+++ /dev/null
-/*
- * Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-/*!
- @header SecTrustedApplicationPriv
- Not (yet?) public functions related to SecTrustedApplicationRef objects
-*/
-
-#ifndef _SECURITY_SECTRUSTEDAPPLICATIONPRIV_H_
-#define _SECURITY_SECTRUSTEDAPPLICATIONPRIV_H_
-
-#include <Security/SecTrustedApplication.h>
-#include <Security/SecRequirementPriv.h>
-
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-
-/*
- * Determine whether the application at path satisfies the trust expressed in appRef.
- */
-OSStatus
-SecTrustedApplicationValidateWithPath(SecTrustedApplicationRef appRef, const char *path);
-
-/*!
- @function SecTrustedApplicationCreateFromRequirement
- @abstract Creates a trusted application reference based on an application
- URI description and a SecRequirementRef describing how it should be verified.
- @param description A URI-formatted string describing the intended meaning of
- the requirement being provided. This is for information purposes only
- and does not affect any actual validation being performed as a result.
- It may affect how the SecTrustedApplication is displayed or edited.
- If NULL, a default generic description is used.
- @param requirement A SecRequirementRef indicating what conditions an application
- must satisfy to be considered a match for this SecTrustedApplicationRef.
- @param app On return, contains a SecTrustedApplicationRef representing any
- code that satisfies the requirement argument.
- @result A result code. See SecBase.h and CSCommon.h.
-*/
-OSStatus SecTrustedApplicationCreateFromRequirement(const char *description,
- SecRequirementRef requirement, SecTrustedApplicationRef *app);
-
-/*!
- @function SecTrustedApplicationCopyRequirement
- @abstract If a SecTrustedApplicationRef contains a Code Signing requirement,
- it can be retrieved with this call. If no requirement is recorded, requirement
- is set to NULL and the call succeeds.
- @param appRef A trusted application reference to retrieve data from
- @param requirement Receives the SecRequirementRef contained in appRef, if any.
- If no Code Signing requirement is contained in appRef, *requirement is set
- to NULL and the call succeeds. This can happen if appRef was created from
- an unsigned application, or from sources that do not record code signing
- information such as keychain items made in version 10.4 or earlier of the
- system.
- @result A result code. See SecBase.h and CSCommon.h. It is not an error if
- no SecRequirementRef could be obtained.
- */
-OSStatus SecTrustedApplicationCopyRequirement(SecTrustedApplicationRef appRef,
- SecRequirementRef *requirement);
-
-
-/*!
- @function SecTrustedApplicationCreateApplicationGroup
- @abstract Create a SecTrustedApplication object that represents an application
- group reference. It will match any application that has been marked as
- a member of the named group and was signed by a particular authority (anchor).
- Note that application groups are open-ended and more applications can be
- signed as members (by holders of suitable signing authorities) at any time.
- There is no way to reliably enumerate all members of an application group.
- @param groupName The name of the application group. If you define your own
- application group, use reverse domain notation (com.yourapp.yourgroup).
- @param anchor The anchor certificate that is required to seal the group.
- An application will be recognized as a member of the group only if it
- was signed with an identity that draws to this group. If NULL, requires
- signing by Apple.
- @param app On return, contains a SecTrustedApplicationRef representing any
- code that has been signed and marked as a member of the named application
- group.
- @result A result code. See SecBase.h and CSCommon.h.
- */
-OSStatus SecTrustedApplicationCreateApplicationGroup(const char *groupName,
- SecCertificateRef anchor, SecTrustedApplicationRef *app);
-
-
-/*!
- @function SecTrustedApplicationCopyExternalRepresentation
- @abstract Create a pure-data form of a SecTrustedApplicationRef object suitable
- for persistent storage anywhere. This data can later be fed to
- SecTrustedApplicationCreateWithExternalRepresentation to create an equivalent
- SecTrustedApplicationRef. The data is variable size, and should be considered
- entirely opaque; its internal form is subject to change.
- @param appRef A valid SecTrustedApplicationRef of any kind.
- @param externalRef Upon successful return, contains a CFDataRef that can be
- stored as required.
- @result A result code. See SecBase.h and CSCommon.h.
- */
-OSStatus SecTrustedApplicationCopyExternalRepresentation(
- SecTrustedApplicationRef appRef,
- CFDataRef *externalRef);
-
-/*!
- @function SecTrustedApplicationCreateWithExternalRepresentation
- @abstract Create a SecTrustedApplicationRef from an external data representation
- that was originally obtained with a call to SecTrustedApplicationCopyExternalRepresentation.
- @param externalRef A CFDataRef containing data produced by
- SecTrustedApplicationCopyExternalRepresentation. If this data was not obtained
- from that function, the behavior is undefined.
- @param appRef Upon successful return, a SecTrustedApplicationRef that is functionally
- equivalent to the original one used to obtain externalRef.
- @result A result code. See SecBase.h and CSCommon.h.
- */
-OSStatus SecTrustedApplicationCreateWithExternalRepresentation(
- CFDataRef externalRef,
- SecTrustedApplicationRef *appRef);
-
-
-/*
- * Administrative editing of the system's application equivalence database
- */
-enum {
- kSecApplicationFlagSystemwide = 0x1,
- kSecApplicationValidFlags = kSecApplicationFlagSystemwide
-};
-
-OSStatus
-SecTrustedApplicationMakeEquivalent(SecTrustedApplicationRef oldRef,
- SecTrustedApplicationRef newRef, UInt32 flags);
-
-OSStatus
-SecTrustedApplicationRemoveEquivalence(SecTrustedApplicationRef appRef, UInt32 flags);
-
-
-/*
- * Check to see if an application at a given path is a candidate for
- * pre-emptive code equivalency establishment
- */
-OSStatus
-SecTrustedApplicationIsUpdateCandidate(const char *installroot, const char *path);
-
-
-/*
- * Point the system at another system root for equivalence use.
- * This is for system update installers (only)!
- */
-OSStatus
-SecTrustedApplicationUseAlternateSystem(const char *systemRoot);
-
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* !_SECURITY_SECTRUSTEDAPPLICATIONPRIV_H_ */
projects / apple / security.git / blobdiff