+++ /dev/null
-/* Copyright (c) 2012 Apple Inc. All Rights Reserved. */
-
-#include "session.h"
-#include "process.h"
-#include "debugging.h"
-#include <dispatch/dispatch.h>
-#include <CoreFoundation/CoreFoundation.h>
-
-struct _session_s {
- __AUTH_BASE_STRUCT_HEADER__;
-
- CFMutableSetRef credentials;
- CFMutableSetRef processes;
- auditinfo_addr_t auditinfo;
-
- dispatch_queue_t dispatch_queue;
-
-};
-
-static void
-_session_finalize(CFTypeRef value)
-{
- session_t session = (session_t)value;
-
- LOGV("session: %i deallocated %p", session->auditinfo.ai_asid, session);
-
- // make sure queue is empty
- dispatch_barrier_sync(session->dispatch_queue, ^{});
-
- dispatch_release(session->dispatch_queue);
- CFReleaseSafe(session->credentials);
- CFReleaseSafe(session->processes);
-}
-
-AUTH_TYPE_INSTANCE(session,
- .init = NULL,
- .copy = NULL,
- .finalize = _session_finalize,
- .equal = NULL,
- .hash = NULL,
- .copyFormattingDesc = NULL,
- .copyDebugDesc = NULL
- );
-
-static CFTypeID session_get_type_id() {
- static CFTypeID type_id = _kCFRuntimeNotATypeID;
- static dispatch_once_t onceToken;
-
- dispatch_once(&onceToken, ^{
- type_id = _CFRuntimeRegisterClass(&_auth_type_session);
- });
-
- return type_id;
-}
-
-session_t
-session_create(session_id_t sid)
-{
- session_t session = NULL;
-
- session = (session_t)_CFRuntimeCreateInstance(kCFAllocatorDefault, session_get_type_id(), AUTH_CLASS_SIZE(session), NULL);
- require(session != NULL, done);
-
- session->auditinfo.ai_asid = sid;
-
- if (!session_update(session)) {
- LOGE("session: failed to get session info");
- }
-
- session->dispatch_queue = dispatch_queue_create(NULL, DISPATCH_QUEUE_SERIAL);
- check(session->dispatch_queue != NULL);
-
- session->credentials = CFSetCreateMutable(kCFAllocatorDefault, 0, &kCFTypeSetCallBacks);
- session->processes = CFSetCreateMutable(kCFAllocatorDefault, 0, NULL);
-
- LOGV("session: %i created (uid=%i) %p", session->auditinfo.ai_asid, session->auditinfo.ai_auid, session);
-
-done:
- return session;
-}
-
-bool session_update(session_t session)
-{
- return auditon(A_GETSINFO_ADDR, &session->auditinfo, sizeof(session->auditinfo)) == 0;
-}
-
-uint64_t session_get_attributes(session_t session)
-{
- session_update(session);
-
- return session->auditinfo.ai_flags;
-}
-
-static void _set_attributes(session_t session, uint64_t flags)
-{
- session->auditinfo.ai_flags = flags;
- int32_t rc = setaudit_addr(&session->auditinfo, sizeof(session->auditinfo));
- if (rc != 0) {
- LOGV("session: failed to update session info (%d)", rc);
- }
-}
-
-void session_set_attributes(session_t session, uint64_t flags)
-{
- session_update(session);
- _set_attributes(session,session->auditinfo.ai_flags | flags);
-}
-
-void session_clear_attributes(session_t session, uint64_t flags)
-{
- session_update(session);
- _set_attributes(session,session->auditinfo.ai_flags & ~flags);
-}
-
-
-const void *
-session_get_key(session_t session)
-{
- return &session->auditinfo.ai_asid;
-}
-
-session_id_t
-session_get_id(session_t session)
-{
- return session ? session->auditinfo.ai_asid : -1;
-}
-
-uid_t
-session_get_uid(session_t session)
-{
- return session ? session->auditinfo.ai_auid : (uid_t)-2;
-}
-
-CFIndex
-session_add_process(session_t session, process_t proc)
-{
- __block CFIndex count = 0;
- dispatch_sync(session->dispatch_queue, ^{
- CFSetAddValue(session->processes, proc);
- count = CFSetGetCount(session->processes);
- });
- return count;
-}
-
-CFIndex
-session_remove_process(session_t session, process_t proc)
-{
- __block CFIndex count = 0;
- dispatch_sync(session->dispatch_queue, ^{
- CFSetRemoveValue(session->processes, proc);
- count = CFSetGetCount(session->processes);
- });
- return count;
-}
-
-CFIndex
-session_get_process_count(session_t session)
-{
- __block CFIndex count = 0;
- dispatch_sync(session->dispatch_queue, ^{
- count = CFSetGetCount(session->processes);
- });
- return count;
-}
-
-void
-session_set_credential(session_t session, credential_t cred)
-{
- if (!credential_get_valid(cred))
- return;
-
- dispatch_sync(session->dispatch_queue, ^{
- CFSetSetValue(session->credentials, cred);
- });
-}
-
-void
-session_credentials_purge(session_t session)
-{
- session_credentials_iterate(session, ^bool(credential_t cred) {
- if (!credential_get_valid(cred)) {
- CFSetRemoveValue(session->credentials, cred);
- }
- return true;
- });
-}
-
-bool
-session_credentials_iterate(session_t session, credential_iterator_t iter)
-{
- __block bool result = false;
-
- dispatch_sync(session->dispatch_queue, ^{
- CFIndex count = CFSetGetCount(session->credentials);
- CFTypeRef values[count];
- CFSetGetValues(session->credentials, values);
- for (CFIndex i = 0; i < count; i++) {
- credential_t cred = (credential_t)values[i];
- result = iter(cred);
- if (!result) {
- break;
- }
- }
- });
-
-
- return result;
-}
projects / apple / security.git / blobdiff