]> git.saurik.com Git - apple/security.git/blob - OSX/sec/ipc/securityd_client.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57336.1.9.tar.gz
[apple/security.git] / OSX / sec / ipc / securityd_client.h
1 /*
2 * Copyright (c) 2007-2009,2012-2015 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #ifndef _SECURITYD_CLIENT_H_
24 #define _SECURITYD_CLIENT_H_
25
26 #include <stdint.h>
27
28 # include <Security/SecTrust.h>
29 #ifndef MINIMIZE_INCLUDES
30 # include <Security/SecTrustStore.h>
31 # include <Security/SecCertificatePath.h>
32 #else
33 typedef struct __SecTrustStore *SecTrustStoreRef;
34 # ifndef _SECURITY_SECCERTIFICATE_H_
35 typedef struct __SecCertificate *SecCertificateRef;
36 # endif // _SECURITY_SECCERTIFICATE_H_
37 # ifndef _SECURITY_SECCERTIFICATEPATH_H_
38 typedef struct SecCertificatePath *SecCertificatePathRef;
39 # endif // _SECURITY_SECCERTIFICATEPATH_H_
40 #endif // MINIMIZE_INCLUDES
41
42 #include <CoreFoundation/CFArray.h>
43 #include <CoreFoundation/CFDictionary.h>
44 #include <CoreFoundation/CFError.h>
45
46 #include <Security/SecureObjectSync/SOSCloudCircle.h>
47 #include <Security/SecureObjectSync/SOSPeerInfo.h>
48 #include <Security/SecureObjectSync/SOSRing.h>
49
50 #include <xpc/xpc.h>
51 #include <CoreFoundation/CFXPCBridge.h>
52
53 // TODO: This should be in client of XPC code locations...
54 #if SECITEM_SHIM_OSX
55 #define kSecuritydXPCServiceName "com.apple.securityd.xpc"
56 #define kTrustdAgentXPCServiceName "com.apple.trustd.agent"
57 #define kTrustdXPCServiceName "com.apple.trustd"
58 #else
59 #define kSecuritydXPCServiceName "com.apple.securityd"
60 #define kTrustdAgentXPCServiceName "com.apple.securityd"
61 #define kTrustdXPCServiceName "com.apple.securityd"
62 #endif // *** END SECITEM_SHIM_OSX ***
63
64 //
65 // MARK: XPC Information.
66 //
67
68 extern CFStringRef sSecXPCErrorDomain;
69
70 extern const char *kSecXPCKeyOperation;
71 extern const char *kSecXPCKeyResult;
72 extern const char *kSecXPCKeyError;
73 extern const char *kSecXPCKeyPeerInfos;
74 extern const char *kSecXPCKeyUserLabel;
75 extern const char *kSecXPCKeyBackup;
76 extern const char *kSecXPCKeyKeybag;
77 extern const char *kSecXPCKeyUserPassword;
78 extern const char *kSecXPCKeyDSID;
79 extern const char *kSecXPCKeyViewName;
80 extern const char *kSecXPCKeyViewActionCode;
81 extern const char *kSecXPCKeyNewPublicBackupKey;
82 extern const char *kSecXPCKeyIncludeV0;
83 extern const char *kSecXPCKeyEnabledViewsKey;
84 extern const char *kSecXPCKeyDisabledViewsKey;
85
86 //
87 // MARK: Dispatch macros
88 //
89
90 #define SECURITYD_XPC(sdp, wrapper, ...) ((gSecurityd && gSecurityd->sdp) ? gSecurityd->sdp(__VA_ARGS__) : wrapper(sdp ## _id, __VA_ARGS__))
91
92 //
93 // MARK: Object to XPC format conversion.
94 //
95
96
97 //
98 // MARK: XPC Interfaces
99 //
100
101 extern const char *kSecXPCKeyOperation;
102 extern const char *kSecXPCKeyResult;
103 extern const char *kSecXPCKeyError;
104 extern const char *kSecXPCKeyPeerInfos;
105 extern const char *kSecXPCKeyUserLabel;
106 extern const char *kSecXPCKeyUserPassword;
107 extern const char *kSecXPCKeyDSID;
108 extern const char *kSecXPCLimitInMinutes;
109 extern const char *kSecXPCKeyQuery;
110 extern const char *kSecXPCKeyAttributesToUpdate;
111 extern const char *kSecXPCKeyDomain;
112 extern const char *kSecXPCKeyDigest;
113 extern const char *kSecXPCKeyCertificate;
114 extern const char *kSecXPCKeySettings;
115 extern const char *kSecXPCPublicPeerId; // Public peer id
116 extern const char *kSecXPCOTRSession; // OTR session bytes
117 extern const char *kSecXPCData; // Data to process
118 extern const char *kSecXPCOTRReady; // OTR ready for messages
119 extern const char *kSecXPCKeyDeviceID;
120 extern const char *kSecXPCKeyIDSMessage;
121 extern const char *kSecXPCKeyViewName;
122 extern const char *kSecXPCKeyViewActionCode;
123 extern const char *kSecXPCKeySendIDSMessage;
124 extern const char *kSecXPCKeyHSA2AutoAcceptInfo;
125
126 extern const char *kSecXPCKeyString;
127
128 extern const char *kSecXPCKeyReason;
129
130 //
131 // MARK: Mach port request IDs
132 //
133 enum SecXPCOperation {
134 sec_item_add_id = 0,
135 sec_item_copy_matching_id = 1,
136 sec_item_update_id = 2,
137 sec_item_delete_id = 3,
138 // trust_store_for_domain -- NOT an ipc
139 sec_trust_store_contains_id = 4,
140 sec_trust_store_set_trust_settings_id = 5,
141 sec_trust_store_remove_certificate_id = 6,
142 // remove_all -- NOT an ipc
143 sec_delete_all_id = 7,
144 sec_trust_evaluate_id = 8,
145 // Any new items MUST be added below here
146 // This allows updating roots on a device, since SecTrustEvaluate must continue to work
147 sec_keychain_backup_id,
148 sec_keychain_restore_id,
149 sec_keychain_backup_syncable_id,
150 sec_keychain_restore_syncable_id,
151 sec_item_backup_copy_names_id,
152 sec_item_backup_handoff_fd_id,
153 sec_item_backup_set_confirmed_manifest_id,
154 sec_item_backup_restore_id,
155 sec_keychain_sync_update_message_id,
156 sec_ota_pki_asset_version_id,
157 sec_otr_session_create_remote_id,
158 sec_otr_session_process_packet_remote_id,
159 kSecXPCOpOTAPKIGetNewAsset,
160 kSecXPCOpOTAGetEscrowCertificates,
161 kSecXPCOpProcessUnlockNotification,
162 kSecXPCOpProcessSyncWithAllPeers,
163 kSecXPCOpRollKeys,
164 sec_add_shared_web_credential_id,
165 sec_copy_shared_web_credential_id,
166 sec_get_log_settings_id,
167 sec_set_xpc_log_settings_id,
168 sec_set_circle_log_settings_id,
169 soscc_EnsurePeerRegistration_id,
170 kSecXPCOpRequestEnsureFreshParameters,
171 kSecXPCOpGetAllTheRings,
172 kSecXPCOpApplyToARing,
173 kSecXPCOpWithdrawlFromARing,
174 kSecXPCOpEnableRing,
175 kSecXPCOpRingStatus,
176 kSecXPCOpRequestDeviceID,
177 kSecXPCOpSetDeviceID,
178 kSecXPCOpHandleIDSMessage,
179 kSecXPCOpSendIDSMessage,
180 kSecXPCOpPingTest,
181 kSecXPCOpIDSDeviceID,
182 // any process using an operation below here is required to have entitlement keychain-cloud-circle
183 kSecXPCOpTryUserCredentials,
184 kSecXPCOpSetUserCredentials,
185 kSecXPCOpSetUserCredentialsAndDSID,
186 kSecXPCOpCanAuthenticate,
187 kSecXPCOpPurgeUserCredentials,
188 kSecXPCOpDeviceInCircle,
189 kSecXPCOpRequestToJoin,
190 kSecXPCOpRequestToJoinAfterRestore,
191 kSecXPCOpResetToOffering,
192 kSecXPCOpResetToEmpty,
193 kSecXPCOpView,
194 kSecXPCOpViewSet,
195 kSecXPCOpSecurityProperty,
196 kSecXPCOpRemoveThisDeviceFromCircle,
197 kSecXPCOpLoggedOutOfAccount,
198 kSecXPCOpBailFromCircle,
199 kSecXPCOpAcceptApplicants,
200 kSecXPCOpRejectApplicants,
201 kSecXPCOpCopyApplicantPeerInfo,
202 kSecXPCOpCopyValidPeerPeerInfo,
203 kSecXPCOpValidateUserPublic,
204 kSecXPCOpCopyNotValidPeerPeerInfo,
205 kSecXPCOpCopyPeerPeerInfo,
206 kSecXPCOpCopyConcurringPeerPeerInfo,
207 kSecXPCOpCopyGenerationPeerInfo,
208 kSecXPCOpGetLastDepartureReason,
209 kSecXPCOpSetLastDepartureReason,
210 kSecXPCOpCopyIncompatibilityInfo,
211 kSecXPCOpCopyRetirementPeerInfo,
212 kSecXPCOpCopyEngineState,
213 kSecXPCOpCopyMyPeerInfo,
214 kSecXPCOpAccountSetToNew,
215 kSecXPCOpSetHSA2AutoAcceptInfo,
216 kSecXPCOpSetNewPublicBackupKey,
217 kSecXPCOpSetBagForAllSlices,
218 kSecXPCOpWaitForInitialSync,
219 kSecXPCOpCopyYetToSyncViews,
220 };
221
222
223
224 struct securityd {
225 bool (*sec_item_add)(CFDictionaryRef attributes, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef* error);
226 bool (*sec_item_copy_matching)(CFDictionaryRef query, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef* error);
227 bool (*sec_item_update)(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, CFArrayRef accessGroups, CFErrorRef* error);
228 bool (*sec_item_delete)(CFDictionaryRef query, CFArrayRef accessGroups, CFErrorRef* error);
229 bool (*sec_add_shared_web_credential)(CFDictionaryRef attributes, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef *error);
230 bool (*sec_copy_shared_web_credential)(CFDictionaryRef query, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef *error);
231 SecTrustStoreRef (*sec_trust_store_for_domain)(CFStringRef domainName, CFErrorRef* error); // TODO: remove, has no msg id
232 bool (*sec_trust_store_contains)(SecTrustStoreRef ts, CFDataRef digest, bool *contains, CFErrorRef* error);
233 bool (*sec_trust_store_set_trust_settings)(SecTrustStoreRef ts, SecCertificateRef certificate, CFTypeRef trustSettingsDictOrArray, CFErrorRef* error);
234 bool (*sec_trust_store_remove_certificate)(SecTrustStoreRef ts, CFDataRef digest, CFErrorRef* error);
235 bool (*sec_truststore_remove_all)(SecTrustStoreRef ts, CFErrorRef* error); // TODO: remove, has no msg id
236 bool (*sec_item_delete_all)(CFErrorRef* error);
237 SecTrustResultType (*sec_trust_evaluate)(CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, CFArrayRef policies, CFArrayRef responses, CFArrayRef SCTs, CFArrayRef trustedLogs, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, CFArrayRef *details, CFDictionaryRef *info, SecCertificatePathRef *chain, CFErrorRef *error);
238 CFDataRef (*sec_keychain_backup)(CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
239 bool (*sec_keychain_restore)(CFDataRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
240 CFDictionaryRef (*sec_keychain_backup_syncable)(CFDictionaryRef backup_in, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
241 bool (*sec_keychain_restore_syncable)(CFDictionaryRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
242 CFArrayRef (*sec_item_backup_copy_names)(CFErrorRef *error);
243 int (*sec_item_backup_handoff_fd)(CFStringRef backupName, CFErrorRef *error);
244 bool (*sec_item_backup_set_confirmed_manifest)(CFStringRef backupName, CFDataRef keybagDigest, CFDataRef manifest, CFErrorRef *error);
245 bool (*sec_item_backup_restore)(CFStringRef backupName, CFStringRef peerID, CFDataRef keybag, CFDataRef secret, CFDataRef backup, CFErrorRef *error);
246 int (*sec_ota_pki_asset_version)(CFErrorRef* error);
247 CFDataRef (*sec_otr_session_create_remote)(CFDataRef publicPeerId, CFErrorRef* error);
248 bool (*sec_otr_session_process_packet_remote)(CFDataRef sessionData, CFDataRef inputPacket, CFDataRef* outputSessionData, CFDataRef* outputPacket, bool *readyForMessages, CFErrorRef* error);
249 bool (*soscc_TryUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
250 bool (*soscc_SetUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
251 bool (*soscc_SetUserCredentialsAndDSID)(CFStringRef user_label, CFDataRef user_password, CFStringRef dsid, CFErrorRef *error);
252 bool (*soscc_CanAuthenticate)(CFErrorRef *error);
253 bool (*soscc_PurgeUserCredentials)(CFErrorRef *error);
254 SOSCCStatus (*soscc_ThisDeviceIsInCircle)(CFErrorRef* error);
255 bool (*soscc_RequestToJoinCircle)(CFErrorRef* error);
256 bool (*soscc_RequestToJoinCircleAfterRestore)(CFErrorRef* error);
257 bool (*soscc_RequestEnsureFreshParameters)(CFErrorRef* error);
258 CFStringRef (*soscc_GetAllTheRings)(CFErrorRef *error);
259 bool (*soscc_ApplyToARing)(CFStringRef ringName, CFErrorRef* error);
260 bool (*soscc_WithdrawlFromARing)(CFStringRef ringName, CFErrorRef* error);
261 bool (*soscc_EnableRing)(CFStringRef ringName, CFErrorRef* error);
262 SOSRingStatus (*soscc_RingStatus)(CFStringRef ringName, CFErrorRef* error);
263 CFStringRef (*soscc_RequestDeviceID)(CFErrorRef* error);
264 bool (*soscc_SetDeviceID)(CFStringRef IDS, CFErrorRef *error);
265 HandleIDSMessageReason (*soscc_HandleIDSMessage)(CFDictionaryRef IDS, CFErrorRef *error);
266 bool (*soscc_CheckIDSRegistration)(CFStringRef message, CFErrorRef *error);
267 bool (*soscc_PingTest)(CFStringRef message, CFErrorRef *error);
268 bool (*soscc_GetIDSIDFromIDS)(CFErrorRef *error);
269 bool (*soscc_SetToNew)(CFErrorRef *error);
270 bool (*soscc_ResetToOffering)(CFErrorRef* error);
271 bool (*soscc_ResetToEmpty)(CFErrorRef* error);
272 SOSViewResultCode (*soscc_View)(CFStringRef view, SOSViewActionCode action, CFErrorRef *error);
273 bool (*soscc_ViewSet)(CFSetRef enabledViews, CFSetRef disabledViews);
274 SOSSecurityPropertyResultCode (*soscc_SecurityProperty)(CFStringRef property, SOSSecurityPropertyActionCode action, CFErrorRef *error);
275 bool (*soscc_RegisterSingleRecoverySecret)(CFDataRef backupSlice, bool includeV0, CFErrorRef *error);
276 bool (*soscc_RemoveThisDeviceFromCircle)(CFErrorRef* error);
277 bool (*soscc_LoggedOutOfAccount)(CFErrorRef* error);
278 bool (*soscc_BailFromCircle)(uint64_t limit_in_seconds, CFErrorRef* error);
279 bool (*soscc_AcceptApplicants)(CFArrayRef applicants, CFErrorRef* error);
280 bool (*soscc_RejectApplicants)(CFArrayRef applicants, CFErrorRef* error);
281 SOSPeerInfoRef (*soscc_SetNewPublicBackupKey)(CFDataRef pubKey, CFErrorRef *error);
282 bool (*soscc_ValidateUserPublic)(CFErrorRef* error);
283 CFArrayRef (*soscc_CopyGenerationPeerInfo)(CFErrorRef* error);
284 CFArrayRef (*soscc_CopyApplicantPeerInfo)(CFErrorRef* error);
285 CFArrayRef (*soscc_CopyValidPeerPeerInfo)(CFErrorRef* error);
286 CFArrayRef (*soscc_CopyNotValidPeerPeerInfo)(CFErrorRef* error);
287 CFArrayRef (*soscc_CopyRetirementPeerInfo)(CFErrorRef* error);
288 CFArrayRef (*soscc_CopyEngineState)(CFErrorRef* error);
289 // Not sure why these are below the last entry in the enum order above, but they are:
290 CFArrayRef (*soscc_CopyPeerInfo)(CFErrorRef* error);
291 CFArrayRef (*soscc_CopyConcurringPeerInfo)(CFErrorRef* error);
292 CFStringRef (*soscc_CopyIncompatibilityInfo)(CFErrorRef* error);
293 enum DepartureReason (*soscc_GetLastDepartureReason)(CFErrorRef* error);
294 bool (*soscc_SetLastDepartureReason)(enum DepartureReason, CFErrorRef* error);
295 CFArrayRef (*ota_CopyEscrowCertificates)(uint32_t escrowRootType, CFErrorRef* error);
296 int (*sec_ota_pki_get_new_asset)(CFErrorRef* error);
297 SyncWithAllPeersReason (*soscc_ProcessSyncWithAllPeers)(CFErrorRef* error);
298 bool (*soscc_EnsurePeerRegistration)(CFErrorRef* error);
299 bool (*sec_roll_keys)(bool force, CFErrorRef* error);
300 CFArrayRef (*sec_keychain_sync_update_message)(CFDictionaryRef update, CFErrorRef *error);
301 CFPropertyListRef (*sec_get_log_settings)(CFErrorRef* error);
302 bool (*sec_set_xpc_log_settings)(CFTypeRef type, CFErrorRef* error);
303 bool (*sec_set_circle_log_settings)(CFTypeRef type, CFErrorRef* error);
304 SOSPeerInfoRef (*soscc_CopyMyPeerInfo)(CFErrorRef*);
305 bool (*soscc_SetHSA2AutoAcceptInfo)(CFDataRef, CFErrorRef*);
306 bool (*soscc_WaitForInitialSync)(CFErrorRef*);
307 CFArrayRef (*soscc_CopyYetToSyncViewsList)(CFErrorRef*);
308 };
309
310 extern struct securityd *gSecurityd;
311
312 CFArrayRef SecAccessGroupsGetCurrent(void);
313
314 // TODO Rename me
315 CFStringRef SOSCCGetOperationDescription(enum SecXPCOperation op);
316 xpc_object_t securityd_message_with_reply_sync(xpc_object_t message, CFErrorRef *error);
317 xpc_object_t securityd_create_message(enum SecXPCOperation op, CFErrorRef *error);
318 bool securityd_message_no_error(xpc_object_t message, CFErrorRef *error);
319
320
321 bool securityd_send_sync_and_do(enum SecXPCOperation op, CFErrorRef *error,
322 bool (^add_to_message)(xpc_object_t message, CFErrorRef* error),
323 bool (^handle_response)(xpc_object_t response, CFErrorRef* error));
324
325 // For testing only, never call this in a threaded program!
326 void SecServerSetMachServiceName(const char *name);
327
328
329 #endif /* _SECURITYD_CLIENT_H_ */
mirror of Security