]> git.saurik.com Git - apple/security.git/blob - securityd/src/acl_partition.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.101.1.tar.gz
[apple/security.git] / securityd / src / acl_partition.cpp
1 /*
2 * Copyright (c) 2000-2006,2011-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // acl_partition - partition identifier store
27 //
28 // This ACL subject stores keychain partition data.
29 // When evaluated, it always fails. Securityd explicitly
30 //
31 #include "acl_partition.h"
32 #include <security_cdsa_utilities/cssmwalkers.h>
33 #include <security_cdsa_utilities/cssmlist.h>
34 #include <algorithm>
35
36 using namespace DataWalkers;
37
38
39 //
40 // The dictionaryPayload is the payload blob interpreted as an XML dictionary, or NULL if that didn't work.
41 //
42 CFDictionaryRef PartitionAclSubject::createDictionaryPayload() const
43 {
44 return makeCFDictionaryFrom(CFTempData(this->payload));
45 }
46
47 void PartitionAclSubject::setDictionaryPayload(Allocator& alloc, CFDictionaryRef dict)
48 {
49 CFRef<CFDataRef> xmlData = makeCFData(dict);
50 this->payload = CssmAutoData(alloc, CFDataGetBytePtr(xmlData), CFDataGetLength(xmlData));
51 }
52
53
54 //
55 // The partition subject matches nothing, no matter how pretty.
56 //
57 bool PartitionAclSubject::validates(const AclValidationContext &) const
58 {
59 return false;
60 }
61
62
63 //
64 // The list form has a simple CssmData payload.
65 //
66 CssmList PartitionAclSubject::toList(Allocator &alloc) const
67 {
68 return TypedList(Allocator::standard(), CSSM_ACL_SUBJECT_TYPE_PARTITION,
69 new(alloc) ListElement(alloc, this->payload));
70 }
71
72
73 //
74 // Set payload from list input.
75 //
76 PartitionAclSubject *PartitionAclSubject::Maker::make(const TypedList &list) const
77 {
78 Allocator &alloc = Allocator::standard();
79 if (list.length() != 2)
80 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
81 ListElement *payloadItem;
82 crack(list, 1, &payloadItem, CSSM_LIST_ELEMENT_DATUM);
83 return new PartitionAclSubject(alloc, payloadItem->data());
84 }
85
86
87 //
88 // A PartitionAclSubject is a "null" subject that contains out of band data
89 // for further security evaluation. When evaluated as an ACL subject, it always fails.
90 //
91 PartitionAclSubject *PartitionAclSubject::Maker::make(Version, Reader &pub, Reader &) const
92 {
93 Allocator& alloc = Allocator::standard();
94 const void* data; size_t length;
95 pub.countedData(data, length);
96 CssmAutoData payloadData(alloc, data, length);
97 return new PartitionAclSubject(alloc, payloadData);
98 }
99
100
101 //
102 // Export to blob form.
103 // This simply writes the smallest form consistent with the heuristic above.
104 //
105 void PartitionAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &)
106 {
107 pub.countedData(this->payload);
108 }
109
110 void PartitionAclSubject::exportBlob(Writer &pub, Writer &)
111 {
112 pub.countedData(this->payload);
113 }
mirror of Security