]> git.saurik.com Git - apple/security.git/blame - OSX/sec/ipc/securityd_client.h
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-58286.240.4.tar.gz
[apple/security.git] / OSX / sec / ipc / securityd_client.h
CommitLineData
b1ab9ed8 1/*
ecaf5866 2 * Copyright (c) 2007-2018 Apple Inc. All Rights Reserved.
d8f41ccd 3 *
b1ab9ed8 4 * @APPLE_LICENSE_HEADER_START@
5c19dc3a 5 *
b1ab9ed8
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
5c19dc3a 12 *
b1ab9ed8
A		 13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
5c19dc3a 20 *
b1ab9ed8
A		 21 * @APPLE_LICENSE_HEADER_END@
22 */
23#ifndef _SECURITYD_CLIENT_H_
24#define _SECURITYD_CLIENT_H_
25
26#include <stdint.h>
427c49bc 27
866f8763
A		 28#include <securityd/SecKeybagSupport.h>
29
e3d460c9
A		 30#include <Security/SecTrust.h>
31#include <Security/SecTask.h>
427c49bc
A		 32#ifndef MINIMIZE_INCLUDES
33# include <Security/SecTrustStore.h>
427c49bc
A		 34#else
35typedef struct __SecTrustStore *SecTrustStoreRef;
36# ifndef _SECURITY_SECCERTIFICATE_H_
37typedef struct __SecCertificate *SecCertificateRef;
38# endif // _SECURITY_SECCERTIFICATE_H_
427c49bc
A		 39#endif // MINIMIZE_INCLUDES
40
6b200bc3 41#if TARGET_HAS_KEYSTORE
e3d460c9
A		 42#include <libaks.h>
43#endif
44
b1ab9ed8
A		 45#include <CoreFoundation/CFArray.h>
46#include <CoreFoundation/CFDictionary.h>
427c49bc
A		 47#include <CoreFoundation/CFError.h>
48
5c19dc3a
A		 49#include <Security/SecureObjectSync/SOSCloudCircle.h>
50#include <Security/SecureObjectSync/SOSPeerInfo.h>
51#include <Security/SecureObjectSync/SOSRing.h>
427c49bc
A		 52
53#include <xpc/xpc.h>
54#include <CoreFoundation/CFXPCBridge.h>
b1ab9ed8 55
866f8763
A		 56#include <TargetConditionals.h>
57
58#if TARGET_OS_OSX
427c49bc 59#define kSecuritydXPCServiceName "com.apple.securityd.xpc"
866f8763 60#define kSecuritydSystemXPCServiceName "com.apple.securityd.system.xpc"
5c19dc3a
A		 61#define kTrustdAgentXPCServiceName "com.apple.trustd.agent"
62#define kTrustdXPCServiceName "com.apple.trustd"
b1ab9ed8 63#else
427c49bc 64#define kSecuritydXPCServiceName "com.apple.securityd"
866f8763
A		 65#define kTrustdAgentXPCServiceName "com.apple.trustd"
66#define kTrustdXPCServiceName "com.apple.trustd"
67#endif // *** END TARGET_OS_OSX ***
b1ab9ed8 68
ecaf5866
A		 69#define kSecuritydGeneralServiceName "com.apple.securityd.general"
70#define kSecuritydSOSServiceName "com.apple.securityd.sos"
71
427c49bc
A		 72//
73// MARK: XPC Information.
74//
75
76extern CFStringRef sSecXPCErrorDomain;
77
78extern const char *kSecXPCKeyOperation;
79extern const char *kSecXPCKeyResult;
866f8763 80extern const char *kSecXPCKeyEndpoint;
427c49bc 81extern const char *kSecXPCKeyError;
6b200bc3 82extern const char *kSecXPCKeyPeerInfoArray;
427c49bc
A		 83extern const char *kSecXPCKeyUserLabel;
84extern const char *kSecXPCKeyBackup;
85extern const char *kSecXPCKeyKeybag;
86extern const char *kSecXPCKeyUserPassword;
ecaf5866 87extern const char *kSecXPCKeyEMCSBackup;
5c19dc3a
A		 88extern const char *kSecXPCKeyDSID;
89extern const char *kSecXPCKeyViewName;
90extern const char *kSecXPCKeyViewActionCode;
91extern const char *kSecXPCKeyNewPublicBackupKey;
6b200bc3 92extern const char *kSecXPCKeyRecoveryPublicKey;
5c19dc3a
A		 93extern const char *kSecXPCKeyIncludeV0;
94extern const char *kSecXPCKeyEnabledViewsKey;
95extern const char *kSecXPCKeyDisabledViewsKey;
e0e0d90e 96extern const char *kSecXPCKeyEscrowLabel;
fa7225c8 97extern const char *kSecXPCKeyTriesLabel;
e3d460c9 98extern const char *kSecXPCKeyFileDescriptor;
fa7225c8
A		 99extern const char *kSecXPCKeyAccessGroups;
100extern const char *kSecXPCKeyClasses;
866f8763
A		 101extern const char *kSecXPCKeyNormalizedIssuer;
102extern const char *kSecXPCKeySerialNumber;
103extern const char *kSecXPCKeyBackupKeybagIdentifier;
104extern const char *kSecXPCKeyBackupKeybagPath;
fa7225c8 105
427c49bc
A		 106//
107// MARK: Dispatch macros
108//
109
110#define SECURITYD_XPC(sdp, wrapper, ...) ((gSecurityd && gSecurityd->sdp) ? gSecurityd->sdp(__VA_ARGS__) : wrapper(sdp ## _id, __VA_ARGS__))
866f8763 111#define TRUSTD_XPC(sdp, wrapper, ...) ((gTrustd && gTrustd->sdp) ? gTrustd->sdp(__VA_ARGS__) : wrapper(sdp ## _id, __VA_ARGS__))
b1ab9ed8 112
79b9da22
A		 113#define TRUSTD_XPC_ASYNC(sdp, wrapper, q, h, ...) do { \
114 if (gTrustd != NULL && gTrustd->sdp != NULL) { \
115 dispatch_async(q, ^{ \
116 CFErrorRef _error = NULL; \
117 SecTrustResultType _tr = gTrustd->sdp(__VA_ARGS__, &_error); \
118 h(_tr, _error); \
119 }); \
120 } else { \
121 wrapper(q, h, sdp ## _id, __VA_ARGS__); \
122 } \
123} while (0)
124
427c49bc
A		 125//
126// MARK: Object to XPC format conversion.
127//
b1ab9ed8 128
427c49bc
A		 129
130//
131// MARK: XPC Interfaces
132//
133
134extern const char *kSecXPCKeyOperation;
135extern const char *kSecXPCKeyResult;
136extern const char *kSecXPCKeyError;
6b200bc3
A		 137extern const char *kSecXPCKeyPeerInfoArray;
138extern const char *kSecXPCKeyPeerInfo;
427c49bc
A		 139extern const char *kSecXPCKeyUserLabel;
140extern const char *kSecXPCKeyUserPassword;
5c19dc3a 141extern const char *kSecXPCKeyDSID;
427c49bc
A		 142extern const char *kSecXPCLimitInMinutes;
143extern const char *kSecXPCKeyQuery;
144extern const char *kSecXPCKeyAttributesToUpdate;
145extern const char *kSecXPCKeyDomain;
146extern const char *kSecXPCKeyDigest;
147extern const char *kSecXPCKeyCertificate;
148extern const char *kSecXPCKeySettings;
d8f41ccd
A		 149extern const char *kSecXPCPublicPeerId; // Public peer id
150extern const char *kSecXPCOTRSession; // OTR session bytes
151extern const char *kSecXPCData; // Data to process
152extern const char *kSecXPCOTRReady; // OTR ready for messages
5c19dc3a
A		 153extern const char *kSecXPCKeyViewName;
154extern const char *kSecXPCKeyViewActionCode;
5c19dc3a 155extern const char *kSecXPCKeyHSA2AutoAcceptInfo;
e0e0d90e
A		 156extern const char *kSecXPCKeyEscrowLabel;
157extern const char *kSecXPCKeyTriesLabel;
5c19dc3a 158extern const char *kSecXPCKeyString;
fa7225c8 159extern const char *kSecXPCKeyArray;
6b200bc3
A		 160extern const char *kSecXPCKeySet;
161extern const char *kSecXPCKeySet2;
866f8763 162extern const char *kSecXPCVersion;
79b9da22 163extern const char *kSecXPCKeySignInAnalytics;
5c19dc3a 164extern const char *kSecXPCKeyReason;
427c49bc
A		 165
166//
167// MARK: Mach port request IDs
168//
169enum SecXPCOperation {
d8f41ccd
A		 170 sec_item_add_id = 0,
171 sec_item_copy_matching_id = 1,
172 sec_item_update_id = 2,
173 sec_item_delete_id = 3,
427c49bc 174 // trust_store_for_domain -- NOT an ipc
d8f41ccd
A		 175 sec_trust_store_contains_id = 4,
176 sec_trust_store_set_trust_settings_id = 5,
177 sec_trust_store_remove_certificate_id = 6,
427c49bc 178 // remove_all -- NOT an ipc
d8f41ccd
A		 179 sec_delete_all_id = 7,
180 sec_trust_evaluate_id = 8,
181 // Any new items MUST be added below here
182 // This allows updating roots on a device, since SecTrustEvaluate must continue to work
b1ab9ed8 183 sec_keychain_backup_id,
427c49bc 184 sec_keychain_restore_id,
427c49bc
A		 185 sec_keychain_backup_syncable_id,
186 sec_keychain_restore_syncable_id,
5c19dc3a
A		 187 sec_item_backup_copy_names_id,
188 sec_item_backup_handoff_fd_id,
189 sec_item_backup_set_confirmed_manifest_id,
190 sec_item_backup_restore_id,
d8f41ccd 191 sec_keychain_sync_update_message_id,
ecaf5866 192 sec_ota_pki_trust_store_version_id,
7512f6be 193 sec_ota_pki_asset_version_id,
d8f41ccd
A		 194 sec_otr_session_create_remote_id,
195 sec_otr_session_process_packet_remote_id,
ecaf5866
A		 196 kSecXPCOpOTAPKIGetNewAsset,
197 kSecXPCOpOTAGetEscrowCertificates,
427c49bc
A		 198 kSecXPCOpProcessUnlockNotification,
199 kSecXPCOpProcessSyncWithAllPeers,
d8f41ccd
A		 200 kSecXPCOpRollKeys,
201 sec_add_shared_web_credential_id,
202 sec_copy_shared_web_credential_id,
203 sec_get_log_settings_id,
204 sec_set_xpc_log_settings_id,
5c19dc3a 205 sec_set_circle_log_settings_id,
d8f41ccd
A		 206 soscc_EnsurePeerRegistration_id,
207 kSecXPCOpRequestEnsureFreshParameters,
5c19dc3a
A		 208 kSecXPCOpGetAllTheRings,
209 kSecXPCOpApplyToARing,
210 kSecXPCOpWithdrawlFromARing,
211 kSecXPCOpEnableRing,
212 kSecXPCOpRingStatus,
213 kSecXPCOpRequestDeviceID,
214 kSecXPCOpSetDeviceID,
215 kSecXPCOpHandleIDSMessage,
fa7225c8
A		 216 kSecXPCOpSyncWithKVSPeer,
217 kSecXPCOpSyncWithIDSPeer,
5c19dc3a
A		 218 kSecXPCOpSendIDSMessage,
219 kSecXPCOpPingTest,
220 kSecXPCOpIDSDeviceID,
6b200bc3 221 kSecXPCOpSyncWithKVSPeerIDOnly,
427c49bc
A		 222 // any process using an operation below here is required to have entitlement keychain-cloud-circle
223 kSecXPCOpTryUserCredentials,
224 kSecXPCOpSetUserCredentials,
5c19dc3a 225 kSecXPCOpSetUserCredentialsAndDSID,
79b9da22 226 kSecXPCOpSetUserCredentialsAndDSIDWithAnalytics,
427c49bc
A		 227 kSecXPCOpCanAuthenticate,
228 kSecXPCOpPurgeUserCredentials,
229 kSecXPCOpDeviceInCircle,
230 kSecXPCOpRequestToJoin,
79b9da22 231 kSecXPCOpRequestToJoinWithAnalytics,
427c49bc 232 kSecXPCOpRequestToJoinAfterRestore,
79b9da22 233 kSecXPCOpRequestToJoinAfterRestoreWithAnalytics,
427c49bc
A		 234 kSecXPCOpResetToOffering,
235 kSecXPCOpResetToEmpty,
79b9da22 236 kSecXPCOpResetToEmptyWithAnalytics,
5c19dc3a
A		 237 kSecXPCOpView,
238 kSecXPCOpViewSet,
79b9da22 239 kSecXPCOpViewSetWithAnalytics,
427c49bc 240 kSecXPCOpRemoveThisDeviceFromCircle,
79b9da22 241 kSecXPCOpRemoveThisDeviceFromCircleWithAnalytics,
e0e0d90e 242 kSecXPCOpRemovePeersFromCircle,
79b9da22 243 kSecXPCOpRemovePeersFromCircleWithAnalytics,
5c19dc3a 244 kSecXPCOpLoggedOutOfAccount,
427c49bc
A		 245 kSecXPCOpBailFromCircle,
246 kSecXPCOpAcceptApplicants,
247 kSecXPCOpRejectApplicants,
248 kSecXPCOpCopyApplicantPeerInfo,
d8f41ccd
A		 249 kSecXPCOpCopyValidPeerPeerInfo,
250 kSecXPCOpValidateUserPublic,
251 kSecXPCOpCopyNotValidPeerPeerInfo,
427c49bc
A		 252 kSecXPCOpCopyPeerPeerInfo,
253 kSecXPCOpCopyConcurringPeerPeerInfo,
d8f41ccd 254 kSecXPCOpCopyGenerationPeerInfo,
427c49bc 255 kSecXPCOpGetLastDepartureReason,
5c19dc3a 256 kSecXPCOpSetLastDepartureReason,
d8f41ccd
A		 257 kSecXPCOpCopyIncompatibilityInfo,
258 kSecXPCOpCopyRetirementPeerInfo,
e0e0d90e 259 kSecXPCOpCopyViewUnawarePeerInfo,
5c19dc3a
A		 260 kSecXPCOpCopyEngineState,
261 kSecXPCOpCopyMyPeerInfo,
ecaf5866 262 kSecXPCOpAccountSetToNew,
5c19dc3a
A		 263 kSecXPCOpSetNewPublicBackupKey,
264 kSecXPCOpSetBagForAllSlices,
265 kSecXPCOpWaitForInitialSync,
79b9da22 266 kSecXPCOpWaitForInitialSyncWithAnalytics,
5c19dc3a 267 kSecXPCOpCopyYetToSyncViews,
e0e0d90e
A		 268 kSecXPCOpSetEscrowRecord,
269 kSecXPCOpGetEscrowRecord,
270 kSecXPCOpCheckPeerAvailability,
e3d460c9
A		 271 kSecXPCOpCopyAccountData,
272 kSecXPCOpDeleteAccountData,
273 kSecXPCOpCopyEngineData,
274 kSecXPCOpDeleteEngineData,
fa7225c8
A		 275 kSecXPCOpCopyApplication,
276 kSecXPCOpCopyCircleJoiningBlob,
277 kSecXPCOpJoinWithCircleJoiningBlob,
866f8763
A		 278 kSecXPCOpKVSKeyCleanup,
279 kSecXPCOpPopulateKVS,
fa7225c8
A		 280 kSecXPCOpAccountHasPublicKey,
281 kSecXPCOpAccountIsNew,
6b200bc3
A		 282 kSecXPCOpClearKVSPeerMessage,
283 kSecXPCOpRegisterRecoveryPublicKey,
284 kSecXPCOpGetRecoveryPublicKey,
285 kSecXPCOpCopyBackupInformation,
866f8763 286 kSecXPCOpCopyInitialSyncBlob,
e3d460c9
A		 287 /* after this is free for all */
288 kSecXPCOpWhoAmI,
289 kSecXPCOpTransmogrifyToSyncBubble,
290 kSecXPCOpTransmogrifyToSystemKeychain,
291 kSecXPCOpWrapToBackupSliceKeyBagForView,
fa7225c8 292 sec_item_update_token_items_id,
e3d460c9 293 kSecXPCOpDeleteUserView,
fa7225c8
A		 294 sec_trust_store_copy_all_id,
295 sec_trust_store_copy_usage_constraints_id,
ecaf5866 296 sec_ocsp_cache_flush_id,
fa7225c8
A		 297 sec_delete_items_with_access_groups_id,
298 kSecXPCOpIsThisDeviceLastBackup,
299 sec_keychain_backup_keybag_uuid_id,
300 kSecXPCOpPeersHaveViewsEnabled,
6b200bc3 301 kSecXPCOpProcessSyncWithPeers,
6b200bc3
A		 302 kSecXPCOpMessageFromPeerIsPending,
303 kSecXPCOpSendToPeerIsPending,
866f8763
A		 304 sec_item_copy_parent_certificates_id,
305 sec_item_certificate_exists_id,
866f8763
A		 306 kSecXPCOpBackupKeybagAdd,
307 kSecXPCOpBackupKeybagDelete,
79b9da22 308 kSecXPCOpSFKeychainEndpoint,
ecaf5866 309 kSecXPCOpKeychainControlEndpoint,
7512f6be
A		 310 kSecXPCOpNetworkingAnalyticsReport,
311 kSecXPCOpSetCTExceptions,
312 kSecXPCOpCopyCTExceptions,
b1ab9ed8
A		 313};
314
427c49bc 315
866f8763 316typedef struct SecurityClient {
e3d460c9
A		 317 SecTaskRef task;
318 CFArrayRef accessGroups;
319 bool allowSystemKeychain;
320 bool allowSyncBubbleKeychain;
321 bool isNetworkExtension;
866f8763 322 bool canAccessNetworkExtensionAccessGroups;
e3d460c9
A		 323 uid_t uid;
324 CFDataRef musr;
6b200bc3 325#if TARGET_OS_EMBEDDED && TARGET_HAS_KEYSTORE
e3d460c9
A		 326 keybag_handle_t keybag;
327#endif
328#if TARGET_OS_IPHONE
329 bool inMultiUser;
330 int activeUser;
331#endif
332} SecurityClient;
333
334
335extern SecurityClient * SecSecurityClientGet(void);
336#if TARGET_OS_IOS
337void SecSecuritySetMusrMode(bool mode, uid_t uid, int activeUser);
338#endif
427c49bc 339
b1ab9ed8 340struct securityd {
e3d460c9
A		 341 bool (*sec_item_add)(CFDictionaryRef attributes, SecurityClient *client, CFTypeRef *result, CFErrorRef* error);
342 bool (*sec_item_copy_matching)(CFDictionaryRef query, SecurityClient *client, CFTypeRef *result, CFErrorRef* error);
343 bool (*sec_item_update)(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, SecurityClient *client, CFErrorRef* error);
344 bool (*sec_item_delete)(CFDictionaryRef query, SecurityClient *client, CFErrorRef* error);
641423b6
A		 345 bool (*sec_add_shared_web_credential)(CFDictionaryRef attributes, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef *error);
346 bool (*sec_copy_shared_web_credential)(CFDictionaryRef query, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef *error);
427c49bc 347 bool (*sec_item_delete_all)(CFErrorRef* error);
866f8763
A		 348 CFArrayRef (*sec_item_copy_parent_certificates)(CFDataRef normalizedIssuer, CFArrayRef accessGroups, CFErrorRef *error);
349 bool (*sec_item_certificate_exists)(CFDataRef normalizedIssuer, CFDataRef serialNumber, CFArrayRef accessGroups, CFErrorRef *error);
ecaf5866 350 CFDataRef (*sec_keychain_backup)(SecurityClient *client, CFDataRef keybag, CFDataRef passcode, bool emcs, CFErrorRef* error);
e3d460c9 351 bool (*sec_keychain_restore)(CFDataRef backup, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
427c49bc
A		 352 CFDictionaryRef (*sec_keychain_backup_syncable)(CFDictionaryRef backup_in, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
353 bool (*sec_keychain_restore_syncable)(CFDictionaryRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
5c19dc3a
A		 354 CFArrayRef (*sec_item_backup_copy_names)(CFErrorRef *error);
355 int (*sec_item_backup_handoff_fd)(CFStringRef backupName, CFErrorRef *error);
356 bool (*sec_item_backup_set_confirmed_manifest)(CFStringRef backupName, CFDataRef keybagDigest, CFDataRef manifest, CFErrorRef *error);
357 bool (*sec_item_backup_restore)(CFStringRef backupName, CFStringRef peerID, CFDataRef keybag, CFDataRef secret, CFDataRef backup, CFErrorRef *error);
d8f41ccd
A		 358 CFDataRef (*sec_otr_session_create_remote)(CFDataRef publicPeerId, CFErrorRef* error);
359 bool (*sec_otr_session_process_packet_remote)(CFDataRef sessionData, CFDataRef inputPacket, CFDataRef* outputSessionData, CFDataRef* outputPacket, bool *readyForMessages, CFErrorRef* error);
ecaf5866 360 bool (*soscc_TryUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFStringRef dsid, CFErrorRef *error);
427c49bc 361 bool (*soscc_SetUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
5c19dc3a 362 bool (*soscc_SetUserCredentialsAndDSID)(CFStringRef user_label, CFDataRef user_password, CFStringRef dsid, CFErrorRef *error);
79b9da22 363 bool (*soscc_SetUserCredentialsAndDSIDWithAnalytics)(CFStringRef user_label, CFDataRef user_password, CFStringRef dsid, CFDataRef parentEvent, CFErrorRef *error);
427c49bc
A		 364 bool (*soscc_CanAuthenticate)(CFErrorRef *error);
365 bool (*soscc_PurgeUserCredentials)(CFErrorRef *error);
366 SOSCCStatus (*soscc_ThisDeviceIsInCircle)(CFErrorRef* error);
367 bool (*soscc_RequestToJoinCircle)(CFErrorRef* error);
79b9da22 368 bool (*soscc_RequestToJoinCircleWithAnalytics)(CFDataRef parentEvent, CFErrorRef* error);
427c49bc 369 bool (*soscc_RequestToJoinCircleAfterRestore)(CFErrorRef* error);
79b9da22 370 bool (*soscc_RequestToJoinCircleAfterRestoreWithAnalytics)(CFDataRef parentEvent, CFErrorRef* error);
d8f41ccd 371 bool (*soscc_RequestEnsureFreshParameters)(CFErrorRef* error);
5c19dc3a
A		 372 CFStringRef (*soscc_GetAllTheRings)(CFErrorRef *error);
373 bool (*soscc_ApplyToARing)(CFStringRef ringName, CFErrorRef* error);
374 bool (*soscc_WithdrawlFromARing)(CFStringRef ringName, CFErrorRef* error);
375 bool (*soscc_EnableRing)(CFStringRef ringName, CFErrorRef* error);
376 SOSRingStatus (*soscc_RingStatus)(CFStringRef ringName, CFErrorRef* error);
5c19dc3a 377 bool (*soscc_SetToNew)(CFErrorRef *error);
427c49bc
A		 378 bool (*soscc_ResetToOffering)(CFErrorRef* error);
379 bool (*soscc_ResetToEmpty)(CFErrorRef* error);
79b9da22 380 bool (*soscc_ResetToEmptyWithAnalytics)(CFDataRef parentEvent, CFErrorRef* error);
5c19dc3a
A		 381 SOSViewResultCode (*soscc_View)(CFStringRef view, SOSViewActionCode action, CFErrorRef *error);
382 bool (*soscc_ViewSet)(CFSetRef enabledViews, CFSetRef disabledViews);
79b9da22 383 bool (*soscc_ViewSetWithAnalytics)(CFSetRef enabledViews, CFSetRef disabledViews, CFDataRef parentEvent);
e0e0d90e 384 bool (*soscc_RegisterSingleRecoverySecret)(CFDataRef backupSlice, bool forV0Only, CFErrorRef *error);
6b200bc3
A		 385 bool (*soscc_RegisterRecoveryPublicKey)(CFDataRef recovery_key, CFErrorRef *error);
386 CFDataRef (*soscc_CopyRecoveryPublicKey)(CFErrorRef *error);
427c49bc 387 bool (*soscc_RemoveThisDeviceFromCircle)(CFErrorRef* error);
79b9da22 388 bool (*soscc_RemoveThisDeviceFromCircleWithAnalytics)(CFDataRef parentEvent, CFErrorRef* error);
e0e0d90e 389 bool (*soscc_RemovePeersFromCircle)(CFArrayRef peers, CFErrorRef* error);
79b9da22 390 bool (*soscc_RemovePeersFromCircleWithAnalytics)(CFArrayRef peers, CFDataRef parentEvent, CFErrorRef* error);
5c19dc3a 391 bool (*soscc_LoggedOutOfAccount)(CFErrorRef* error);
427c49bc
A		 392 bool (*soscc_BailFromCircle)(uint64_t limit_in_seconds, CFErrorRef* error);
393 bool (*soscc_AcceptApplicants)(CFArrayRef applicants, CFErrorRef* error);
394 bool (*soscc_RejectApplicants)(CFArrayRef applicants, CFErrorRef* error);
5c19dc3a 395 SOSPeerInfoRef (*soscc_SetNewPublicBackupKey)(CFDataRef pubKey, CFErrorRef *error);
d8f41ccd
A		 396 bool (*soscc_ValidateUserPublic)(CFErrorRef* error);
397 CFArrayRef (*soscc_CopyGenerationPeerInfo)(CFErrorRef* error);
427c49bc 398 CFArrayRef (*soscc_CopyApplicantPeerInfo)(CFErrorRef* error);
d8f41ccd
A		 399 CFArrayRef (*soscc_CopyValidPeerPeerInfo)(CFErrorRef* error);
400 CFArrayRef (*soscc_CopyNotValidPeerPeerInfo)(CFErrorRef* error);
401 CFArrayRef (*soscc_CopyRetirementPeerInfo)(CFErrorRef* error);
e0e0d90e 402 CFArrayRef (*soscc_CopyViewUnawarePeerInfo)(CFErrorRef* error);
5c19dc3a
A		 403 CFArrayRef (*soscc_CopyEngineState)(CFErrorRef* error);
404 // Not sure why these are below the last entry in the enum order above, but they are:
427c49bc
A		 405 CFArrayRef (*soscc_CopyPeerInfo)(CFErrorRef* error);
406 CFArrayRef (*soscc_CopyConcurringPeerInfo)(CFErrorRef* error);
407 CFStringRef (*soscc_CopyIncompatibilityInfo)(CFErrorRef* error);
408 enum DepartureReason (*soscc_GetLastDepartureReason)(CFErrorRef* error);
5c19dc3a 409 bool (*soscc_SetLastDepartureReason)(enum DepartureReason, CFErrorRef* error);
6b200bc3 410 CFSetRef (*soscc_ProcessSyncWithPeers)(CFSetRef peerIDs, CFSetRef backupPeerIDs, CFErrorRef* error);
427c49bc 411 SyncWithAllPeersReason (*soscc_ProcessSyncWithAllPeers)(CFErrorRef* error);
d8f41ccd
A		 412 bool (*soscc_EnsurePeerRegistration)(CFErrorRef* error);
413 bool (*sec_roll_keys)(bool force, CFErrorRef* error);
d8f41ccd
A		 414 CFArrayRef (*sec_keychain_sync_update_message)(CFDictionaryRef update, CFErrorRef *error);
415 CFPropertyListRef (*sec_get_log_settings)(CFErrorRef* error);
416 bool (*sec_set_xpc_log_settings)(CFTypeRef type, CFErrorRef* error);
5c19dc3a
A		 417 bool (*sec_set_circle_log_settings)(CFTypeRef type, CFErrorRef* error);
418 SOSPeerInfoRef (*soscc_CopyMyPeerInfo)(CFErrorRef*);
5c19dc3a 419 bool (*soscc_WaitForInitialSync)(CFErrorRef*);
79b9da22 420 bool (*soscc_WaitForInitialSyncWithAnalytics)(CFDataRef parentEvent, CFErrorRef *error);
5c19dc3a 421 CFArrayRef (*soscc_CopyYetToSyncViewsList)(CFErrorRef*);
e0e0d90e
A		 422 bool (*soscc_SetEscrowRecords)(CFStringRef escrow_label, uint64_t tries, CFErrorRef *error);
423 CFDictionaryRef (*soscc_CopyEscrowRecords)(CFErrorRef *error);
6b200bc3 424 CFDictionaryRef (*soscc_CopyBackupInformation)(CFErrorRef *error);
e0e0d90e 425 bool (*soscc_PeerAvailability)(CFErrorRef *error);
e3d460c9
A		 426 bool (*sosbskb_WrapToBackupSliceKeyBagForView)(CFStringRef viewName, CFDataRef input, CFDataRef* output, CFDataRef* bskbEncoded, CFErrorRef* error);
427 CFDataRef (*soscc_CopyAccountState)(CFErrorRef *error);
428 bool (*soscc_DeleteAccountState)(CFErrorRef *error);
429 CFDataRef (*soscc_CopyEngineData)(CFErrorRef *error);
430 bool (*soscc_DeleteEngineState)(CFErrorRef *error);
fa7225c8
A		 431 SOSPeerInfoRef (*soscc_CopyApplicant)(CFErrorRef *error);
432 CFDataRef (*soscc_CopyCircleJoiningBlob)(SOSPeerInfoRef applicant, CFErrorRef *error);
866f8763
A		 433 CFDataRef (*soscc_CopyInitialSyncData)(CFErrorRef *error);
434 bool (*soscc_JoinWithCircleJoiningBlob)(CFDataRef joiningBlob, PiggyBackProtocolVersion version, CFErrorRef *error);
435 bool (*soscc_SOSCCCleanupKVSKeys)(CFErrorRef *error);
436 bool (*soscc_SOSCCTestPopulateKVSWithBadKeys)(CFErrorRef *error);
fa7225c8
A		 437 bool (*soscc_AccountHasPublicKey)(CFErrorRef *error);
438 bool (*soscc_AccountIsNew)(CFErrorRef *error);
439 bool (*sec_item_update_token_items)(CFStringRef tokenID, CFArrayRef query, SecurityClient *client, CFErrorRef* error);
fa7225c8
A		 440 bool (*sec_delete_items_with_access_groups)(CFArrayRef bundleIDs, SecurityClient *client, CFErrorRef *error);
441 bool (*soscc_IsThisDeviceLastBackup)(CFErrorRef *error);
6b200bc3 442 bool (*soscc_requestSyncWithPeerOverKVS)(CFStringRef peerID, CFDataRef message, CFErrorRef *error);
fa7225c8 443 CFBooleanRef (*soscc_SOSCCPeersHaveViewsEnabled)(CFArrayRef views, CFErrorRef *error);
6b200bc3 444 bool (*socc_clearPeerMessageKeyInKVS)(CFStringRef peerID, CFErrorRef *error);
6b200bc3
A		 445 bool (*soscc_SOSCCMessageFromPeerIsPending)(SOSPeerInfoRef peer, CFErrorRef* error);
446 bool (*soscc_SOSCCSendToPeerIsPending)(SOSPeerInfoRef peer, CFErrorRef* error);
866f8763
A		 447 CFTypeRef (*soscc_status)(void);
448 CFTypeRef secd_xpc_server;
b1ab9ed8
A		 449};
450
451extern struct securityd *gSecurityd;
452
866f8763
A		 453struct trustd {
454 SecTrustStoreRef (*sec_trust_store_for_domain)(CFStringRef domainName, CFErrorRef* error);
455 bool (*sec_trust_store_contains)(SecTrustStoreRef ts, CFDataRef digest, bool *contains, CFErrorRef* error);
456 bool (*sec_trust_store_set_trust_settings)(SecTrustStoreRef ts, SecCertificateRef certificate, CFTypeRef trustSettingsDictOrArray, CFErrorRef* error);
457 bool (*sec_trust_store_remove_certificate)(SecTrustStoreRef ts, CFDataRef digest, CFErrorRef* error);
458 bool (*sec_truststore_remove_all)(SecTrustStoreRef ts, CFErrorRef* error);
ecaf5866
A		 459 SecTrustResultType (*sec_trust_evaluate)(CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, bool keychainsAllowed, CFArrayRef policies, CFArrayRef responses, CFArrayRef SCTs, CFArrayRef trustedLogs, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, CFArrayRef exceptions, CFArrayRef *details, CFDictionaryRef *info, CFArrayRef *chain, CFErrorRef *error);
460 uint64_t (*sec_ota_pki_trust_store_version)(CFErrorRef* error);
7512f6be 461 uint64_t (*sec_ota_pki_asset_version)(CFErrorRef* error);
866f8763 462 CFArrayRef (*ota_CopyEscrowCertificates)(uint32_t escrowRootType, CFErrorRef* error);
ecaf5866 463 uint64_t (*sec_ota_pki_get_new_asset)(CFErrorRef* error);
866f8763
A		 464 bool (*sec_trust_store_copy_all)(SecTrustStoreRef ts, CFArrayRef *trustStoreContents, CFErrorRef *error);
465 bool (*sec_trust_store_copy_usage_constraints)(SecTrustStoreRef ts, CFDataRef digest, CFArrayRef *usageConstraints, CFErrorRef *error);
ecaf5866 466 bool (*sec_ocsp_cache_flush)(CFErrorRef *error);
7512f6be
A		 467 bool (*sec_networking_analytics_report)(CFStringRef event_name, xpc_object_t tls_analytics_attributes, CFErrorRef *error);
468 bool (*sec_trust_store_set_ct_exceptions)(CFStringRef appID, CFDictionaryRef exceptions, CFErrorRef *error);
469 CFDictionaryRef (*sec_trust_store_copy_ct_exceptions)(CFStringRef appID, CFErrorRef *error);
866f8763
A		 470};
471
472extern struct trustd *gTrustd;
473
b1ab9ed8 474CFArrayRef SecAccessGroupsGetCurrent(void);
b1ab9ed8 475
427c49bc
A		 476// TODO Rename me
477CFStringRef SOSCCGetOperationDescription(enum SecXPCOperation op);
866f8763 478XPC_RETURNS_RETAINED xpc_object_t securityd_message_with_reply_sync(xpc_object_t message, CFErrorRef *error);
79b9da22
A		 479typedef void (^securityd_handler_t)(xpc_object_t reply, CFErrorRef error);
480void securityd_message_with_reply_async(xpc_object_t message, dispatch_queue_t replyq,
481 securityd_handler_t handler);
866f8763 482XPC_RETURNS_RETAINED xpc_object_t securityd_create_message(enum SecXPCOperation op, CFErrorRef *error);
427c49bc
A		 483bool securityd_message_no_error(xpc_object_t message, CFErrorRef *error);
484
485
486bool securityd_send_sync_and_do(enum SecXPCOperation op, CFErrorRef *error,
487 bool (^add_to_message)(xpc_object_t message, CFErrorRef* error),
488 bool (^handle_response)(xpc_object_t response, CFErrorRef* error));
489
79b9da22
A		 490void securityd_send_async_and_do(enum SecXPCOperation op, dispatch_queue_t replyq,
491 bool (^add_to_message)(xpc_object_t message, CFErrorRef* error),
492 securityd_handler_t handler);
493
427c49bc 494// For testing only, never call this in a threaded program!
29734401 495void SecServerSetTrustdMachServiceName(const char *name);
b1ab9ed8 496
866f8763
A		 497XPC_RETURNS_RETAINED xpc_endpoint_t _SecSecuritydCopyEndpoint(enum SecXPCOperation op, CFErrorRef *error);
498
499#if __OBJC__
500#import <Foundation/Foundation.h>
501#import <Foundation/NSXPCConnection.h>
502typedef void (^SecBoolNSErrorCallback) (bool, NSError*);
503
ecaf5866 504@protocol SecuritydXPCCallbackProtocol <NSObject>
866f8763
A		 505- (void)callCallback: (bool) result error:(NSError*) error;
506@end
507
ecaf5866 508@protocol SecuritydXPCProtocol <NSObject>
866f8763
A		 509- (void) SecItemAddAndNotifyOnSync:(NSDictionary*) attributes
510 syncCallback:(id<SecuritydXPCCallbackProtocol>) callback
511 complete:(void (^) (NSDictionary* opDictResult, NSArray* opArrayResult, NSError* operror)) complete;
512
513// For the given item (specified exactly by its hash (currently SHA1)), attempt to set the CloudKit 'current' pointer
514// to point to the given item.
515// This can fail if:
516// 1. your knowledge of the old current item is out of date
517// 2. either the new item or old item has changed (checked by hash)
518// 3. If this device can't talk with CloudKit for any reason
519- (void)secItemSetCurrentItemAcrossAllDevices:(NSData*)newItemPersistentRef
520 newCurrentItemHash:(NSData*)newItemSHA1
521 accessGroup:(NSString*)accessGroup
522 identifier:(NSString*)identifier
523 viewHint:(NSString*)viewHint
524 oldCurrentItemReference:(NSData*)oldCurrentItemPersistentRef
525 oldCurrentItemHash:(NSData*)oldItemSHA1
526 complete:(void (^) (NSError* operror)) complete;
527
528// For the given access group and identifier, check the current local idea of the 'current' item
529-(void)secItemFetchCurrentItemAcrossAllDevices:(NSString*)accessGroup
530 identifier:(NSString*)identifier
531 viewHint:(NSString*)viewHint
532 fetchCloudValue:(bool)fetchCloudValue
533 complete:(void (^) (NSData* persistentref, NSError* operror)) complete;
534
535
536// For each item in the keychainClass, return a persistant reference and the digest of the value
537// The digest is not stable, and can change any time, the only promise is that if the digest
538// value didn't change, the item didn't change. If digest change, the value MIGHT have changed,/
539// but it could also just have stayed the same.
540// The this interface bypass SEP/AKS and for that reason is a higher performance then SecItemCopyMatching().
541- (void) secItemDigest:(NSString *)keychainClass
542 accessGroup:(NSString *)accessGroup
543 complete:(void (^)(NSArray<NSDictionary *> *digest, NSError* error))complete;
544@end
545
546// Call this to receive a proxy object conforming to SecuritydXPCProtocol that you can call methods on.
547// It's probably a remote object for securityd/secd, but it might be in-process if you've configured it that way.
548id<SecuritydXPCProtocol> SecuritydXPCProxyObject(void (^rpcErrorHandler)(NSError *));
549
550// Set up a local securityxpcserver: after this call, all securitydxpc calls will be handled in-process instead of actually transferring to securityd
551id<SecuritydXPCProtocol> SecCreateLocalSecuritydXPCServer(void);
552
553// Make a SecBoolNSErrorCallback block into an Objective-C object (for proxying across NSXPC)
554@interface SecuritydXPCCallback : NSObject <SecuritydXPCCallbackProtocol> {
555 SecBoolNSErrorCallback _callback;
556}
557@property SecBoolNSErrorCallback callback;
558- (instancetype)initWithCallback: (SecBoolNSErrorCallback) callback;
559@end
560
561@interface SecuritydXPCClient : NSObject {
562 NSXPCConnection* _connection;
563}
564@property NSXPCConnection* connection;
565
566+(void)configureSecuritydXPCProtocol: (NSXPCInterface*) interface;
567@end
568
569#endif // OBJC
5c19dc3a 570
b1ab9ed8 571#endif /* _SECURITYD_CLIENT_H_ */
mirror of Security