2 * Copyright (c) 2000-2009 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // process - track a single client process and its belongings
31 #include "structure.h"
33 #include <security_utilities/refcount.h>
34 #include <security_utilities/ccaudit.h>
37 #include "notifications.h"
40 using MachPlusPlus::Port
;
41 using MachPlusPlus::TaskPort
;
45 class AuthorizationToken
;
49 // A Process object represents a UNIX process (and associated Mach Task) that has
50 // had contact with us and may have some state associated with it. It primarily tracks
51 // the process nature of the client. Individual threads in the client are tracked by
52 // Connection objects.
54 // ClientIdentification tracks the identity of guests in the client *as securityd clients*.
55 // It is concerned with which guest is asking for securityd services, and whether this
58 class Process
: public PerProcess
,
59 public ClientIdentification
{
61 Process(TaskPort tPort
, const ClientSetupInfo
*info
, const CommonCriteria::AuditToken
&audit
);
64 void reset(TaskPort tPort
, const ClientSetupInfo
*info
, const CommonCriteria::AuditToken
&audit
);
66 uid_t
uid() const { return mUid
; }
67 gid_t
gid() const { return mGid
; }
68 pid_t
pid() const { return mPid
; }
69 Security::CommonCriteria::AuditToken
const &audit_token() const { return mAudit
; }
70 TaskPort
taskPort() const { return mTaskPort
; }
71 bool byteFlipped() const { return mByteFlipped
; }
73 using PerProcess::kill
;
76 void changeSession(Session::SessionId sessionId
);
78 Session
& session() const;
79 void checkSession(const audit_token_t
&auditToken
);
81 LocalDatabase
&localStore();
82 Key
*makeTemporaryKey(const CssmKey
&key
, CSSM_KEYATTR_FLAGS moreAttributes
,
83 const AclEntryPrototype
*owner
);
85 // aclSequence is taken to serialize ACL validations to pick up mutual changes
88 // Dumping is buggy and only hurts debugging. It's dead Jim.
89 //IFDUMP(void dumpNode());
92 void setup(const ClientSetupInfo
*info
);
95 // peer state: established during connection startup; fixed thereafter
96 TaskPort mTaskPort
; // task port
97 bool mByteFlipped
; // client's byte order is reverse of ours
98 pid_t mPid
; // process id
99 uid_t mUid
; // UNIX uid credential
100 gid_t mGid
; // primary UNIX gid credential
102 Security::CommonCriteria::AuditToken
const mAudit
; // audit token
104 // canonical local (transient) key store
105 RefPointer
<LocalDatabase
> mLocalStore
;
110 // Convenience comparison
112 inline bool operator == (const Process
&p1
, const Process
&p2
)
projects / apple / security.git / blob