projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| fa7225c8 A |
1 | /* |
| 2 | * Copyright (c) 2016 Apple Inc. All Rights Reserved. | |
| 3 | * | |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * This file contains Original Code and/or Modifications of Original Code | |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| 12 | * | |
| 13 | * The Original Code and all software distributed under the License are | |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| 20 | * | |
| 21 | * @APPLE_LICENSE_HEADER_END@ | |
| 22 | */ | |
| 23 | ||
| 24 | /* Purpose: This header exposes shared functions that actually implement mount creation, policy question | |
| 25 | answering and mount deletion. | |
| 26 | ||
| 27 | Important: None of these functions implement synchronization and they all throw exceptions. It is up | |
| 28 | to the caller to handle those concerns. | |
| 29 | */ | |
| 30 | ||
| 31 | #include <string> | |
| 32 | #include "SecTranslocateUtilities.hpp" | |
| 33 | ||
| 34 | #ifndef SecTranslocateShared_hpp | |
| 35 | #define SecTranslocateShared_hpp | |
| 36 | ||
| 37 | namespace Security { | |
| 38 | ||
| 39 | namespace SecTranslocate { | |
| 40 | ||
| 41 | using namespace std; | |
| 42 | ||
| 43 | /* XPC Function keys */ | |
| 44 | extern const char* kSecTranslocateXPCFuncCreate; | |
| 45 | extern const char* kSecTranslocateXPCFuncCheckIn; | |
| 46 | ||
| 47 | /* XPC message argument keys */ | |
| 48 | extern const char* kSecTranslocateXPCMessageFunction; | |
| 49 | extern const char* kSecTranslocateXPCMessageOriginalPath; | |
| 50 | extern const char* kSecTranslocateXPCMessageDestinationPath; | |
| d64be36e | 51 | extern const char* kSecTranslocateXPCMessageOptions; |
| fa7225c8 A |
52 | extern const char* kSecTranslocateXPCMessagePid; |
| 53 | ||
| 54 | /*XPC message reply keys */ | |
| 55 | extern const char* kSecTranslocateXPCReplyError; | |
| 56 | extern const char* kSecTranslocateXPCReplySecurePath; | |
| 57 | ||
| d64be36e A |
58 | enum class TranslocationOptions : int64_t { |
| 59 | Default = 0, | |
| 60 | Generic = 1 << 0, | |
| 61 | Unveil = 1 << 1 | |
| 62 | }; | |
| 63 | ||
| 64 | class GenericTranslocationPath | |
| 65 | { | |
| 66 | public: | |
| 67 | GenericTranslocationPath(const string& path, TranslocationOptions opts); | |
| 68 | inline bool shouldTranslocate() const { return should; }; | |
| 69 | inline const string & getOriginalRealPath() const { return realOriginalPath; }; | |
| 70 | inline const string & getComponentNameToTranslocate() const { return componentNameToTranslocate; }; | |
| 71 | inline TranslocationOptions getOptions() const { return options; }; | |
| 72 | private: | |
| 73 | GenericTranslocationPath() = delete; | |
| 74 | ||
| 75 | bool should; | |
| 76 | string realOriginalPath; | |
| 77 | string componentNameToTranslocate; | |
| 78 | TranslocationOptions options; | |
| 79 | }; | |
| 80 | ||
| fa7225c8 A |
81 | class TranslocationPath |
| 82 | { | |
| 83 | public: | |
| d64be36e | 84 | TranslocationPath(string originalPath, TranslocationOptions opts); |
| fa7225c8 A |
85 | inline bool shouldTranslocate() const { return should; }; |
| 86 | inline const string & getOriginalRealPath() const { return realOriginalPath; }; | |
| 87 | inline const string & getPathToTranslocate() const { return pathToTranslocate; }; | |
| 866f8763 A |
88 | inline const string & getPathInsideTranslocation() const { return pathInsideTranslocationPoint; }; |
| 89 | inline const string & getComponentNameToTranslocate() const { return componentNameToTranslocate; }; | |
| fa7225c8 | 90 | string getTranslocatedPathToOriginalPath(const string &translocationPoint) const; |
| d64be36e | 91 | inline TranslocationOptions getOptions() const { return options; }; |
| fa7225c8 A |
92 | private: |
| 93 | TranslocationPath() = delete; | |
| 94 | ||
| 95 | bool should; | |
| 96 | string realOriginalPath; | |
| 97 | string pathToTranslocate; | |
| 866f8763 | 98 | string componentNameToTranslocate; //the final component of pathToTranslocate |
| fa7225c8 | 99 | string pathInsideTranslocationPoint; |
| d64be36e | 100 | TranslocationOptions options; |
| fa7225c8 A |
101 | |
| 102 | ExtendedAutoFileDesc findOuterMostCodeBundleForFD(ExtendedAutoFileDesc &fd); | |
| 103 | }; | |
| 104 | ||
| 105 | string getOriginalPath(const ExtendedAutoFileDesc& fd, bool* isDir); //throws | |
| 106 | ||
| 107 | // For methods below, the caller is responsible for ensuring that only one thread is | |
| 108 | // accessing/modifying the mount table at a time | |
| 109 | string translocatePathForUser(const TranslocationPath &originalPath, const string &destPath); //throws | |
| d64be36e | 110 | string translocatePathForUser(const GenericTranslocationPath &originalPath, const string &destPath); //throws |
| fa7225c8 A |
111 | bool destroyTranslocatedPathForUser(const string &translocatedPath); //throws |
| 112 | bool destroyTranslocatedPathsForUserOnVolume(const string &volumePath = ""); //throws | |
| 113 | void tryToDestroyUnusedTranslocationMounts(); | |
| 114 | ||
| 115 | } //namespace SecTranslocate | |
| 116 | }// namespace Security | |
| 117 | ||
| d64be36e | 118 | |
| fa7225c8 | 119 | #endif /* SecTranslocateShared_hpp */ |