]> git.saurik.com Git - apple/security.git/blob - OSX/sec/ipc/securityd_client.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.60.18.tar.gz
[apple/security.git] / OSX / sec / ipc / securityd_client.h
1 /*
2 * Copyright (c) 2007-2009,2012-2015 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #ifndef _SECURITYD_CLIENT_H_
24 #define _SECURITYD_CLIENT_H_
25
26 #include <stdint.h>
27
28 #include <Security/SecTrust.h>
29 #include <Security/SecTask.h>
30 #ifndef MINIMIZE_INCLUDES
31 # include <Security/SecTrustStore.h>
32 # include <Security/SecCertificatePath.h>
33 #else
34 typedef struct __SecTrustStore *SecTrustStoreRef;
35 # ifndef _SECURITY_SECCERTIFICATE_H_
36 typedef struct __SecCertificate *SecCertificateRef;
37 # endif // _SECURITY_SECCERTIFICATE_H_
38 # ifndef _SECURITY_SECCERTIFICATEPATH_H_
39 typedef struct SecCertificatePath *SecCertificatePathRef;
40 # endif // _SECURITY_SECCERTIFICATEPATH_H_
41 #endif // MINIMIZE_INCLUDES
42
43 #if TARGET_HAS_KEYSTORE
44 #include <libaks.h>
45 #endif
46
47 #include <CoreFoundation/CFArray.h>
48 #include <CoreFoundation/CFDictionary.h>
49 #include <CoreFoundation/CFError.h>
50
51 #include <Security/SecureObjectSync/SOSCloudCircle.h>
52 #include <Security/SecureObjectSync/SOSPeerInfo.h>
53 #include <Security/SecureObjectSync/SOSRing.h>
54
55 #include <xpc/xpc.h>
56 #include <CoreFoundation/CFXPCBridge.h>
57
58 // TODO: This should be in client of XPC code locations...
59 #if SECITEM_SHIM_OSX
60 #define kSecuritydXPCServiceName "com.apple.securityd.xpc"
61 #define kTrustdAgentXPCServiceName "com.apple.trustd.agent"
62 #define kTrustdXPCServiceName "com.apple.trustd"
63 #else
64 #define kSecuritydXPCServiceName "com.apple.securityd"
65 #define kTrustdAgentXPCServiceName "com.apple.securityd"
66 #define kTrustdXPCServiceName "com.apple.securityd"
67 #endif // *** END SECITEM_SHIM_OSX ***
68
69 //
70 // MARK: XPC Information.
71 //
72
73 extern CFStringRef sSecXPCErrorDomain;
74
75 extern const char *kSecXPCKeyOperation;
76 extern const char *kSecXPCKeyResult;
77 extern const char *kSecXPCKeyError;
78 extern const char *kSecXPCKeyPeerInfoArray;
79 extern const char *kSecXPCKeyUserLabel;
80 extern const char *kSecXPCKeyBackup;
81 extern const char *kSecXPCKeyKeybag;
82 extern const char *kSecXPCKeyUserPassword;
83 extern const char *kSecXPCKeyDSID;
84 extern const char *kSecXPCKeyViewName;
85 extern const char *kSecXPCKeyViewActionCode;
86 extern const char *kSecXPCKeyNewPublicBackupKey;
87 extern const char *kSecXPCKeyRecoveryPublicKey;
88 extern const char *kSecXPCKeyIncludeV0;
89 extern const char *kSecXPCKeyEnabledViewsKey;
90 extern const char *kSecXPCKeyDisabledViewsKey;
91 extern const char *kSecXPCKeyEscrowLabel;
92 extern const char *kSecXPCKeyTriesLabel;
93 extern const char *kSecXPCKeyFileDescriptor;
94 extern const char *kSecXPCKeyAccessGroups;
95 extern const char *kSecXPCKeyClasses;
96
97 //
98 // MARK: Dispatch macros
99 //
100
101 #define SECURITYD_XPC(sdp, wrapper, ...) ((gSecurityd && gSecurityd->sdp) ? gSecurityd->sdp(__VA_ARGS__) : wrapper(sdp ## _id, __VA_ARGS__))
102
103 //
104 // MARK: Object to XPC format conversion.
105 //
106
107
108 //
109 // MARK: XPC Interfaces
110 //
111
112 extern const char *kSecXPCKeyOperation;
113 extern const char *kSecXPCKeyResult;
114 extern const char *kSecXPCKeyError;
115 extern const char *kSecXPCKeyPeerInfoArray;
116 extern const char *kSecXPCKeyPeerInfo;
117 extern const char *kSecXPCKeyUserLabel;
118 extern const char *kSecXPCKeyUserPassword;
119 extern const char *kSecXPCKeyDSID;
120 extern const char *kSecXPCLimitInMinutes;
121 extern const char *kSecXPCKeyQuery;
122 extern const char *kSecXPCKeyAttributesToUpdate;
123 extern const char *kSecXPCKeyDomain;
124 extern const char *kSecXPCKeyDigest;
125 extern const char *kSecXPCKeyCertificate;
126 extern const char *kSecXPCKeySettings;
127 extern const char *kSecXPCPublicPeerId; // Public peer id
128 extern const char *kSecXPCOTRSession; // OTR session bytes
129 extern const char *kSecXPCData; // Data to process
130 extern const char *kSecXPCOTRReady; // OTR ready for messages
131 extern const char *kSecXPCKeyDeviceID;
132 extern const char *kSecXPCKeyIDSMessage;
133 extern const char *kSecXPCKeyViewName;
134 extern const char *kSecXPCKeyViewActionCode;
135 extern const char *kSecXPCKeySendIDSMessage;
136 extern const char *kSecXPCKeyHSA2AutoAcceptInfo;
137 extern const char *kSecXPCKeyEscrowLabel;
138 extern const char *kSecXPCKeyTriesLabel;
139 extern const char *kSecXPCKeyString;
140 extern const char *kSecXPCKeyArray;
141 extern const char *kSecXPCKeySet;
142 extern const char *kSecXPCKeySet2;
143
144 extern const char *kSecXPCKeyReason;
145
146 //
147 // MARK: Mach port request IDs
148 //
149 enum SecXPCOperation {
150 sec_item_add_id = 0,
151 sec_item_copy_matching_id = 1,
152 sec_item_update_id = 2,
153 sec_item_delete_id = 3,
154 // trust_store_for_domain -- NOT an ipc
155 sec_trust_store_contains_id = 4,
156 sec_trust_store_set_trust_settings_id = 5,
157 sec_trust_store_remove_certificate_id = 6,
158 // remove_all -- NOT an ipc
159 sec_delete_all_id = 7,
160 sec_trust_evaluate_id = 8,
161 // Any new items MUST be added below here
162 // This allows updating roots on a device, since SecTrustEvaluate must continue to work
163 sec_keychain_backup_id,
164 sec_keychain_restore_id,
165 sec_keychain_backup_syncable_id,
166 sec_keychain_restore_syncable_id,
167 sec_item_backup_copy_names_id,
168 sec_item_backup_handoff_fd_id,
169 sec_item_backup_set_confirmed_manifest_id,
170 sec_item_backup_restore_id,
171 sec_keychain_sync_update_message_id,
172 sec_ota_pki_asset_version_id,
173 sec_otr_session_create_remote_id,
174 sec_otr_session_process_packet_remote_id,
175 kSecXPCOpOTAPKIGetNewAsset,
176 kSecXPCOpOTAGetEscrowCertificates,
177 kSecXPCOpProcessUnlockNotification,
178 kSecXPCOpProcessSyncWithAllPeers,
179 kSecXPCOpRollKeys,
180 sec_add_shared_web_credential_id,
181 sec_copy_shared_web_credential_id,
182 sec_get_log_settings_id,
183 sec_set_xpc_log_settings_id,
184 sec_set_circle_log_settings_id,
185 soscc_EnsurePeerRegistration_id,
186 kSecXPCOpRequestEnsureFreshParameters,
187 kSecXPCOpGetAllTheRings,
188 kSecXPCOpApplyToARing,
189 kSecXPCOpWithdrawlFromARing,
190 kSecXPCOpEnableRing,
191 kSecXPCOpRingStatus,
192 kSecXPCOpRequestDeviceID,
193 kSecXPCOpSetDeviceID,
194 kSecXPCOpHandleIDSMessage,
195 kSecXPCOpSyncWithKVSPeer,
196 kSecXPCOpSyncWithIDSPeer,
197 kSecXPCOpSendIDSMessage,
198 kSecXPCOpPingTest,
199 kSecXPCOpIDSDeviceID,
200 kSecXPCOpSyncWithKVSPeerIDOnly,
201 // any process using an operation below here is required to have entitlement keychain-cloud-circle
202 kSecXPCOpTryUserCredentials,
203 kSecXPCOpSetUserCredentials,
204 kSecXPCOpSetUserCredentialsAndDSID,
205 kSecXPCOpCanAuthenticate,
206 kSecXPCOpPurgeUserCredentials,
207 kSecXPCOpDeviceInCircle,
208 kSecXPCOpRequestToJoin,
209 kSecXPCOpRequestToJoinAfterRestore,
210 kSecXPCOpResetToOffering,
211 kSecXPCOpResetToEmpty,
212 kSecXPCOpView,
213 kSecXPCOpViewSet,
214 kSecXPCOpSecurityProperty,
215 kSecXPCOpRemoveThisDeviceFromCircle,
216 kSecXPCOpRemovePeersFromCircle,
217 kSecXPCOpLoggedOutOfAccount,
218 kSecXPCOpBailFromCircle,
219 kSecXPCOpAcceptApplicants,
220 kSecXPCOpRejectApplicants,
221 kSecXPCOpCopyApplicantPeerInfo,
222 kSecXPCOpCopyValidPeerPeerInfo,
223 kSecXPCOpValidateUserPublic,
224 kSecXPCOpCopyNotValidPeerPeerInfo,
225 kSecXPCOpCopyPeerPeerInfo,
226 kSecXPCOpCopyConcurringPeerPeerInfo,
227 kSecXPCOpCopyGenerationPeerInfo,
228 kSecXPCOpGetLastDepartureReason,
229 kSecXPCOpSetLastDepartureReason,
230 kSecXPCOpCopyIncompatibilityInfo,
231 kSecXPCOpCopyRetirementPeerInfo,
232 kSecXPCOpCopyViewUnawarePeerInfo,
233 kSecXPCOpCopyEngineState,
234 kSecXPCOpCopyMyPeerInfo,
235 kSecXPCOpAccountSetToNew,
236 kSecXPCOpSetHSA2AutoAcceptInfo,
237 kSecXPCOpSetNewPublicBackupKey,
238 kSecXPCOpSetBagForAllSlices,
239 kSecXPCOpWaitForInitialSync,
240 kSecXPCOpCopyYetToSyncViews,
241 kSecXPCOpSetEscrowRecord,
242 kSecXPCOpGetEscrowRecord,
243 kSecXPCOpCheckPeerAvailability,
244 kSecXPCOpCopyAccountData,
245 kSecXPCOpDeleteAccountData,
246 kSecXPCOpCopyEngineData,
247 kSecXPCOpDeleteEngineData,
248 kSecXPCOpCopyApplication,
249 kSecXPCOpCopyCircleJoiningBlob,
250 kSecXPCOpJoinWithCircleJoiningBlob,
251 kSecXPCOpAccountHasPublicKey,
252 kSecXPCOpAccountIsNew,
253 kSecXPCOpClearKVSPeerMessage,
254 kSecXPCOpRegisterRecoveryPublicKey,
255 kSecXPCOpGetRecoveryPublicKey,
256 kSecXPCOpCopyBackupInformation,
257 /* after this is free for all */
258 kSecXPCOpWhoAmI,
259 kSecXPCOpTransmogrifyToSyncBubble,
260 kSecXPCOpTransmogrifyToSystemKeychain,
261 kSecXPCOpWrapToBackupSliceKeyBagForView,
262 sec_item_update_token_items_id,
263 kSecXPCOpDeleteUserView,
264 sec_trust_store_copy_all_id,
265 sec_trust_store_copy_usage_constraints_id,
266 sec_delete_items_with_access_groups_id,
267 kSecXPCOpIsThisDeviceLastBackup,
268 sec_keychain_backup_keybag_uuid_id,
269 kSecXPCOpPeersHaveViewsEnabled,
270 kSecXPCOpProcessSyncWithPeers,
271 sec_device_is_internal_id,
272 kSecXPCOpMessageFromPeerIsPending,
273 kSecXPCOpSendToPeerIsPending,
274 };
275
276
277 typedef struct {
278 SecTaskRef task;
279 CFArrayRef accessGroups;
280 bool allowSystemKeychain;
281 bool allowSyncBubbleKeychain;
282 bool isNetworkExtension;
283 uid_t uid;
284 CFDataRef musr;
285 #if TARGET_OS_EMBEDDED && TARGET_HAS_KEYSTORE
286 keybag_handle_t keybag;
287 #endif
288 #if TARGET_OS_IPHONE
289 bool inMultiUser;
290 int activeUser;
291 #endif
292 } SecurityClient;
293
294
295 extern SecurityClient * SecSecurityClientGet(void);
296 #if TARGET_OS_IOS
297 void SecSecuritySetMusrMode(bool mode, uid_t uid, int activeUser);
298 #endif
299
300 struct securityd {
301 bool (*sec_item_add)(CFDictionaryRef attributes, SecurityClient *client, CFTypeRef *result, CFErrorRef* error);
302 bool (*sec_item_copy_matching)(CFDictionaryRef query, SecurityClient *client, CFTypeRef *result, CFErrorRef* error);
303 bool (*sec_item_update)(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, SecurityClient *client, CFErrorRef* error);
304 bool (*sec_item_delete)(CFDictionaryRef query, SecurityClient *client, CFErrorRef* error);
305 bool (*sec_add_shared_web_credential)(CFDictionaryRef attributes, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef *error);
306 bool (*sec_copy_shared_web_credential)(CFDictionaryRef query, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef *error);
307 SecTrustStoreRef (*sec_trust_store_for_domain)(CFStringRef domainName, CFErrorRef* error); // TODO: remove, has no msg id
308 bool (*sec_trust_store_contains)(SecTrustStoreRef ts, CFDataRef digest, bool *contains, CFErrorRef* error);
309 bool (*sec_trust_store_set_trust_settings)(SecTrustStoreRef ts, SecCertificateRef certificate, CFTypeRef trustSettingsDictOrArray, CFErrorRef* error);
310 bool (*sec_trust_store_remove_certificate)(SecTrustStoreRef ts, CFDataRef digest, CFErrorRef* error);
311 bool (*sec_truststore_remove_all)(SecTrustStoreRef ts, CFErrorRef* error); // TODO: remove, has no msg id
312 bool (*sec_item_delete_all)(CFErrorRef* error);
313 SecTrustResultType (*sec_trust_evaluate)(CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, bool keychainsAllowed, CFArrayRef policies, CFArrayRef responses, CFArrayRef SCTs, CFArrayRef trustedLogs, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, CFArrayRef *details, CFDictionaryRef *info, SecCertificatePathRef *chain, CFErrorRef *error);
314 bool (*sec_device_is_internal)(CFErrorRef* error);
315 CFDataRef (*sec_keychain_backup)(SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
316 bool (*sec_keychain_restore)(CFDataRef backup, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
317 CFDictionaryRef (*sec_keychain_backup_syncable)(CFDictionaryRef backup_in, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
318 bool (*sec_keychain_restore_syncable)(CFDictionaryRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
319 CFArrayRef (*sec_item_backup_copy_names)(CFErrorRef *error);
320 int (*sec_item_backup_handoff_fd)(CFStringRef backupName, CFErrorRef *error);
321 bool (*sec_item_backup_set_confirmed_manifest)(CFStringRef backupName, CFDataRef keybagDigest, CFDataRef manifest, CFErrorRef *error);
322 bool (*sec_item_backup_restore)(CFStringRef backupName, CFStringRef peerID, CFDataRef keybag, CFDataRef secret, CFDataRef backup, CFErrorRef *error);
323 int (*sec_ota_pki_asset_version)(CFErrorRef* error);
324 CFDataRef (*sec_otr_session_create_remote)(CFDataRef publicPeerId, CFErrorRef* error);
325 bool (*sec_otr_session_process_packet_remote)(CFDataRef sessionData, CFDataRef inputPacket, CFDataRef* outputSessionData, CFDataRef* outputPacket, bool *readyForMessages, CFErrorRef* error);
326 bool (*soscc_TryUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
327 bool (*soscc_SetUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
328 bool (*soscc_SetUserCredentialsAndDSID)(CFStringRef user_label, CFDataRef user_password, CFStringRef dsid, CFErrorRef *error);
329 bool (*soscc_CanAuthenticate)(CFErrorRef *error);
330 bool (*soscc_PurgeUserCredentials)(CFErrorRef *error);
331 SOSCCStatus (*soscc_ThisDeviceIsInCircle)(CFErrorRef* error);
332 bool (*soscc_RequestToJoinCircle)(CFErrorRef* error);
333 bool (*soscc_RequestToJoinCircleAfterRestore)(CFErrorRef* error);
334 bool (*soscc_RequestEnsureFreshParameters)(CFErrorRef* error);
335 CFStringRef (*soscc_GetAllTheRings)(CFErrorRef *error);
336 bool (*soscc_ApplyToARing)(CFStringRef ringName, CFErrorRef* error);
337 bool (*soscc_WithdrawlFromARing)(CFStringRef ringName, CFErrorRef* error);
338 bool (*soscc_EnableRing)(CFStringRef ringName, CFErrorRef* error);
339 SOSRingStatus (*soscc_RingStatus)(CFStringRef ringName, CFErrorRef* error);
340 CFStringRef (*soscc_CopyDeviceID)(CFErrorRef* error);
341 bool (*soscc_SetDeviceID)(CFStringRef IDS, CFErrorRef *error);
342 HandleIDSMessageReason (*soscc_HandleIDSMessage)(CFDictionaryRef IDS, CFErrorRef *error);
343 bool (*soscc_CheckIDSRegistration)(CFStringRef message, CFErrorRef *error);
344 bool (*soscc_PingTest)(CFStringRef message, CFErrorRef *error);
345 bool (*soscc_GetIDSIDFromIDS)(CFErrorRef *error);
346 bool (*soscc_SetToNew)(CFErrorRef *error);
347 bool (*soscc_ResetToOffering)(CFErrorRef* error);
348 bool (*soscc_ResetToEmpty)(CFErrorRef* error);
349 SOSViewResultCode (*soscc_View)(CFStringRef view, SOSViewActionCode action, CFErrorRef *error);
350 bool (*soscc_ViewSet)(CFSetRef enabledViews, CFSetRef disabledViews);
351 SOSSecurityPropertyResultCode (*soscc_SecurityProperty)(CFStringRef property, SOSSecurityPropertyActionCode action, CFErrorRef *error);
352 bool (*soscc_RegisterSingleRecoverySecret)(CFDataRef backupSlice, bool forV0Only, CFErrorRef *error);
353 bool (*soscc_RegisterRecoveryPublicKey)(CFDataRef recovery_key, CFErrorRef *error);
354 CFDataRef (*soscc_CopyRecoveryPublicKey)(CFErrorRef *error);
355 bool (*soscc_RemoveThisDeviceFromCircle)(CFErrorRef* error);
356 bool (*soscc_RemovePeersFromCircle)(CFArrayRef peers, CFErrorRef* error);
357 bool (*soscc_LoggedOutOfAccount)(CFErrorRef* error);
358 bool (*soscc_BailFromCircle)(uint64_t limit_in_seconds, CFErrorRef* error);
359 bool (*soscc_AcceptApplicants)(CFArrayRef applicants, CFErrorRef* error);
360 bool (*soscc_RejectApplicants)(CFArrayRef applicants, CFErrorRef* error);
361 SOSPeerInfoRef (*soscc_SetNewPublicBackupKey)(CFDataRef pubKey, CFErrorRef *error);
362 bool (*soscc_ValidateUserPublic)(CFErrorRef* error);
363 CFArrayRef (*soscc_CopyGenerationPeerInfo)(CFErrorRef* error);
364 CFArrayRef (*soscc_CopyApplicantPeerInfo)(CFErrorRef* error);
365 CFArrayRef (*soscc_CopyValidPeerPeerInfo)(CFErrorRef* error);
366 CFArrayRef (*soscc_CopyNotValidPeerPeerInfo)(CFErrorRef* error);
367 CFArrayRef (*soscc_CopyRetirementPeerInfo)(CFErrorRef* error);
368 CFArrayRef (*soscc_CopyViewUnawarePeerInfo)(CFErrorRef* error);
369 CFArrayRef (*soscc_CopyEngineState)(CFErrorRef* error);
370 // Not sure why these are below the last entry in the enum order above, but they are:
371 CFArrayRef (*soscc_CopyPeerInfo)(CFErrorRef* error);
372 CFArrayRef (*soscc_CopyConcurringPeerInfo)(CFErrorRef* error);
373 CFStringRef (*soscc_CopyIncompatibilityInfo)(CFErrorRef* error);
374 enum DepartureReason (*soscc_GetLastDepartureReason)(CFErrorRef* error);
375 bool (*soscc_SetLastDepartureReason)(enum DepartureReason, CFErrorRef* error);
376 CFArrayRef (*ota_CopyEscrowCertificates)(uint32_t escrowRootType, CFErrorRef* error);
377 int (*sec_ota_pki_get_new_asset)(CFErrorRef* error);
378 CFSetRef (*soscc_ProcessSyncWithPeers)(CFSetRef peerIDs, CFSetRef backupPeerIDs, CFErrorRef* error);
379 SyncWithAllPeersReason (*soscc_ProcessSyncWithAllPeers)(CFErrorRef* error);
380 bool (*soscc_EnsurePeerRegistration)(CFErrorRef* error);
381 bool (*sec_roll_keys)(bool force, CFErrorRef* error);
382 CFArrayRef (*sec_keychain_sync_update_message)(CFDictionaryRef update, CFErrorRef *error);
383 CFPropertyListRef (*sec_get_log_settings)(CFErrorRef* error);
384 bool (*sec_set_xpc_log_settings)(CFTypeRef type, CFErrorRef* error);
385 bool (*sec_set_circle_log_settings)(CFTypeRef type, CFErrorRef* error);
386 SOSPeerInfoRef (*soscc_CopyMyPeerInfo)(CFErrorRef*);
387 bool (*soscc_SetHSA2AutoAcceptInfo)(CFDataRef, CFErrorRef*);
388 bool (*soscc_WaitForInitialSync)(CFErrorRef*);
389 CFArrayRef (*soscc_CopyYetToSyncViewsList)(CFErrorRef*);
390 bool (*soscc_SetEscrowRecords)(CFStringRef escrow_label, uint64_t tries, CFErrorRef *error);
391 CFDictionaryRef (*soscc_CopyEscrowRecords)(CFErrorRef *error);
392 CFDictionaryRef (*soscc_CopyBackupInformation)(CFErrorRef *error);
393 bool (*soscc_PeerAvailability)(CFErrorRef *error);
394 bool (*sosbskb_WrapToBackupSliceKeyBagForView)(CFStringRef viewName, CFDataRef input, CFDataRef* output, CFDataRef* bskbEncoded, CFErrorRef* error);
395 CFDataRef (*soscc_CopyAccountState)(CFErrorRef *error);
396 bool (*soscc_DeleteAccountState)(CFErrorRef *error);
397 CFDataRef (*soscc_CopyEngineData)(CFErrorRef *error);
398 bool (*soscc_DeleteEngineState)(CFErrorRef *error);
399 SOSPeerInfoRef (*soscc_CopyApplicant)(CFErrorRef *error);
400 CFDataRef (*soscc_CopyCircleJoiningBlob)(SOSPeerInfoRef applicant, CFErrorRef *error);
401 bool (*soscc_JoinWithCircleJoiningBlob)(CFDataRef joiningBlob, CFErrorRef *error);
402 bool (*soscc_AccountHasPublicKey)(CFErrorRef *error);
403 bool (*soscc_AccountIsNew)(CFErrorRef *error);
404 bool (*sec_item_update_token_items)(CFStringRef tokenID, CFArrayRef query, SecurityClient *client, CFErrorRef* error);
405 bool (*sec_trust_store_copy_all)(SecTrustStoreRef ts, CFArrayRef *trustStoreContents, CFErrorRef *error);
406 bool (*sec_trust_store_copy_usage_constraints)(SecTrustStoreRef ts, CFDataRef digest, CFArrayRef *usageConstraints, CFErrorRef *error);
407 bool (*sec_delete_items_with_access_groups)(CFArrayRef bundleIDs, SecurityClient *client, CFErrorRef *error);
408 bool (*soscc_IsThisDeviceLastBackup)(CFErrorRef *error);
409 bool (*soscc_requestSyncWithPeerOverKVS)(CFStringRef peerID, CFDataRef message, CFErrorRef *error);
410 bool (*soscc_requestSyncWithPeerOverIDS)(CFStringRef peerID, CFErrorRef *error);
411 CFBooleanRef (*soscc_SOSCCPeersHaveViewsEnabled)(CFArrayRef views, CFErrorRef *error);
412 bool (*socc_clearPeerMessageKeyInKVS)(CFStringRef peerID, CFErrorRef *error);
413 bool (*soscc_requestSyncWithPeerOverKVSIDOnly)(CFStringRef peerID, CFErrorRef *error);
414 bool (*soscc_SOSCCMessageFromPeerIsPending)(SOSPeerInfoRef peer, CFErrorRef* error);
415 bool (*soscc_SOSCCSendToPeerIsPending)(SOSPeerInfoRef peer, CFErrorRef* error);
416 };
417
418 extern struct securityd *gSecurityd;
419
420 CFArrayRef SecAccessGroupsGetCurrent(void);
421
422 // TODO Rename me
423 CFStringRef SOSCCGetOperationDescription(enum SecXPCOperation op);
424 xpc_object_t securityd_message_with_reply_sync(xpc_object_t message, CFErrorRef *error);
425 xpc_object_t securityd_create_message(enum SecXPCOperation op, CFErrorRef *error);
426 bool securityd_message_no_error(xpc_object_t message, CFErrorRef *error);
427
428
429 bool securityd_send_sync_and_do(enum SecXPCOperation op, CFErrorRef *error,
430 bool (^add_to_message)(xpc_object_t message, CFErrorRef* error),
431 bool (^handle_response)(xpc_object_t response, CFErrorRef* error));
432
433 // For testing only, never call this in a threaded program!
434 void SecServerSetMachServiceName(const char *name);
435
436
437 #endif /* _SECURITYD_CLIENT_H_ */
mirror of Security