securityd/src/clientid.h

   1 /*
   2  * Copyright (c) 2000-2004,2006-2007,2012 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23 //
  24 // clientid - track and manage identity of securityd clients
  25 //
  26 #ifndef _H_CLIENTID
  27 #define _H_CLIENTID
  28
  29 #include "codesigdb.h"
  30 #include <Security/SecCode.h>
  31 #include <security_utilities/cfutilities.h>
  32 #include <string>
  33
  34
  35 //
  36 // A ClientIdentification object is a mix-in class that tracks
  37 // the identity of associated client processes and their sub-entities
  38 // (aka Code Signing Guest objects).
  39 //
  40 class ClientIdentification : public CodeSignatures::Identity {
  41 public:
  42         ClientIdentification();
  43
  44         SecCodeRef processCode() const;
  45         SecCodeRef currentGuest() const;
  46
  47         // CodeSignatures::Identity personality
  48         string getPath() const;
  49         const CssmData getHash() const;
  50     const bool checkAppleSigned() const;
  51
  52 protected:
  53         void setup(pid_t pid);
  54
  55 public:
  56         IFDUMP(void dump());
  57
  58 private:
  59         CFRef<SecCodeRef> mClientProcess;       // process-level client object
  60
  61         mutable Mutex mLock;                            // protects everything below
  62
  63         struct GuestState {
  64                 GuestState() : gotHash(false) { }
  65                 CFRef<SecCodeRef> code;
  66                 mutable bool gotHash;
  67                 mutable SHA1::Digest legacyHash;
  68         mutable bool checkedSignature;
  69         mutable bool appleSigned;
  70         };
  71         typedef std::map<SecGuestRef, GuestState> GuestMap;
  72         mutable GuestMap mGuests;
  73
  74         GuestState *current() const;
  75 };
  76
  77
  78 //
  79 // Bonus function
  80 //
  81 std::string codePath(SecStaticCodeRef code);
  82
  83
  84 #endif //_H_CLIENTID