X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/libsecurity_codesigning/lib/policydb.h diff --git a/libsecurity_codesigning/lib/policydb.h b/libsecurity_codesigning/lib/policydb.h deleted file mode 100644 index 5614f4fc..00000000 --- a/libsecurity_codesigning/lib/policydb.h +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright (c) 2011-2012 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ -#ifndef _H_POLICYDB -#define _H_POLICYDB - -#include "SecAssessment.h" -#include -#include -#include -#include - -namespace Security { -namespace CodeSigning { - - -namespace SQLite = SQLite3; - - -static const char defaultDatabase[] = "/var/db/SystemPolicy"; -static const char visibleSecurityFlagFile[] = "/var/db/.sp_visible"; /* old duchess/emir style configration */ -static const char prefsFile[] = "/var/db/SystemPolicy-prefs.plist"; -static const char lastRejectFile[] = "/var/db/.LastGKReject"; -static const char lastApprovedFile[] = "/var/db/.LastGKApp"; - -static const char gkeAuthFile[] = "/var/db/gke.auth"; -static const char gkeSigsFile[] = "/var/db/gke.sigs"; -static const unsigned int gkeCheckInterval = 60; // seconds - - -// -// We use Julian dates in the database, because SQLite understands them well and they convert easily to/from CFAbsoluteTime -// -static const double never = 5000000; // canonical "never" julian date (an arbitrary point in the year 8977) -static const double julianBase = 2451910.5; // julian date of CFAbsoluteTime epoch - -static inline double dateToJulian(CFDateRef time) -{ return CFDateGetAbsoluteTime(time) / 86400.0 + julianBase; } - -static inline CFDateRef julianToDate(double julian) -{ return CFDateCreate(NULL, (julian - julianBase) * 86400); } - - -typedef SHA1::SDigest ObjectHash; - - -typedef uint AuthorityType; -enum { - kAuthorityInvalid = 0, // not a valid authority type - kAuthorityExecute = 1, // authorizes launch and execution - kAuthorityInstall = 2, // authorizes installation - kAuthorityOpenDoc = 3, // authorizes opening of documents -}; - - -// -// Defined flags for authority flags column -// -enum { - kAuthorityFlagVirtual = 0x0001, // virtual rule (anchoring object records) - kAuthorityFlagDefault = 0x0002, // rule is part of the original default set - kAuthorityFlagInhibitCache = 0x0004, // never cache outcome of this rule - kAuthorityFlagWhitelist = 0x1000, // whitelist override - kAuthorityFlagWhitelistV2 = 0x2000, // apply "deep" signature to this record -}; - - -// -// Mapping/translation to/from API space -// -AuthorityType typeFor(CFDictionaryRef context, AuthorityType type = kAuthorityInvalid); -CFStringRef typeNameFor(AuthorityType type) - CF_RETURNS_RETAINED; - - -// -// An open policy database. -// Usually read-only, but can be opened for write by privileged callers. -// This is a translucent wrapper around SQLite::Database; the caller -// is expected to work with statement rows. -// -class PolicyDatabase : public SQLite::Database { -public: - PolicyDatabase(const char *path = NULL, int flags = SQLITE_OPEN_READONLY); - virtual ~PolicyDatabase(); - -public: - bool checkCache(CFURLRef path, AuthorityType type, SecAssessmentFlags flags, CFMutableDictionaryRef result); - -public: - void purgeAuthority(); - void purgeObjects(); - void purgeObjects(double priority);// - - void upgradeDatabase(); - std::string featureLevel(const char *feature); - bool hasFeature(const char *feature) { return !featureLevel(feature).empty(); } - void addFeature(const char *feature, const char *value, const char *remarks); - void simpleFeature(const char *feature, const char *sql); - void simpleFeature(const char *feature, void (^perform)()); - - void installExplicitSet(const char *auth, const char *sigs); - -private: - time_t mLastExplicitCheck; -}; - - -// -// Check the system-wide overriding flag file -// -bool overrideAssessment(SecAssessmentFlags flags = 0); -void setAssessment(bool masterSwitch); - -} // end namespace CodeSigning -} // end namespace Security - -#endif //_H_POLICYDB