]> git.saurik.com Git - apple/security.git/blob - Keychain/Access.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-54.1.tar.gz
[apple/security.git] / Keychain / Access.h
1 /*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18 //
19 // Access.h - Access control wrappers
20 //
21 #ifndef _SECURITY_ACCESS_H_
22 #define _SECURITY_ACCESS_H_
23
24 #include <Security/SecRuntime.h>
25 #include <Security/ACL.h>
26 #include <Security/trackingallocator.h>
27 #include <Security/cssmaclpod.h>
28 #include <Security/cssmacl.h>
29 #include <Security/aclclient.h>
30 #include <Security/TrustedApplication.h>
31 #include <map>
32
33 namespace Security {
34 namespace KeychainCore {
35
36 using CssmClient::AclBearer;
37
38
39 class Access : public SecCFObject {
40 NOCOPY(Access)
41 public:
42 class Maker {
43 NOCOPY(Maker)
44 static const size_t keySize = 16; // number of (random) bytes
45 friend class Access;
46 public:
47 Maker(CssmAllocator &alloc = CssmAllocator::standard());
48
49 void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL);
50 const AccessCredentials *cred();
51
52 TrackingAllocator allocator;
53
54 static const char creationEntryTag[];
55
56 private:
57 CssmAutoData mKey;
58 AclEntryInput mInput;
59 AutoCredentials mCreds;
60 };
61
62 public:
63 Access(const string &description);
64 Access(const string &description, const ACL::ApplicationList &trusted);
65 Access(AclBearer &source);
66 Access(const CSSM_ACL_OWNER_PROTOTYPE &owner,
67 uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
68 virtual ~Access();
69
70 public:
71 CFArrayRef copySecACLs() const;
72 CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const;
73
74 void add(ACL *newAcl);
75 void addOwner(ACL *newOwnerAcl);
76
77 void setAccess(AclBearer &target, bool update = false);
78 void setAccess(AclBearer &target, Maker &maker);
79
80 template <class Container>
81 void findAclsForRight(AclAuthorization right, Container &cont)
82 {
83 cont.clear();
84 for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++)
85 if (it->second->authorizes(right))
86 cont.push_back(it->second);
87 }
88
89 void addApplicationToRight(AclAuthorization right, TrustedApplication *app);
90
91 protected:
92 void makeStandard(const string &description, const ACL::ApplicationList &trusted);
93 void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
94 uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
95
96 void editAccess(AclBearer &target, bool update, const AccessCredentials *cred);
97
98 private:
99 static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle;
100 typedef map<CSSM_ACL_HANDLE, RefPointer<ACL> > Map;
101
102 Map mAcls; // set of ACL entries
103 };
104
105
106 } // end namespace KeychainCore
107 } // end namespace Security
108
109 #endif // !_SECURITY_ACCESS_H_
mirror of Security