X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_keychain/lib/Access.h diff --git a/Security/libsecurity_keychain/lib/Access.h b/Security/libsecurity_keychain/lib/Access.h new file mode 100644 index 00000000..ec562dd8 --- /dev/null +++ b/Security/libsecurity_keychain/lib/Access.h @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2002-2004,2011,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// Access.h - Access control wrappers +// +#ifndef _SECURITY_ACCESS_H_ +#define _SECURITY_ACCESS_H_ + +#include +#include +#include +#include +#include +#include +#include + +namespace Security { +namespace KeychainCore { + +using CssmClient::AclBearer; + + +class Access : public SecCFObject { + NOCOPY(Access) +public: + SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef, gTypes().Access) + + class Maker { + NOCOPY(Maker) + static const size_t keySize = 16; // number of (random) bytes + friend class Access; + public: + enum MakerType {kStandardMakerType, kAnyMakerType}; + + Maker(Allocator &alloc = Allocator::standard(), MakerType makerType = kStandardMakerType); + + void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL); + const AccessCredentials *cred(); + + TrackingAllocator allocator; + + static const char creationEntryTag[]; + + MakerType makerType() {return mMakerType;} + + private: + CssmAutoData mKey; + AclEntryInput mInput; + AutoCredentials mCreds; + MakerType mMakerType; + }; + +public: + // make default forms + Access(const string &description); + Access(const string &description, const ACL::ApplicationList &trusted); + Access(const string &description, const ACL::ApplicationList &trusted, + const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights); + + // make a completely open Access (anyone can do anything) + Access(); + + // retrieve from an existing AclBearer + Access(AclBearer &source); + + // make from CSSM layer information (presumably retrieved by caller) + Access(const CSSM_ACL_OWNER_PROTOTYPE &owner, + uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); + virtual ~Access(); + +public: + CFArrayRef copySecACLs() const; + CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const; + + void add(ACL *newAcl); + void addOwner(ACL *newOwnerAcl); + + void setAccess(AclBearer &target, bool update = false); + void setAccess(AclBearer &target, Maker &maker); + + template + void findAclsForRight(AclAuthorization right, Container &cont) + { + cont.clear(); + for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) + if (it->second->authorizes(right)) + cont.push_back(it->second); + } + + std::string promptDescription() const; // from any one of the ACLs contained + + void addApplicationToRight(AclAuthorization right, TrustedApplication *app); + + void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner, + uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls); + +protected: + void makeStandard(const string &description, const ACL::ApplicationList &trusted, + const AclAuthorizationSet &limitedRights = AclAuthorizationSet(), + const AclAuthorizationSet &freeRights = AclAuthorizationSet()); + void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner, + uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); + + void editAccess(AclBearer &target, bool update, const AccessCredentials *cred); + +private: + static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle; + typedef map > Map; + + Map mAcls; // set of ACL entries + Mutex mMutex; +}; + + +} // end namespace KeychainCore +} // end namespace Security + +#endif // !_SECURITY_ACCESS_H_