 371 + 372 372 + bool 373 373 + os_variant_has_internal_content(const char * __unused subsystem) 374 374 + { 375 375 + if (_check_disabled(VP_CONTENT)) { 376 376 + return false; 377 377 + } 378 378 + 379 379 + #if TARGET_OS_IPHONE 380 380 + return _check_internal_release_type(); 381 381 + #else 382 382 + return _check_internal_content(); 383 383 + #endif 384 384 + } 385 385 + 386 386 + 387 387 + bool 388 388 + os_variant_has_internal_diagnostics(const char * __unused subsystem) 389 389 + { 390 390 + if (_check_disabled(VP_DIAGNOSTICS)) { 391 391 + return false; 392 392 + } 393 393 + 394 394 + #if TARGET_OS_IPHONE 395 395 + return _check_internal_release_type(); 396 396 + #else 397 397 + return _check_internal_content() || _check_internal_diags_profile(); 398 398 + #endif 399 399 + } 400 400 + 401 401 + bool 402 402 + os_variant_has_internal_ui(const char * __unused subsystem) 403 403 + { 404 404 + if (_check_disabled(VP_UI)) { 405 405 + return false; 406 406 + } 407 407 + 408 408 + #if TARGET_OS_IPHONE 409 409 + return _check_internal_release_type(); 410 410 + #else 411 411 + return _check_internal_content(); 412 412 + #endif 413 413 + } 414 414 + 415 415 + bool 416 416 + os_variant_allows_internal_security_policies(const char * __unused subsystem) 417 417 + { 418 418 + if (_check_disabled(VP_SECURITY)) { 419 419 + return false; 420 420 + } 421 421 + 422 422 + return _check_can_has_debugger(); 423 423 + } 424 424 + 425 425 + #endif // VARIANT_SKIP_EXPORTED 426 426 + 427 427 + #define STATUS_INITIAL_BITS 0x70000000F0000000ULL 428 428 + #define STATUS_BIT_WIDTH 2 429 429 + #define STATUS_SET 0x2 430 430 + #define STATUS_MASK 0x3 431 431 + 432 432 + enum status_flags_positions { 433 433 + SFP_INTERNAL_CONTENT = 0, 434 434 + SFP_CAN_HAS_DEBUGGER = 1, 435 435 + SFP_INTERNAL_RELEASE_TYPE = 2, 436 436 + SFP_INTERNAL_DIAGS_PROFILE = 3 437 437 + }; 438 438 + 439 439 + #if !TARGET_OS_SIMULATOR 440 440 + static uint64_t _get_cached_check_status(void) 441 441 + { 442 442 + uint64_t res = STATUS_INITIAL_BITS; 443 443 + 444 444 + #if !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR 445 445 + _check_internal_content(); 446 446 + if (internal_content != S_UNKNOWN) 447 447 + res |= internal_content << SFP_INTERNAL_CONTENT * STATUS_BIT_WIDTH; 448 448 + #endif 449 449 + 450 450 + _check_can_has_debugger(); 451 451 + if (can_has_debugger != S_UNKNOWN) 452 452 + res |= can_has_debugger << SFP_CAN_HAS_DEBUGGER * STATUS_BIT_WIDTH; 453 453 + 454 454 + #if TARGET_OS_IPHONE 455 455 + _check_internal_release_type(); 456 456 + if (internal_release_type != S_UNKNOWN) 457 457 + res |= internal_release_type << SFP_INTERNAL_RELEASE_TYPE * STATUS_BIT_WIDTH; 458 458 + #else 459 459 + _check_internal_diags_profile(); 460 460 + if (internal_diags_profile != S_UNKNOWN) 461 461 + res |= internal_diags_profile << SFP_INTERNAL_DIAGS_PROFILE * STATUS_BIT_WIDTH; 462 462 + #endif 463 463 + 464 464 + _parse_disabled_status(NULL); 465 465 + for (int i = 0; i < VP_MAX; i++) { 466 466 + if (disabled_status[i]) { 467 467 + res |= 0x1ULL << (i + 32); 468 468 + } 469 469 + } 470 470 + 471 471 + return res; 472 472 + } 473 473 + 474 474 + static void _restore_cached_check_status(uint64_t status) 475 475 + { 476 476 + #if !TARGET_OS_IPHONE || TARGET_OS_SIMULATOR 477 477 + if ((status >> (SFP_INTERNAL_CONTENT * STATUS_BIT_WIDTH)) & STATUS_SET) 478 478 + internal_content = (status >> (SFP_INTERNAL_CONTENT * STATUS_BIT_WIDTH)) & STATUS_MASK; 479 479 + #endif 480 480 + if ((status >> (SFP_CAN_HAS_DEBUGGER * STATUS_BIT_WIDTH)) & STATUS_SET) 481 481 + can_has_debugger = (status >> (SFP_CAN_HAS_DEBUGGER * STATUS_BIT_WIDTH)) & STATUS_MASK; 482 482 + #if TARGET_OS_IPHONE 483 483 + if ((status >> (SFP_INTERNAL_RELEASE_TYPE * STATUS_BIT_WIDTH)) & STATUS_SET) 484 484 + internal_release_type = (status >> (SFP_INTERNAL_RELEASE_TYPE * STATUS_BIT_WIDTH)) & STATUS_MASK; 485 485 + #else 486 486 + if ((status >> (SFP_INTERNAL_DIAGS_PROFILE * STATUS_BIT_WIDTH)) & STATUS_SET) 487 487 + internal_diags_profile = (status >> (SFP_INTERNAL_DIAGS_PROFILE * STATUS_BIT_WIDTH)) & STATUS_MASK; 488 488 + #endif 489 489 + 490 490 + for (int i = 0; i < VP_MAX; i++) { 491 491 + disabled_status[i] = (status >> (32 + i)) & 0x1; 492 492 + } 493 493 + } 494 494 + #endif // !TARGET_OS_SIMULATOR

+140

src/libc/include/os/variant_private.h

reviewed

··· 1 1 + /* 2 2 + * Copyright (c) 2017 Apple Inc. All rights reserved. 3 3 + * 4 4 + * @APPLE_APACHE_LICENSE_HEADER_START@ 5 5 + * 6 6 + * Licensed under the Apache License, Version 2.0 (the "License"); 7 7 + * you may not use this file except in compliance with the License. 8 8 + * You may obtain a copy of the License at 9 9 + * 10 10 + * http://www.apache.org/licenses/LICENSE-2.0 11 11 + * 12 12 + * Unless required by applicable law or agreed to in writing, software 13 13 + * distributed under the License is distributed on an "AS IS" BASIS, 14 14 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 15 + * See the License for the specific language governing permissions and 16 16 + * limitations under the License. 17 17 + * 18 18 + * @APPLE_APACHE_LICENSE_HEADER_END@ 19 19 + */ 20 20 + 21 21 + #ifndef __OS_VARIANT_H__ 22 22 + #define __OS_VARIANT_H__ 23 23 + 24 24 + #include <stdbool.h> 25 25 + 26 26 + #include <os/base.h> 27 27 + 28 28 + /*! @header 29 29 + * OS Variant SPI 30 30 + * 31 31 + * Provides a mechanism to determine the currently running OS variant. 32 32 + * 33 33 + * Any of these APIs may be overridden to its non-internal behavior on a 34 34 + * device by creating on override file. On macOS, this file is placed 35 35 + * at: 36 36 + * /var/db/os_variant_override 37 37 + * On embedded platforms, this file is placed at: 38 38 + * /usr/share/misc/os_variant_override 39 39 + * 40 40 + * Individual internal behaviors can be selectively disabled (ie. 41 41 + * individual os_variant_has_internal_*() predicates can be overriden to 42 42 + * false) by writing the file with a comma- or newline-delimited list of 43 43 + * names to disable. To disable all internal behaviors, empty the file. 44 44 + * 45 45 + * Each of these functions takes a constant string argument for the requesting 46 46 + * subsystem. This should be a reverse-DNS string describing the subsystem 47 47 + * performing the check. This may be used in the future for auditing and 48 48 + * selective overriding of checks. 49 49 + * 50 50 + */ 51 51 + 52 52 + __BEGIN_DECLS 53 53 + 54 54 + /*! 55 55 + * @function os_variant_has_internal_content 56 56 + * 57 57 + * @abstract returns whether this system variant has internal content installed 58 58 + * ("content") 59 59 + * 60 60 + * @result 61 61 + * Returns true if this build has this property. False otherwise or upon error. 62 62 + */ 63 63 + OS_EXPORT OS_WARN_RESULT 64 64 + bool 65 65 + os_variant_has_internal_content(const char *subsystem); 66 66 + 67 67 + /*! 68 68 + * @function os_variant_has_internal_diagnostics 69 69 + * 70 70 + * @abstract returns whether this system variant has internal diagnostics 71 71 + * enabled ("diagnostics") 72 72 + * 73 73 + * @description 74 74 + * 75 75 + * Internal diagnostics include behaviors that emit extra diagnostic or 76 76 + * debugging information when an error occurs. 77 77 + * 78 78 + * On macOS, this check will look for presence of AppleInternal content or the 79 79 + * AppleInternalDiagnostics profile to be installed. 80 80 + * 81 81 + * On embedded platforms, this check will look for an internal install variant 82 82 + * in a manner similar to the MobileGestalt check for InternalBuild. 83 83 + * 84 84 + * @result 85 85 + * Returns true if this build has this property. False otherwise or upon error. 86 86 + */ 87 87 + OS_EXPORT OS_WARN_RESULT 88 88 + bool 89 89 + os_variant_has_internal_diagnostics(const char *subsystem); 90 90 + 91 91 + /*! 92 92 + * @function os_variant_has_internal_ui 93 93 + * 94 94 + * @abstract returns whether this system variant has internal UI visible ("ui") 95 95 + * 96 96 + * @description 97 97 + * 98 98 + * Internal UI includes debug menus and internal settings. 99 99 + * 100 100 + * On macOS, this will check for the presence of AppleInternal content. On 101 101 + * embedded platforms, this check will look for an internal install variant in 102 102 + * a manor similar to the MobileGestalt check for InternalBuild. 103 103 + * 104 104 + * @result 105 105 + * Returns true if this build has this property. False otherwise or upon error. 106 106 + */ 107 107 + OS_EXPORT OS_WARN_RESULT 108 108 + bool 109 109 + os_variant_has_internal_ui(const char *subsystem); 110 110 + 111 111 + /*! 112 112 + * @function os_variant_allows_internal_security_policies 113 113 + * 114 114 + * @abstract returns whether this system variant allows internal security policies 115 115 + * ("security") 116 116 + * 117 117 + * @description 118 118 + * 119 119 + * On macOS, this will check the CSR status for whether AppleInternal policies 120 120 + * are enabled. 121 121 + * 122 122 + * On embedded platforms, this will check for a build/device combination that 123 123 + * allows for removal of codesigning and debugging restrictions. This usually 124 124 + * returns whether the hardware is development fused and may return true on 125 125 + * such hardware even if a customer build is installed. 126 126 + * 127 127 + * n.b. The result of this API should /not/ be used to automatically enable 128 128 + * relaxed security policies, only to signal that other mechanisms to enable 129 129 + * them are allowed, e.g. a "defaults write". 130 130 + * 131 131 + * @result 132 132 + * Returns true if this build has this property. False otherwise or upon error. 133 133 + */ 134 134 + OS_EXPORT OS_WARN_RESULT 135 135 + bool 136 136 + os_variant_allows_internal_security_policies(const char *subsystem); 137 137 + 138 138 + __END_DECLS 139 139 + 140 140 + #endif // __os_variant_H__