2 * Copyright (c) 2000-2001,2003-2004,2011,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // manager - CSSM manager/supervisor objects.
31 #include "modloader.h"
32 #include <security_cdsa_utilities/callback.h>
34 #include "attachfactory.h"
38 // The CssmManager class embodies one instance of CSSM. It can interact with multiple
39 // callers in multiple threads.
40 // As far as CssmManager is concerned, it doesn't mind for multiple instances of it to
41 // exist. Such instances are strictly separated; they do not share anything (module info,
42 // attachments, callbacks, etc.) and live their lives in splendid isolation. Of course,
43 // other subsystems they deal with (e.g. the ModuleLoader) may multiplex them, but such
44 // components should take pains not to "leak" information from one CssmManager instance
47 class CssmManager
: public AttachmentFactory
{
49 static const CSSM_GUID theGuidForCssmItself
;
52 virtual ~CssmManager();
54 void initialize (const CSSM_VERSION
&version
,
55 CSSM_PRIVILEGE_SCOPE scope
,
56 const Guid
&callerGuid
,
57 CSSM_KEY_HIERARCHY keyHierarchy
,
58 CSSM_PVC_MODE
&pvcPolicy
);
61 void loadModule (const Guid
&guid
,
62 CSSM_KEY_HIERARCHY keyHierarchy
,
63 const ModuleCallback
&callback
);
64 void unloadModule (const Guid
&guid
,
65 const ModuleCallback
&callback
);
67 void introduce(const Guid
&guid
, CSSM_KEY_HIERARCHY keyHierarchy
);
68 void unIntroduce(const Guid
&guid
);
74 // these values are constant (after init time) and need no locking
75 const Guid
&callerGuid() const { return mCallerGuid
; }
76 CSSM_PRIVILEGE_SCOPE
privilegeScope() const { return mPrivilegeScope
; }
77 CSSM_KEY_HIERARCHY
keyHierarchy() const { return mKeyHierarchy
; }
78 CSSM_PVC_MODE
pvcMode() const { return mPvcPolicy
; }
80 //@@@ for these two, consider locking (as of the C shims AND the transition layer use)
81 const CSSM_PRIVILEGE
&getPrivilege() const { return mPrivilege
; }
82 void setPrivilege(const CSSM_PRIVILEGE
&priv
) { mPrivilege
= priv
; }
85 Module
*getModule(const Guid
&guid
);
88 typedef map
<Guid
, Module
*> ModuleMap
;
91 Mutex mLock
; // object lock
92 unsigned int initCount
; // number of times successfully initialized
95 ModuleLoader loader
; // our ticket to module land
98 // state acquired from initialize (instance constants - not guarded)
99 CSSM_PRIVILEGE_SCOPE mPrivilegeScope
;
100 CSSM_KEY_HIERARCHY mKeyHierarchy
;
101 CSSM_PVC_MODE mPvcPolicy
;
104 // persistent state of the CSSM (guarded by module lock)
105 CSSM_PRIVILEGE mPrivilege
; // established privileges
108 void checkVersion(const CSSM_VERSION
&version
);
projects / apple / security.git / blob