]> git.saurik.com Git - apple/security.git/blob - OSX/sec/ipc/securityd_client.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57337.20.44.tar.gz
[apple/security.git] / OSX / sec / ipc / securityd_client.h
1 /*
2 * Copyright (c) 2007-2009,2012-2015 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #ifndef _SECURITYD_CLIENT_H_
24 #define _SECURITYD_CLIENT_H_
25
26 #include <stdint.h>
27
28 # include <Security/SecTrust.h>
29 #ifndef MINIMIZE_INCLUDES
30 # include <Security/SecTrustStore.h>
31 # include <Security/SecCertificatePath.h>
32 #else
33 typedef struct __SecTrustStore *SecTrustStoreRef;
34 # ifndef _SECURITY_SECCERTIFICATE_H_
35 typedef struct __SecCertificate *SecCertificateRef;
36 # endif // _SECURITY_SECCERTIFICATE_H_
37 # ifndef _SECURITY_SECCERTIFICATEPATH_H_
38 typedef struct SecCertificatePath *SecCertificatePathRef;
39 # endif // _SECURITY_SECCERTIFICATEPATH_H_
40 #endif // MINIMIZE_INCLUDES
41
42 #include <CoreFoundation/CFArray.h>
43 #include <CoreFoundation/CFDictionary.h>
44 #include <CoreFoundation/CFError.h>
45
46 #include <Security/SecureObjectSync/SOSCloudCircle.h>
47 #include <Security/SecureObjectSync/SOSPeerInfo.h>
48 #include <Security/SecureObjectSync/SOSRing.h>
49
50 #include <xpc/xpc.h>
51 #include <CoreFoundation/CFXPCBridge.h>
52
53 // TODO: This should be in client of XPC code locations...
54 #if SECITEM_SHIM_OSX
55 #define kSecuritydXPCServiceName "com.apple.securityd.xpc"
56 #define kTrustdAgentXPCServiceName "com.apple.trustd.agent"
57 #define kTrustdXPCServiceName "com.apple.trustd"
58 #else
59 #define kSecuritydXPCServiceName "com.apple.securityd"
60 #define kTrustdAgentXPCServiceName "com.apple.securityd"
61 #define kTrustdXPCServiceName "com.apple.securityd"
62 #endif // *** END SECITEM_SHIM_OSX ***
63
64 //
65 // MARK: XPC Information.
66 //
67
68 extern CFStringRef sSecXPCErrorDomain;
69
70 extern const char *kSecXPCKeyOperation;
71 extern const char *kSecXPCKeyResult;
72 extern const char *kSecXPCKeyError;
73 extern const char *kSecXPCKeyPeerInfos;
74 extern const char *kSecXPCKeyUserLabel;
75 extern const char *kSecXPCKeyBackup;
76 extern const char *kSecXPCKeyKeybag;
77 extern const char *kSecXPCKeyUserPassword;
78 extern const char *kSecXPCKeyDSID;
79 extern const char *kSecXPCKeyViewName;
80 extern const char *kSecXPCKeyViewActionCode;
81 extern const char *kSecXPCKeyNewPublicBackupKey;
82 extern const char *kSecXPCKeyIncludeV0;
83 extern const char *kSecXPCKeyEnabledViewsKey;
84 extern const char *kSecXPCKeyDisabledViewsKey;
85 extern const char *kSecXPCKeyEscrowLabel;
86 extern const char *kSecXPCKeyAvailability;
87 //
88 // MARK: Dispatch macros
89 //
90
91 #define SECURITYD_XPC(sdp, wrapper, ...) ((gSecurityd && gSecurityd->sdp) ? gSecurityd->sdp(__VA_ARGS__) : wrapper(sdp ## _id, __VA_ARGS__))
92
93 //
94 // MARK: Object to XPC format conversion.
95 //
96
97
98 //
99 // MARK: XPC Interfaces
100 //
101
102 extern const char *kSecXPCKeyOperation;
103 extern const char *kSecXPCKeyResult;
104 extern const char *kSecXPCKeyError;
105 extern const char *kSecXPCKeyPeerInfos;
106 extern const char *kSecXPCKeyUserLabel;
107 extern const char *kSecXPCKeyUserPassword;
108 extern const char *kSecXPCKeyDSID;
109 extern const char *kSecXPCLimitInMinutes;
110 extern const char *kSecXPCKeyQuery;
111 extern const char *kSecXPCKeyAttributesToUpdate;
112 extern const char *kSecXPCKeyDomain;
113 extern const char *kSecXPCKeyDigest;
114 extern const char *kSecXPCKeyCertificate;
115 extern const char *kSecXPCKeySettings;
116 extern const char *kSecXPCPublicPeerId; // Public peer id
117 extern const char *kSecXPCOTRSession; // OTR session bytes
118 extern const char *kSecXPCData; // Data to process
119 extern const char *kSecXPCOTRReady; // OTR ready for messages
120 extern const char *kSecXPCKeyDeviceID;
121 extern const char *kSecXPCKeyIDSMessage;
122 extern const char *kSecXPCKeyViewName;
123 extern const char *kSecXPCKeyViewActionCode;
124 extern const char *kSecXPCKeySendIDSMessage;
125 extern const char *kSecXPCKeyHSA2AutoAcceptInfo;
126 extern const char *kSecXPCKeyEscrowLabel;
127 extern const char *kSecXPCKeyTriesLabel;
128 extern const char *kSecXPCKeyString;
129
130 extern const char *kSecXPCKeyReason;
131
132 //
133 // MARK: Mach port request IDs
134 //
135 enum SecXPCOperation {
136 sec_item_add_id = 0,
137 sec_item_copy_matching_id = 1,
138 sec_item_update_id = 2,
139 sec_item_delete_id = 3,
140 // trust_store_for_domain -- NOT an ipc
141 sec_trust_store_contains_id = 4,
142 sec_trust_store_set_trust_settings_id = 5,
143 sec_trust_store_remove_certificate_id = 6,
144 // remove_all -- NOT an ipc
145 sec_delete_all_id = 7,
146 sec_trust_evaluate_id = 8,
147 // Any new items MUST be added below here
148 // This allows updating roots on a device, since SecTrustEvaluate must continue to work
149 sec_keychain_backup_id,
150 sec_keychain_restore_id,
151 sec_keychain_backup_syncable_id,
152 sec_keychain_restore_syncable_id,
153 sec_item_backup_copy_names_id,
154 sec_item_backup_handoff_fd_id,
155 sec_item_backup_set_confirmed_manifest_id,
156 sec_item_backup_restore_id,
157 sec_keychain_sync_update_message_id,
158 sec_ota_pki_asset_version_id,
159 sec_otr_session_create_remote_id,
160 sec_otr_session_process_packet_remote_id,
161 kSecXPCOpOTAPKIGetNewAsset,
162 kSecXPCOpOTAGetEscrowCertificates,
163 kSecXPCOpProcessUnlockNotification,
164 kSecXPCOpProcessSyncWithAllPeers,
165 kSecXPCOpRollKeys,
166 sec_add_shared_web_credential_id,
167 sec_copy_shared_web_credential_id,
168 sec_get_log_settings_id,
169 sec_set_xpc_log_settings_id,
170 sec_set_circle_log_settings_id,
171 soscc_EnsurePeerRegistration_id,
172 kSecXPCOpRequestEnsureFreshParameters,
173 kSecXPCOpGetAllTheRings,
174 kSecXPCOpApplyToARing,
175 kSecXPCOpWithdrawlFromARing,
176 kSecXPCOpEnableRing,
177 kSecXPCOpRingStatus,
178 kSecXPCOpRequestDeviceID,
179 kSecXPCOpSetDeviceID,
180 kSecXPCOpHandleIDSMessage,
181 kSecXPCOpSendIDSMessage,
182 kSecXPCOpPingTest,
183 kSecXPCOpIDSDeviceID,
184 // any process using an operation below here is required to have entitlement keychain-cloud-circle
185 kSecXPCOpTryUserCredentials,
186 kSecXPCOpSetUserCredentials,
187 kSecXPCOpSetUserCredentialsAndDSID,
188 kSecXPCOpCanAuthenticate,
189 kSecXPCOpPurgeUserCredentials,
190 kSecXPCOpDeviceInCircle,
191 kSecXPCOpRequestToJoin,
192 kSecXPCOpRequestToJoinAfterRestore,
193 kSecXPCOpResetToOffering,
194 kSecXPCOpResetToEmpty,
195 kSecXPCOpView,
196 kSecXPCOpViewSet,
197 kSecXPCOpSecurityProperty,
198 kSecXPCOpRemoveThisDeviceFromCircle,
199 kSecXPCOpRemovePeersFromCircle,
200 kSecXPCOpLoggedOutOfAccount,
201 kSecXPCOpBailFromCircle,
202 kSecXPCOpAcceptApplicants,
203 kSecXPCOpRejectApplicants,
204 kSecXPCOpCopyApplicantPeerInfo,
205 kSecXPCOpCopyValidPeerPeerInfo,
206 kSecXPCOpValidateUserPublic,
207 kSecXPCOpCopyNotValidPeerPeerInfo,
208 kSecXPCOpCopyPeerPeerInfo,
209 kSecXPCOpCopyConcurringPeerPeerInfo,
210 kSecXPCOpCopyGenerationPeerInfo,
211 kSecXPCOpGetLastDepartureReason,
212 kSecXPCOpSetLastDepartureReason,
213 kSecXPCOpCopyIncompatibilityInfo,
214 kSecXPCOpCopyRetirementPeerInfo,
215 kSecXPCOpCopyViewUnawarePeerInfo,
216 kSecXPCOpCopyEngineState,
217 kSecXPCOpCopyMyPeerInfo,
218 kSecXPCOpAccountSetToNew,
219 kSecXPCOpSetHSA2AutoAcceptInfo,
220 kSecXPCOpSetNewPublicBackupKey,
221 kSecXPCOpSetBagForAllSlices,
222 kSecXPCOpWaitForInitialSync,
223 kSecXPCOpCopyYetToSyncViews,
224 kSecXPCOpSetEscrowRecord,
225 kSecXPCOpGetEscrowRecord,
226 kSecXPCOpCheckPeerAvailability,
227 };
228
229
230
231 struct securityd {
232 bool (*sec_item_add)(CFDictionaryRef attributes, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef* error);
233 bool (*sec_item_copy_matching)(CFDictionaryRef query, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef* error);
234 bool (*sec_item_update)(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, CFArrayRef accessGroups, CFErrorRef* error);
235 bool (*sec_item_delete)(CFDictionaryRef query, CFArrayRef accessGroups, CFErrorRef* error);
236 bool (*sec_add_shared_web_credential)(CFDictionaryRef attributes, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef *error);
237 bool (*sec_copy_shared_web_credential)(CFDictionaryRef query, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef *error);
238 SecTrustStoreRef (*sec_trust_store_for_domain)(CFStringRef domainName, CFErrorRef* error); // TODO: remove, has no msg id
239 bool (*sec_trust_store_contains)(SecTrustStoreRef ts, CFDataRef digest, bool *contains, CFErrorRef* error);
240 bool (*sec_trust_store_set_trust_settings)(SecTrustStoreRef ts, SecCertificateRef certificate, CFTypeRef trustSettingsDictOrArray, CFErrorRef* error);
241 bool (*sec_trust_store_remove_certificate)(SecTrustStoreRef ts, CFDataRef digest, CFErrorRef* error);
242 bool (*sec_truststore_remove_all)(SecTrustStoreRef ts, CFErrorRef* error); // TODO: remove, has no msg id
243 bool (*sec_item_delete_all)(CFErrorRef* error);
244 SecTrustResultType (*sec_trust_evaluate)(CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, CFArrayRef policies, CFArrayRef responses, CFArrayRef SCTs, CFArrayRef trustedLogs, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, CFArrayRef *details, CFDictionaryRef *info, SecCertificatePathRef *chain, CFErrorRef *error);
245 CFDataRef (*sec_keychain_backup)(CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
246 bool (*sec_keychain_restore)(CFDataRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
247 CFDictionaryRef (*sec_keychain_backup_syncable)(CFDictionaryRef backup_in, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
248 bool (*sec_keychain_restore_syncable)(CFDictionaryRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
249 CFArrayRef (*sec_item_backup_copy_names)(CFErrorRef *error);
250 int (*sec_item_backup_handoff_fd)(CFStringRef backupName, CFErrorRef *error);
251 bool (*sec_item_backup_set_confirmed_manifest)(CFStringRef backupName, CFDataRef keybagDigest, CFDataRef manifest, CFErrorRef *error);
252 bool (*sec_item_backup_restore)(CFStringRef backupName, CFStringRef peerID, CFDataRef keybag, CFDataRef secret, CFDataRef backup, CFErrorRef *error);
253 int (*sec_ota_pki_asset_version)(CFErrorRef* error);
254 CFDataRef (*sec_otr_session_create_remote)(CFDataRef publicPeerId, CFErrorRef* error);
255 bool (*sec_otr_session_process_packet_remote)(CFDataRef sessionData, CFDataRef inputPacket, CFDataRef* outputSessionData, CFDataRef* outputPacket, bool *readyForMessages, CFErrorRef* error);
256 bool (*soscc_TryUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
257 bool (*soscc_SetUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
258 bool (*soscc_SetUserCredentialsAndDSID)(CFStringRef user_label, CFDataRef user_password, CFStringRef dsid, CFErrorRef *error);
259 bool (*soscc_CanAuthenticate)(CFErrorRef *error);
260 bool (*soscc_PurgeUserCredentials)(CFErrorRef *error);
261 SOSCCStatus (*soscc_ThisDeviceIsInCircle)(CFErrorRef* error);
262 bool (*soscc_RequestToJoinCircle)(CFErrorRef* error);
263 bool (*soscc_RequestToJoinCircleAfterRestore)(CFErrorRef* error);
264 bool (*soscc_RequestEnsureFreshParameters)(CFErrorRef* error);
265 CFStringRef (*soscc_GetAllTheRings)(CFErrorRef *error);
266 bool (*soscc_ApplyToARing)(CFStringRef ringName, CFErrorRef* error);
267 bool (*soscc_WithdrawlFromARing)(CFStringRef ringName, CFErrorRef* error);
268 bool (*soscc_EnableRing)(CFStringRef ringName, CFErrorRef* error);
269 SOSRingStatus (*soscc_RingStatus)(CFStringRef ringName, CFErrorRef* error);
270 CFStringRef (*soscc_CopyDeviceID)(CFErrorRef* error);
271 bool (*soscc_SetDeviceID)(CFStringRef IDS, CFErrorRef *error);
272 HandleIDSMessageReason (*soscc_HandleIDSMessage)(CFDictionaryRef IDS, CFErrorRef *error);
273 bool (*soscc_CheckIDSRegistration)(CFStringRef message, CFErrorRef *error);
274 bool (*soscc_PingTest)(CFStringRef message, CFErrorRef *error);
275 bool (*soscc_GetIDSIDFromIDS)(CFErrorRef *error);
276 bool (*soscc_SetToNew)(CFErrorRef *error);
277 bool (*soscc_ResetToOffering)(CFErrorRef* error);
278 bool (*soscc_ResetToEmpty)(CFErrorRef* error);
279 SOSViewResultCode (*soscc_View)(CFStringRef view, SOSViewActionCode action, CFErrorRef *error);
280 bool (*soscc_ViewSet)(CFSetRef enabledViews, CFSetRef disabledViews);
281 SOSSecurityPropertyResultCode (*soscc_SecurityProperty)(CFStringRef property, SOSSecurityPropertyActionCode action, CFErrorRef *error);
282 bool (*soscc_RegisterSingleRecoverySecret)(CFDataRef backupSlice, bool forV0Only, CFErrorRef *error);
283 bool (*soscc_RemoveThisDeviceFromCircle)(CFErrorRef* error);
284 bool (*soscc_RemovePeersFromCircle)(CFArrayRef peers, CFErrorRef* error);
285 bool (*soscc_LoggedOutOfAccount)(CFErrorRef* error);
286 bool (*soscc_BailFromCircle)(uint64_t limit_in_seconds, CFErrorRef* error);
287 bool (*soscc_AcceptApplicants)(CFArrayRef applicants, CFErrorRef* error);
288 bool (*soscc_RejectApplicants)(CFArrayRef applicants, CFErrorRef* error);
289 SOSPeerInfoRef (*soscc_SetNewPublicBackupKey)(CFDataRef pubKey, CFErrorRef *error);
290 bool (*soscc_ValidateUserPublic)(CFErrorRef* error);
291 CFArrayRef (*soscc_CopyGenerationPeerInfo)(CFErrorRef* error);
292 CFArrayRef (*soscc_CopyApplicantPeerInfo)(CFErrorRef* error);
293 CFArrayRef (*soscc_CopyValidPeerPeerInfo)(CFErrorRef* error);
294 CFArrayRef (*soscc_CopyNotValidPeerPeerInfo)(CFErrorRef* error);
295 CFArrayRef (*soscc_CopyRetirementPeerInfo)(CFErrorRef* error);
296 CFArrayRef (*soscc_CopyViewUnawarePeerInfo)(CFErrorRef* error);
297 CFArrayRef (*soscc_CopyEngineState)(CFErrorRef* error);
298 // Not sure why these are below the last entry in the enum order above, but they are:
299 CFArrayRef (*soscc_CopyPeerInfo)(CFErrorRef* error);
300 CFArrayRef (*soscc_CopyConcurringPeerInfo)(CFErrorRef* error);
301 CFStringRef (*soscc_CopyIncompatibilityInfo)(CFErrorRef* error);
302 enum DepartureReason (*soscc_GetLastDepartureReason)(CFErrorRef* error);
303 bool (*soscc_SetLastDepartureReason)(enum DepartureReason, CFErrorRef* error);
304 CFArrayRef (*ota_CopyEscrowCertificates)(uint32_t escrowRootType, CFErrorRef* error);
305 int (*sec_ota_pki_get_new_asset)(CFErrorRef* error);
306 SyncWithAllPeersReason (*soscc_ProcessSyncWithAllPeers)(CFErrorRef* error);
307 bool (*soscc_EnsurePeerRegistration)(CFErrorRef* error);
308 bool (*sec_roll_keys)(bool force, CFErrorRef* error);
309 CFArrayRef (*sec_keychain_sync_update_message)(CFDictionaryRef update, CFErrorRef *error);
310 CFPropertyListRef (*sec_get_log_settings)(CFErrorRef* error);
311 bool (*sec_set_xpc_log_settings)(CFTypeRef type, CFErrorRef* error);
312 bool (*sec_set_circle_log_settings)(CFTypeRef type, CFErrorRef* error);
313 SOSPeerInfoRef (*soscc_CopyMyPeerInfo)(CFErrorRef*);
314 bool (*soscc_SetHSA2AutoAcceptInfo)(CFDataRef, CFErrorRef*);
315 bool (*soscc_WaitForInitialSync)(CFErrorRef*);
316 CFArrayRef (*soscc_CopyYetToSyncViewsList)(CFErrorRef*);
317 bool (*soscc_SetEscrowRecords)(CFStringRef escrow_label, uint64_t tries, CFErrorRef *error);
318 CFDictionaryRef (*soscc_CopyEscrowRecords)(CFErrorRef *error);
319 bool (*soscc_PeerAvailability)(CFErrorRef *error);
320 };
321
322 extern struct securityd *gSecurityd;
323
324 CFArrayRef SecAccessGroupsGetCurrent(void);
325
326 // TODO Rename me
327 CFStringRef SOSCCGetOperationDescription(enum SecXPCOperation op);
328 xpc_object_t securityd_message_with_reply_sync(xpc_object_t message, CFErrorRef *error);
329 xpc_object_t securityd_create_message(enum SecXPCOperation op, CFErrorRef *error);
330 bool securityd_message_no_error(xpc_object_t message, CFErrorRef *error);
331
332
333 bool securityd_send_sync_and_do(enum SecXPCOperation op, CFErrorRef *error,
334 bool (^add_to_message)(xpc_object_t message, CFErrorRef* error),
335 bool (^handle_response)(xpc_object_t response, CFErrorRef* error));
336
337 // For testing only, never call this in a threaded program!
338 void SecServerSetMachServiceName(const char *name);
339
340
341 #endif /* _SECURITYD_CLIENT_H_ */
mirror of Security