Open Menu / mach_o / Policy.h
Loading...
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
/*
 * Copyright (c) 2022 Apple Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */


#ifndef mach_o_Policy_h
#define mach_o_Policy_h

#include <string_view>

#include "MachODefines.h"
#include "Platform.h"
#include "Architecture.h"

namespace mach_o {

/*!
 * @class Policy
 *
 * @abstract
 *      Class for encapsulating policy for mach-o format details.
 *
 * @discussion
 *      The mach-o format is evolving over time. There are two categories
 *      of changes: new features and new restrictions.
 *
 *      A new feature is a new load command or new section, which only a new
 *      enough OS will understand. Each feature has a "use<xxx>()" method which
 *      ld checks to decide to emit a mach-o with the new feature.  The
 *      result of that method is a Usage value that specifies if the policy
 *      is to use or not use that feature, and if that use is a "must" or "preferred".
 *      A preferred policy can be overridden by a command line arg
 *      (e.g. -no\_fixup\_chains), whereas a must cannot be overridden.
 *
 *      A restriction is a constraint on existing mach-o details. These are driven
 *      by security, performance, or correctness concerns.  Each restriction
 *      has an "enforce<xxx>()" method which dyld and dyld\_info check to validate
 *      the binary. Restrictions are based on the SDK version the binary was built
 *      with. That is, the an old binary is allowed to violate the restriction,
 *      whereas a newer binary (build against newer SDK) is not.  The restriction
 *      logic is that the "enforce<xxx>()" will all return true for a binary built
 *      with the latest SDK.
 *
 */
class VIS_HIDDEN Policy
{
public:
                Policy(Architecture arch, PlatformAndVersions pvs, uint32_t filetype, bool pathMayBeInSharedCache=false, bool kernel=false, bool staticExec=false);

    enum Usage { preferUse, mustUse, preferDontUse, mustNotUse };

    // features
    Usage       useBuildVersionLoadCommand() const;
    Usage       useDataConst() const;
    Usage       useConstClassRefs() const;
    Usage       useGOTforClassRefs() const;
    Usage       useConstInterpose() const;
    Usage       useChainedFixups() const;
    Usage       useOpcodeFixups() const;
    Usage       useRelativeMethodLists() const;
    Usage       optimizeClassPatching() const;
    Usage       optimizeSingletonPatching() const;
    Usage       useAuthStubsInKexts() const;
    Usage       useDataConstForSelRefs() const;
    Usage       useSourceVersionLoadCommand() const;
    bool        use4KBLoadCommandsPadding() const;
    bool        canUseDelayInit() const;
    uint16_t    chainedFixupsFormat() const;
    bool        useProtectedStack() const;
    bool        canUseEntryName() const;
    Usage       useEntryPointLoadCommand() const;
    bool        keepDwarfUnwind() const;
    bool        canInferEmptySignedClassROs() const;

    // restrictions
    bool        enforceReadOnlyLinkedit() const;
    bool        enforceLinkeditContentAlignment() const;
    bool        enforceOneFixupEncoding() const;
    bool        enforceSegmentOrderMatchesLoadCmds() const;
    bool        enforceTextSegmentPermissions() const;
    bool        enforceFixupsInWritableSegments() const;
    bool        enforceCodeSignatureAligned() const;
    bool        enforceSectionsInSegment() const;
    bool        enforceHasLinkedDylibs() const;
    bool        enforceInstallNamesAreRealPaths() const;
    bool        enforceHasUUID() const;
    bool        enforceMainFlagsCorrect() const;
    bool        enforceNoDuplicateDylibs() const;
    bool        enforceNoDuplicateRPaths() const;
    bool        enforceDataSegmentPermissions() const;
    bool        enforceDataConstSegmentPermissions() const;
    bool        enforceImageListRemoveMainExecutable() const;
    bool        enforceSetSimulatorSharedCachePath() const;
    bool        enforceUniqueSegmentNames() const;

private:
    bool              dyldLoadsOutput() const;
    bool              kernelOrKext() const;
    bool              isDynamicFirmware() const;

    Platform::Epoch   _featureEpoch;
    Platform::Epoch   _enforcementEpoch;
    Architecture      _arch;
    PlatformAndVersions   _pvs;
    uint32_t          _filetype;
    bool              _pathMayBeInSharedCache;
    bool              _kernel;
    bool              _staticExec;
};




} // namespace mach_o

#endif // mach_o_Policy_h