2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
19 // Access.h - Access control wrappers
21 #ifndef _SECURITY_ACCESS_H_
22 #define _SECURITY_ACCESS_H_
24 #include <Security/SecRuntime.h>
25 #include <Security/ACL.h>
26 #include <Security/trackingallocator.h>
27 #include <Security/cssmaclpod.h>
28 #include <Security/cssmacl.h>
29 #include <Security/aclclient.h>
30 #include <Security/TrustedApplication.h>
34 namespace KeychainCore
{
36 using CssmClient::AclBearer
;
39 class Access
: public SecCFObject
{
44 static const size_t keySize
= 16; // number of (random) bytes
47 Maker(CssmAllocator
&alloc
= CssmAllocator::standard());
49 void initialOwner(ResourceControlContext
&ctx
, const AccessCredentials
*creds
= NULL
);
50 const AccessCredentials
*cred();
52 TrackingAllocator allocator
;
54 static const char creationEntryTag
[];
59 AutoCredentials mCreds
;
64 Access(const string
&description
);
65 Access(const string
&description
, const ACL::ApplicationList
&trusted
);
66 Access(const string
&description
, const ACL::ApplicationList
&trusted
,
67 const AclAuthorizationSet
&limitedRights
, const AclAuthorizationSet
&freeRights
);
69 // make a completely open Access (anyone can do anything)
72 // retrieve from an existing AclBearer
73 Access(AclBearer
&source
);
75 // make from CSSM layer information (presumably retrieved by caller)
76 Access(const CSSM_ACL_OWNER_PROTOTYPE
&owner
,
77 uint32 aclCount
, const CSSM_ACL_ENTRY_INFO
*acls
);
82 CFArrayRef
copySecACLs() const;
83 CFArrayRef
copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action
) const;
85 void add(ACL
*newAcl
);
86 void addOwner(ACL
*newOwnerAcl
);
88 void setAccess(AclBearer
&target
, bool update
= false);
89 void setAccess(AclBearer
&target
, Maker
&maker
);
91 template <class Container
>
92 void findAclsForRight(AclAuthorization right
, Container
&cont
)
95 for (Map::const_iterator it
= mAcls
.begin(); it
!= mAcls
.end(); it
++)
96 if (it
->second
->authorizes(right
))
97 cont
.push_back(it
->second
);
100 std::string
promptDescription() const; // from any one of the ACLs contained
102 void addApplicationToRight(AclAuthorization right
, TrustedApplication
*app
);
105 void makeStandard(const string
&description
, const ACL::ApplicationList
&trusted
,
106 const AclAuthorizationSet
&limitedRights
= AclAuthorizationSet(),
107 const AclAuthorizationSet
&freeRights
= AclAuthorizationSet());
108 void compile(const CSSM_ACL_OWNER_PROTOTYPE
&owner
,
109 uint32 aclCount
, const CSSM_ACL_ENTRY_INFO
*acls
);
111 void editAccess(AclBearer
&target
, bool update
, const AccessCredentials
*cred
);
114 static const CSSM_ACL_HANDLE ownerHandle
= ACL::ownerHandle
;
115 typedef map
<CSSM_ACL_HANDLE
, RefPointer
<ACL
> > Map
;
117 Map mAcls
; // set of ACL entries
121 } // end namespace KeychainCore
122 } // end namespace Security
124 #endif // !_SECURITY_ACCESS_H_
projects / apple / security.git / blob