]> git.saurik.com Git - apple/security.git/blob - keychain/ckks/CKKSControlServer.m
Security-58286.220.15.tar.gz
[apple/security.git] / keychain / ckks / CKKSControlServer.m
1 #import <Foundation/Foundation.h>
2 #import <Foundation/NSXPCConnection_Private.h>
3
4 #import "SecEntitlements.h"
5 #import "keychain/ckks/CKKS.h"
6 #import "keychain/ckks/CKKSControlProtocol.h"
7 #import "keychain/ckks/CKKSControlServer.h"
8 #import "keychain/ckks/CKKSViewManager.h"
9
10 @interface CKKSControlServer : NSObject <NSXPCListenerDelegate>
11 @end
12
13 @implementation CKKSControlServer
14
15 - (BOOL)listener:(__unused NSXPCListener *)listener shouldAcceptNewConnection:(NSXPCConnection *)newConnection {
16 #if OCTAGON
17 NSNumber *num = [newConnection valueForEntitlement:(__bridge NSString *)kSecEntitlementPrivateCKKS];
18 if (![num isKindOfClass:[NSNumber class]] || ![num boolValue]) {
19 secerror("ckks: Client pid: %d doesn't have entitlement: %@",
20 [newConnection processIdentifier], kSecEntitlementPrivateCKKS);
21 return NO;
22 }
23
24 // In the future, we should consider vending a proxy object that can return a nicer error.
25 if (!SecCKKSIsEnabled()) {
26 secerror("ckks: Client pid: %d attempted to use CKKS, but CKKS is not enabled.",
27 newConnection.processIdentifier);
28 return NO;
29 }
30
31 newConnection.exportedInterface = CKKSSetupControlProtocol([NSXPCInterface interfaceWithProtocol:@protocol(CKKSControlProtocol)]);
32 newConnection.exportedObject = [CKKSViewManager manager];
33
34 [newConnection resume];
35
36 return YES;
37 #else
38 return NO;
39 #endif /* OCTAGON */
40 }
41
42 @end
43
44 void
45 CKKSControlServerInitialize(void)
46 {
47 static dispatch_once_t once;
48 static CKKSControlServer *server;
49 static NSXPCListener *listener;
50
51 dispatch_once(&once, ^{
52 @autoreleasepool {
53 server = [CKKSControlServer new];
54
55 listener = [[NSXPCListener alloc] initWithMachServiceName:@(kSecuritydCKKSServiceName)];
56 listener.delegate = server;
57 [listener resume];
58 }
59 });
60 }