X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/ed6778a32ecff23bc2dfb6ca452badd0c68774a0..563f4f96f568bcdc0a04a82f89cafe3bebbe43f1:/cdsa/cdsa_utilities/acl_process.cpp diff --git a/cdsa/cdsa_utilities/acl_process.cpp b/cdsa/cdsa_utilities/acl_process.cpp deleted file mode 100644 index 3dac7618..00000000 --- a/cdsa/cdsa_utilities/acl_process.cpp +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_process - Process-attribute ACL subject type. -// -#include -#include -#include - - -// -// Validate a credential set against this subject. -// No credential is required for this match. -// -bool ProcessAclSubject::validate(const AclValidationContext &context) const -{ - // reality check (internal structure was validated when created) - assert(select.uses(CSSM_ACL_MATCH_BITS)); - - // access the environment - Environment *env = context.environment(); - if (env == NULL) { - static Environment localEnvironment; - env = &localEnvironment; - } - - // match uid - if (select.uses(CSSM_ACL_MATCH_UID)) { - uid_t uid = env->getuid(); - if (!(uid == select.uid || (select.uses(CSSM_ACL_MATCH_HONOR_ROOT) && uid == 0))) - return false; - } - - // match gid - if (select.uses(CSSM_ACL_MATCH_GID) && select.gid != env->getgid()) - return false; - - return true; -} - - -// -// Make a copy of this subject in CSSM_LIST form -// -CssmList ProcessAclSubject::toList(CssmAllocator &alloc) const -{ - // all associated data is public (no secrets) - //@@@ ownership of selector data is murky; revisit after leak-plugging pass - CssmData sData(memcpy(alloc.alloc(), - &select, sizeof(select)), sizeof(select)); - return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PROCESS, - new(alloc) ListElement(sData)); -} - - -// -// Create a ProcessAclSubject -// -ProcessAclSubject *ProcessAclSubject::Maker::make(const TypedList &list) const -{ - // crack input apart - ListElement *selectorData; - crack(list, 1, &selectorData, CSSM_LIST_ELEMENT_DATUM); - AclProcessSubjectSelector selector; - selectorData->extract(selector); - - // validate input - if (selector.version != CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - if (!selector.uses(CSSM_ACL_MATCH_BITS)) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - - // okay - return new ProcessAclSubject(selector); -} - -ProcessAclSubject *ProcessAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const -{ - AclProcessSubjectSelector selector; pub(selector); - n2hi(selector.version); - n2hi(selector.mask); - n2hi(selector.uid); - n2hi(selector.gid); - return new ProcessAclSubject(selector); -} - - -// -// Export the subject to a memory blob -// -void ProcessAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) -{ - pub(select); -} - -void ProcessAclSubject::exportBlob(Writer &pub, Writer &priv) -{ - AclProcessSubjectSelector temp; - temp.version = h2n (select.version); - temp.mask = h2n (select.mask); - temp.uid = h2n (select.uid); - temp.gid = h2n (select.gid); - pub(temp); -} - - -// -// Implement the default methods of a ProcessEnvironment -// -uid_t ProcessAclSubject::Environment::getuid() const -{ - return ::getuid(); -} - -gid_t ProcessAclSubject::Environment::getgid() const -{ - return ::getgid(); -} - - -#ifdef DEBUGDUMP - -void ProcessAclSubject::debugDump() const -{ - Debug::dump("Process "); - if (select.uses(CSSM_ACL_MATCH_UID)) { - Debug::dump("uid=%d", int(select.uid)); - if (select.uses(CSSM_ACL_MATCH_HONOR_ROOT)) - Debug::dump("+root"); - } - if (select.uses(CSSM_ACL_MATCH_GID)) - Debug::dump("gid=%d", int(select.gid)); -} - -#endif //DEBUGDUMP