2 * Copyright (c) 2007-2009,2012-2015 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
23 #ifndef _SECURITYD_CLIENT_H_
24 #define _SECURITYD_CLIENT_H_
28 #include <Security/SecTrust.h>
29 #include <Security/SecTask.h>
30 #ifndef MINIMIZE_INCLUDES
31 # include <Security/SecTrustStore.h>
32 # include <Security/SecCertificatePath.h>
34 typedef struct __SecTrustStore
*SecTrustStoreRef
;
35 # ifndef _SECURITY_SECCERTIFICATE_H_
36 typedef struct __SecCertificate
*SecCertificateRef
;
37 # endif // _SECURITY_SECCERTIFICATE_H_
38 # ifndef _SECURITY_SECCERTIFICATEPATH_H_
39 typedef struct SecCertificatePath
*SecCertificatePathRef
;
40 # endif // _SECURITY_SECCERTIFICATEPATH_H_
41 #endif // MINIMIZE_INCLUDES
43 #if TARGET_OS_EMBEDDED
47 #include <CoreFoundation/CFArray.h>
48 #include <CoreFoundation/CFDictionary.h>
49 #include <CoreFoundation/CFError.h>
51 #include <Security/SecureObjectSync/SOSCloudCircle.h>
52 #include <Security/SecureObjectSync/SOSPeerInfo.h>
53 #include <Security/SecureObjectSync/SOSRing.h>
56 #include <CoreFoundation/CFXPCBridge.h>
58 // TODO: This should be in client of XPC code locations...
60 #define kSecuritydXPCServiceName "com.apple.securityd.xpc"
61 #define kTrustdAgentXPCServiceName "com.apple.trustd.agent"
62 #define kTrustdXPCServiceName "com.apple.trustd"
64 #define kSecuritydXPCServiceName "com.apple.securityd"
65 #define kTrustdAgentXPCServiceName "com.apple.securityd"
66 #define kTrustdXPCServiceName "com.apple.securityd"
67 #endif // *** END SECITEM_SHIM_OSX ***
70 // MARK: XPC Information.
73 extern CFStringRef sSecXPCErrorDomain
;
75 extern const char *kSecXPCKeyOperation
;
76 extern const char *kSecXPCKeyResult
;
77 extern const char *kSecXPCKeyError
;
78 extern const char *kSecXPCKeyPeerInfos
;
79 extern const char *kSecXPCKeyUserLabel
;
80 extern const char *kSecXPCKeyBackup
;
81 extern const char *kSecXPCKeyKeybag
;
82 extern const char *kSecXPCKeyUserPassword
;
83 extern const char *kSecXPCKeyDSID
;
84 extern const char *kSecXPCKeyViewName
;
85 extern const char *kSecXPCKeyViewActionCode
;
86 extern const char *kSecXPCKeyNewPublicBackupKey
;
87 extern const char *kSecXPCKeyIncludeV0
;
88 extern const char *kSecXPCKeyEnabledViewsKey
;
89 extern const char *kSecXPCKeyDisabledViewsKey
;
90 extern const char *kSecXPCKeyEscrowLabel
;
91 extern const char *kSecXPCKeyTriesLabel
;
92 extern const char *kSecXPCKeyFileDescriptor
;
93 extern const char *kSecXPCKeyAccessGroups
;
94 extern const char *kSecXPCKeyClasses
;
97 // MARK: Dispatch macros
100 #define SECURITYD_XPC(sdp, wrapper, ...) ((gSecurityd && gSecurityd->sdp) ? gSecurityd->sdp(__VA_ARGS__) : wrapper(sdp ## _id, __VA_ARGS__))
103 // MARK: Object to XPC format conversion.
108 // MARK: XPC Interfaces
111 extern const char *kSecXPCKeyOperation
;
112 extern const char *kSecXPCKeyResult
;
113 extern const char *kSecXPCKeyError
;
114 extern const char *kSecXPCKeyPeerInfos
;
115 extern const char *kSecXPCKeyUserLabel
;
116 extern const char *kSecXPCKeyUserPassword
;
117 extern const char *kSecXPCKeyDSID
;
118 extern const char *kSecXPCLimitInMinutes
;
119 extern const char *kSecXPCKeyQuery
;
120 extern const char *kSecXPCKeyAttributesToUpdate
;
121 extern const char *kSecXPCKeyDomain
;
122 extern const char *kSecXPCKeyDigest
;
123 extern const char *kSecXPCKeyCertificate
;
124 extern const char *kSecXPCKeySettings
;
125 extern const char *kSecXPCPublicPeerId
; // Public peer id
126 extern const char *kSecXPCOTRSession
; // OTR session bytes
127 extern const char *kSecXPCData
; // Data to process
128 extern const char *kSecXPCOTRReady
; // OTR ready for messages
129 extern const char *kSecXPCKeyDeviceID
;
130 extern const char *kSecXPCKeyIDSMessage
;
131 extern const char *kSecXPCKeyViewName
;
132 extern const char *kSecXPCKeyViewActionCode
;
133 extern const char *kSecXPCKeySendIDSMessage
;
134 extern const char *kSecXPCKeyHSA2AutoAcceptInfo
;
135 extern const char *kSecXPCKeyEscrowLabel
;
136 extern const char *kSecXPCKeyTriesLabel
;
137 extern const char *kSecXPCKeyString
;
138 extern const char *kSecXPCKeyArray
;
140 extern const char *kSecXPCKeyReason
;
143 // MARK: Mach port request IDs
145 enum SecXPCOperation
{
147 sec_item_copy_matching_id
= 1,
148 sec_item_update_id
= 2,
149 sec_item_delete_id
= 3,
150 // trust_store_for_domain -- NOT an ipc
151 sec_trust_store_contains_id
= 4,
152 sec_trust_store_set_trust_settings_id
= 5,
153 sec_trust_store_remove_certificate_id
= 6,
154 // remove_all -- NOT an ipc
155 sec_delete_all_id
= 7,
156 sec_trust_evaluate_id
= 8,
157 // Any new items MUST be added below here
158 // This allows updating roots on a device, since SecTrustEvaluate must continue to work
159 sec_keychain_backup_id
,
160 sec_keychain_restore_id
,
161 sec_keychain_backup_syncable_id
,
162 sec_keychain_restore_syncable_id
,
163 sec_item_backup_copy_names_id
,
164 sec_item_backup_handoff_fd_id
,
165 sec_item_backup_set_confirmed_manifest_id
,
166 sec_item_backup_restore_id
,
167 sec_keychain_sync_update_message_id
,
168 sec_ota_pki_asset_version_id
,
169 sec_otr_session_create_remote_id
,
170 sec_otr_session_process_packet_remote_id
,
171 kSecXPCOpOTAPKIGetNewAsset
,
172 kSecXPCOpOTAGetEscrowCertificates
,
173 kSecXPCOpProcessUnlockNotification
,
174 kSecXPCOpProcessSyncWithAllPeers
,
176 sec_add_shared_web_credential_id
,
177 sec_copy_shared_web_credential_id
,
178 sec_get_log_settings_id
,
179 sec_set_xpc_log_settings_id
,
180 sec_set_circle_log_settings_id
,
181 soscc_EnsurePeerRegistration_id
,
182 kSecXPCOpRequestEnsureFreshParameters
,
183 kSecXPCOpGetAllTheRings
,
184 kSecXPCOpApplyToARing
,
185 kSecXPCOpWithdrawlFromARing
,
188 kSecXPCOpRequestDeviceID
,
189 kSecXPCOpSetDeviceID
,
190 kSecXPCOpHandleIDSMessage
,
191 kSecXPCOpSyncWithKVSPeer
,
192 kSecXPCOpSyncWithIDSPeer
,
193 kSecXPCOpSendIDSMessage
,
195 kSecXPCOpIDSDeviceID
,
196 // any process using an operation below here is required to have entitlement keychain-cloud-circle
197 kSecXPCOpTryUserCredentials
,
198 kSecXPCOpSetUserCredentials
,
199 kSecXPCOpSetUserCredentialsAndDSID
,
200 kSecXPCOpCanAuthenticate
,
201 kSecXPCOpPurgeUserCredentials
,
202 kSecXPCOpDeviceInCircle
,
203 kSecXPCOpRequestToJoin
,
204 kSecXPCOpRequestToJoinAfterRestore
,
205 kSecXPCOpResetToOffering
,
206 kSecXPCOpResetToEmpty
,
209 kSecXPCOpSecurityProperty
,
210 kSecXPCOpRemoveThisDeviceFromCircle
,
211 kSecXPCOpRemovePeersFromCircle
,
212 kSecXPCOpLoggedOutOfAccount
,
213 kSecXPCOpBailFromCircle
,
214 kSecXPCOpAcceptApplicants
,
215 kSecXPCOpRejectApplicants
,
216 kSecXPCOpCopyApplicantPeerInfo
,
217 kSecXPCOpCopyValidPeerPeerInfo
,
218 kSecXPCOpValidateUserPublic
,
219 kSecXPCOpCopyNotValidPeerPeerInfo
,
220 kSecXPCOpCopyPeerPeerInfo
,
221 kSecXPCOpCopyConcurringPeerPeerInfo
,
222 kSecXPCOpCopyGenerationPeerInfo
,
223 kSecXPCOpGetLastDepartureReason
,
224 kSecXPCOpSetLastDepartureReason
,
225 kSecXPCOpCopyIncompatibilityInfo
,
226 kSecXPCOpCopyRetirementPeerInfo
,
227 kSecXPCOpCopyViewUnawarePeerInfo
,
228 kSecXPCOpCopyEngineState
,
229 kSecXPCOpCopyMyPeerInfo
,
230 kSecXPCOpAccountSetToNew
,
231 kSecXPCOpSetHSA2AutoAcceptInfo
,
232 kSecXPCOpSetNewPublicBackupKey
,
233 kSecXPCOpSetBagForAllSlices
,
234 kSecXPCOpWaitForInitialSync
,
235 kSecXPCOpCopyYetToSyncViews
,
236 kSecXPCOpSetEscrowRecord
,
237 kSecXPCOpGetEscrowRecord
,
238 kSecXPCOpCheckPeerAvailability
,
239 kSecXPCOpCopyAccountData
,
240 kSecXPCOpDeleteAccountData
,
241 kSecXPCOpCopyEngineData
,
242 kSecXPCOpDeleteEngineData
,
243 kSecXPCOpCopyApplication
,
244 kSecXPCOpCopyCircleJoiningBlob
,
245 kSecXPCOpJoinWithCircleJoiningBlob
,
246 kSecXPCOpAccountHasPublicKey
,
247 kSecXPCOpAccountIsNew
,
248 /* after this is free for all */
250 kSecXPCOpTransmogrifyToSyncBubble
,
251 kSecXPCOpTransmogrifyToSystemKeychain
,
252 kSecXPCOpWrapToBackupSliceKeyBagForView
,
253 sec_item_update_token_items_id
,
254 kSecXPCOpDeleteUserView
,
255 sec_trust_store_copy_all_id
,
256 sec_trust_store_copy_usage_constraints_id
,
257 sec_delete_items_with_access_groups_id
,
258 kSecXPCOpIsThisDeviceLastBackup
,
259 sec_keychain_backup_keybag_uuid_id
,
260 kSecXPCOpPeersHaveViewsEnabled
,
266 CFArrayRef accessGroups
;
267 bool allowSystemKeychain
;
268 bool allowSyncBubbleKeychain
;
269 bool isNetworkExtension
;
272 #if TARGET_OS_EMBEDDED
273 keybag_handle_t keybag
;
282 extern SecurityClient
* SecSecurityClientGet(void);
284 void SecSecuritySetMusrMode(bool mode
, uid_t uid
, int activeUser
);
288 bool (*sec_item_add
)(CFDictionaryRef attributes
, SecurityClient
*client
, CFTypeRef
*result
, CFErrorRef
* error
);
289 bool (*sec_item_copy_matching
)(CFDictionaryRef query
, SecurityClient
*client
, CFTypeRef
*result
, CFErrorRef
* error
);
290 bool (*sec_item_update
)(CFDictionaryRef query
, CFDictionaryRef attributesToUpdate
, SecurityClient
*client
, CFErrorRef
* error
);
291 bool (*sec_item_delete
)(CFDictionaryRef query
, SecurityClient
*client
, CFErrorRef
* error
);
292 bool (*sec_add_shared_web_credential
)(CFDictionaryRef attributes
, SecurityClient
*client
, const audit_token_t
*clientAuditToken
, CFStringRef appID
, CFArrayRef accessGroups
, CFTypeRef
*result
, CFErrorRef
*error
);
293 bool (*sec_copy_shared_web_credential
)(CFDictionaryRef query
, SecurityClient
*client
, const audit_token_t
*clientAuditToken
, CFStringRef appID
, CFArrayRef accessGroups
, CFTypeRef
*result
, CFErrorRef
*error
);
294 SecTrustStoreRef (*sec_trust_store_for_domain
)(CFStringRef domainName
, CFErrorRef
* error
); // TODO: remove, has no msg id
295 bool (*sec_trust_store_contains
)(SecTrustStoreRef ts
, CFDataRef digest
, bool *contains
, CFErrorRef
* error
);
296 bool (*sec_trust_store_set_trust_settings
)(SecTrustStoreRef ts
, SecCertificateRef certificate
, CFTypeRef trustSettingsDictOrArray
, CFErrorRef
* error
);
297 bool (*sec_trust_store_remove_certificate
)(SecTrustStoreRef ts
, CFDataRef digest
, CFErrorRef
* error
);
298 bool (*sec_truststore_remove_all
)(SecTrustStoreRef ts
, CFErrorRef
* error
); // TODO: remove, has no msg id
299 bool (*sec_item_delete_all
)(CFErrorRef
* error
);
300 SecTrustResultType (*sec_trust_evaluate
)(CFArrayRef certificates
, CFArrayRef anchors
, bool anchorsOnly
, bool keychainsAllowed
, CFArrayRef policies
, CFArrayRef responses
, CFArrayRef SCTs
, CFArrayRef trustedLogs
, CFAbsoluteTime verifyTime
, __unused CFArrayRef accessGroups
, CFArrayRef
*details
, CFDictionaryRef
*info
, SecCertificatePathRef
*chain
, CFErrorRef
*error
);
301 CFDataRef (*sec_keychain_backup
)(SecurityClient
*client
, CFDataRef keybag
, CFDataRef passcode
, CFErrorRef
* error
);
302 bool (*sec_keychain_restore
)(CFDataRef backup
, SecurityClient
*client
, CFDataRef keybag
, CFDataRef passcode
, CFErrorRef
* error
);
303 CFDictionaryRef (*sec_keychain_backup_syncable
)(CFDictionaryRef backup_in
, CFDataRef keybag
, CFDataRef passcode
, CFErrorRef
* error
);
304 bool (*sec_keychain_restore_syncable
)(CFDictionaryRef backup
, CFDataRef keybag
, CFDataRef passcode
, CFErrorRef
* error
);
305 CFArrayRef (*sec_item_backup_copy_names
)(CFErrorRef
*error
);
306 int (*sec_item_backup_handoff_fd
)(CFStringRef backupName
, CFErrorRef
*error
);
307 bool (*sec_item_backup_set_confirmed_manifest
)(CFStringRef backupName
, CFDataRef keybagDigest
, CFDataRef manifest
, CFErrorRef
*error
);
308 bool (*sec_item_backup_restore
)(CFStringRef backupName
, CFStringRef peerID
, CFDataRef keybag
, CFDataRef secret
, CFDataRef backup
, CFErrorRef
*error
);
309 int (*sec_ota_pki_asset_version
)(CFErrorRef
* error
);
310 CFDataRef (*sec_otr_session_create_remote
)(CFDataRef publicPeerId
, CFErrorRef
* error
);
311 bool (*sec_otr_session_process_packet_remote
)(CFDataRef sessionData
, CFDataRef inputPacket
, CFDataRef
* outputSessionData
, CFDataRef
* outputPacket
, bool *readyForMessages
, CFErrorRef
* error
);
312 bool (*soscc_TryUserCredentials
)(CFStringRef user_label
, CFDataRef user_password
, CFErrorRef
*error
);
313 bool (*soscc_SetUserCredentials
)(CFStringRef user_label
, CFDataRef user_password
, CFErrorRef
*error
);
314 bool (*soscc_SetUserCredentialsAndDSID
)(CFStringRef user_label
, CFDataRef user_password
, CFStringRef dsid
, CFErrorRef
*error
);
315 bool (*soscc_CanAuthenticate
)(CFErrorRef
*error
);
316 bool (*soscc_PurgeUserCredentials
)(CFErrorRef
*error
);
317 SOSCCStatus (*soscc_ThisDeviceIsInCircle
)(CFErrorRef
* error
);
318 bool (*soscc_RequestToJoinCircle
)(CFErrorRef
* error
);
319 bool (*soscc_RequestToJoinCircleAfterRestore
)(CFErrorRef
* error
);
320 bool (*soscc_RequestEnsureFreshParameters
)(CFErrorRef
* error
);
321 CFStringRef (*soscc_GetAllTheRings
)(CFErrorRef
*error
);
322 bool (*soscc_ApplyToARing
)(CFStringRef ringName
, CFErrorRef
* error
);
323 bool (*soscc_WithdrawlFromARing
)(CFStringRef ringName
, CFErrorRef
* error
);
324 bool (*soscc_EnableRing
)(CFStringRef ringName
, CFErrorRef
* error
);
325 SOSRingStatus (*soscc_RingStatus
)(CFStringRef ringName
, CFErrorRef
* error
);
326 CFStringRef (*soscc_CopyDeviceID
)(CFErrorRef
* error
);
327 bool (*soscc_SetDeviceID
)(CFStringRef IDS
, CFErrorRef
*error
);
328 HandleIDSMessageReason (*soscc_HandleIDSMessage
)(CFDictionaryRef IDS
, CFErrorRef
*error
);
329 bool (*soscc_CheckIDSRegistration
)(CFStringRef message
, CFErrorRef
*error
);
330 bool (*soscc_PingTest
)(CFStringRef message
, CFErrorRef
*error
);
331 bool (*soscc_GetIDSIDFromIDS
)(CFErrorRef
*error
);
332 bool (*soscc_SetToNew
)(CFErrorRef
*error
);
333 bool (*soscc_ResetToOffering
)(CFErrorRef
* error
);
334 bool (*soscc_ResetToEmpty
)(CFErrorRef
* error
);
335 SOSViewResultCode (*soscc_View
)(CFStringRef view
, SOSViewActionCode action
, CFErrorRef
*error
);
336 bool (*soscc_ViewSet
)(CFSetRef enabledViews
, CFSetRef disabledViews
);
337 SOSSecurityPropertyResultCode (*soscc_SecurityProperty
)(CFStringRef property
, SOSSecurityPropertyActionCode action
, CFErrorRef
*error
);
338 bool (*soscc_RegisterSingleRecoverySecret
)(CFDataRef backupSlice
, bool forV0Only
, CFErrorRef
*error
);
339 bool (*soscc_RemoveThisDeviceFromCircle
)(CFErrorRef
* error
);
340 bool (*soscc_RemovePeersFromCircle
)(CFArrayRef peers
, CFErrorRef
* error
);
341 bool (*soscc_LoggedOutOfAccount
)(CFErrorRef
* error
);
342 bool (*soscc_BailFromCircle
)(uint64_t limit_in_seconds
, CFErrorRef
* error
);
343 bool (*soscc_AcceptApplicants
)(CFArrayRef applicants
, CFErrorRef
* error
);
344 bool (*soscc_RejectApplicants
)(CFArrayRef applicants
, CFErrorRef
* error
);
345 SOSPeerInfoRef (*soscc_SetNewPublicBackupKey
)(CFDataRef pubKey
, CFErrorRef
*error
);
346 bool (*soscc_ValidateUserPublic
)(CFErrorRef
* error
);
347 CFArrayRef (*soscc_CopyGenerationPeerInfo
)(CFErrorRef
* error
);
348 CFArrayRef (*soscc_CopyApplicantPeerInfo
)(CFErrorRef
* error
);
349 CFArrayRef (*soscc_CopyValidPeerPeerInfo
)(CFErrorRef
* error
);
350 CFArrayRef (*soscc_CopyNotValidPeerPeerInfo
)(CFErrorRef
* error
);
351 CFArrayRef (*soscc_CopyRetirementPeerInfo
)(CFErrorRef
* error
);
352 CFArrayRef (*soscc_CopyViewUnawarePeerInfo
)(CFErrorRef
* error
);
353 CFArrayRef (*soscc_CopyEngineState
)(CFErrorRef
* error
);
354 // Not sure why these are below the last entry in the enum order above, but they are:
355 CFArrayRef (*soscc_CopyPeerInfo
)(CFErrorRef
* error
);
356 CFArrayRef (*soscc_CopyConcurringPeerInfo
)(CFErrorRef
* error
);
357 CFStringRef (*soscc_CopyIncompatibilityInfo
)(CFErrorRef
* error
);
358 enum DepartureReason (*soscc_GetLastDepartureReason
)(CFErrorRef
* error
);
359 bool (*soscc_SetLastDepartureReason
)(enum DepartureReason
, CFErrorRef
* error
);
360 CFArrayRef (*ota_CopyEscrowCertificates
)(uint32_t escrowRootType
, CFErrorRef
* error
);
361 int (*sec_ota_pki_get_new_asset
)(CFErrorRef
* error
);
362 SyncWithAllPeersReason (*soscc_ProcessSyncWithAllPeers
)(CFErrorRef
* error
);
363 bool (*soscc_EnsurePeerRegistration
)(CFErrorRef
* error
);
364 bool (*sec_roll_keys
)(bool force
, CFErrorRef
* error
);
365 CFArrayRef (*sec_keychain_sync_update_message
)(CFDictionaryRef update
, CFErrorRef
*error
);
366 CFPropertyListRef (*sec_get_log_settings
)(CFErrorRef
* error
);
367 bool (*sec_set_xpc_log_settings
)(CFTypeRef type
, CFErrorRef
* error
);
368 bool (*sec_set_circle_log_settings
)(CFTypeRef type
, CFErrorRef
* error
);
369 SOSPeerInfoRef (*soscc_CopyMyPeerInfo
)(CFErrorRef
*);
370 bool (*soscc_SetHSA2AutoAcceptInfo
)(CFDataRef
, CFErrorRef
*);
371 bool (*soscc_WaitForInitialSync
)(CFErrorRef
*);
372 CFArrayRef (*soscc_CopyYetToSyncViewsList
)(CFErrorRef
*);
373 bool (*soscc_SetEscrowRecords
)(CFStringRef escrow_label
, uint64_t tries
, CFErrorRef
*error
);
374 CFDictionaryRef (*soscc_CopyEscrowRecords
)(CFErrorRef
*error
);
375 bool (*soscc_PeerAvailability
)(CFErrorRef
*error
);
376 bool (*sosbskb_WrapToBackupSliceKeyBagForView
)(CFStringRef viewName
, CFDataRef input
, CFDataRef
* output
, CFDataRef
* bskbEncoded
, CFErrorRef
* error
);
377 CFDataRef (*soscc_CopyAccountState
)(CFErrorRef
*error
);
378 bool (*soscc_DeleteAccountState
)(CFErrorRef
*error
);
379 CFDataRef (*soscc_CopyEngineData
)(CFErrorRef
*error
);
380 bool (*soscc_DeleteEngineState
)(CFErrorRef
*error
);
381 SOSPeerInfoRef (*soscc_CopyApplicant
)(CFErrorRef
*error
);
382 CFDataRef (*soscc_CopyCircleJoiningBlob
)(SOSPeerInfoRef applicant
, CFErrorRef
*error
);
383 bool (*soscc_JoinWithCircleJoiningBlob
)(CFDataRef joiningBlob
, CFErrorRef
*error
);
384 bool (*soscc_AccountHasPublicKey
)(CFErrorRef
*error
);
385 bool (*soscc_AccountIsNew
)(CFErrorRef
*error
);
386 bool (*sec_item_update_token_items
)(CFStringRef tokenID
, CFArrayRef query
, SecurityClient
*client
, CFErrorRef
* error
);
387 bool (*sec_trust_store_copy_all
)(SecTrustStoreRef ts
, CFArrayRef
*trustStoreContents
, CFErrorRef
*error
);
388 bool (*sec_trust_store_copy_usage_constraints
)(SecTrustStoreRef ts
, CFDataRef digest
, CFArrayRef
*usageConstraints
, CFErrorRef
*error
);
389 bool (*sec_delete_items_with_access_groups
)(CFArrayRef bundleIDs
, SecurityClient
*client
, CFErrorRef
*error
);
390 bool (*soscc_IsThisDeviceLastBackup
)(CFErrorRef
*error
);
391 bool (*soscc_requestSyncWithPeerOverKVS
)(CFStringRef peerID
, CFErrorRef
*error
);
392 bool (*soscc_requestSyncWithPeerOverIDS
)(CFStringRef peerID
, CFErrorRef
*error
);
393 CFBooleanRef (*soscc_SOSCCPeersHaveViewsEnabled
)(CFArrayRef views
, CFErrorRef
*error
);
396 extern struct securityd
*gSecurityd
;
398 CFArrayRef
SecAccessGroupsGetCurrent(void);
401 CFStringRef
SOSCCGetOperationDescription(enum SecXPCOperation op
);
402 xpc_object_t
securityd_message_with_reply_sync(xpc_object_t message
, CFErrorRef
*error
);
403 xpc_object_t
securityd_create_message(enum SecXPCOperation op
, CFErrorRef
*error
);
404 bool securityd_message_no_error(xpc_object_t message
, CFErrorRef
*error
);
407 bool securityd_send_sync_and_do(enum SecXPCOperation op
, CFErrorRef
*error
,
408 bool (^add_to_message
)(xpc_object_t message
, CFErrorRef
* error
),
409 bool (^handle_response
)(xpc_object_t response
, CFErrorRef
* error
));
411 // For testing only, never call this in a threaded program!
412 void SecServerSetMachServiceName(const char *name
);
415 #endif /* _SECURITYD_CLIENT_H_ */