Keychain/TrustedApplication.h

   1 /*
   2  * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18 //
  19 // TrustedApplication.h - TrustedApplication control wrappers
  20 //
  21 #ifndef _SECURITY_TRUSTEDAPPLICATION_H_
  22 #define _SECURITY_TRUSTEDAPPLICATION_H_
  23
  24 #include <Security/SecRuntime.h>
  25 #include <Security/SecTrustedApplication.h>
  26 #include <Security/cssmdata.h>
  27 #include <Security/cssmaclpod.h>
  28
  29
  30 namespace Security {
  31 namespace KeychainCore {
  32
  33
  34 //
  35 // TrustedApplication actually denotes a signed executable
  36 // on disk as used by the ACL subsystem. Much useful
  37 // information is encapsulated in the 'comment' field that
  38 // is stored with the ACL subject. TrustedApplication does
  39 // not interpret this value, leaving its meaning to its caller.
  40 //
  41 class TrustedApplication : public SecCFObject {
  42         NOCOPY(TrustedApplication)
  43 public:
  44         SECCFFUNCTIONS(TrustedApplication, SecTrustedApplicationRef, errSecInvalidItemRef)
  45
  46         TrustedApplication(const TypedList &subject);
  47         TrustedApplication(const CssmData &signature, const CssmData &comment);
  48         TrustedApplication(const char *path);
  49         TrustedApplication();   // for current application
  50     virtual ~TrustedApplication() throw();
  51
  52         const CssmData &signature() const;
  53
  54         // data (aka "comment") access
  55         const CssmData &data() const    { return mData; }
  56         const char *path() const;
  57         template <class Data>
  58         void data(const Data &data)             { mData = data; }
  59
  60         TypedList makeSubject(CssmAllocator &allocator);
  61
  62         bool sameSignature(const char *path); // return true if object at path has same signature
  63
  64 protected:
  65         void calcSignature(const char *path, CssmOwnedData &signature); // generate a signature
  66
  67 private:
  68         CssmAutoData mSignature;
  69         CssmAutoData mData;
  70 };
  71
  72
  73 //
  74 // A simple implementation of a caching path database in the system.
  75 //
  76 class PathDatabase {
  77 public:
  78     PathDatabase(const char *path = "/var/db/CodeEquivalenceCandidates");
  79
  80     bool operator [] (const std::string &path)
  81         { return mQualifyAll || lookup(path); }
  82
  83 private:
  84     bool mQualifyAll;
  85     set<std::string> mPaths;
  86
  87         bool lookup(const std::string &path);
  88 };
  89
  90
  91 } // end namespace KeychainCore
  92 } // end namespace Security
  93
  94 #endif // !_SECURITY_TRUSTEDAPPLICATION_H_