]> git.saurik.com Git - apple/securityd.git/blob - src/process.h
securityd-32596.tar.gz
[apple/securityd.git] / src / process.h
1 /*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // process - track a single client process and its belongings
27 //
28 #ifndef _H_PROCESS
29 #define _H_PROCESS
30
31 #include "structure.h"
32 #include <security_agent_client/agentclient.h>
33 #include <security_utilities/refcount.h>
34 #include <security_utilities/ccaudit.h>
35 #include "localkey.h"
36 #include "codesigdb.h"
37 #include "notifications.h"
38 #include <string>
39
40 using MachPlusPlus::Port;
41 using MachPlusPlus::TaskPort;
42
43 class Session;
44 class LocalDatabase;
45 class AuthorizationToken;
46
47
48 //
49 // A Process object represents a UNIX process (and associated Mach Task) that has
50 // had contact with us and may have some state associated with it.
51 //
52 class Process : public PerProcess, public CodeSignatures::Identity {
53 public:
54 Process(Port servicePort, TaskPort tPort,
55 const ClientSetupInfo *info, const char *identity,
56 const CommonCriteria::AuditToken &audit);
57 virtual ~Process();
58
59 void reset(Port servicePort, TaskPort tPort,
60 const ClientSetupInfo *info, const char *identity,
61 const CommonCriteria::AuditToken &audit);
62
63 uid_t uid() const { return mUid; }
64 gid_t gid() const { return mGid; }
65 pid_t pid() const { return mPid; }
66 TaskPort taskPort() const { return mTaskPort; }
67 bool byteFlipped() const { return mByteFlipped; }
68
69 OSXCode *clientCode() const { return (mClientIdent == unknown) ? NULL : mClientCode; }
70
71 void addAuthorization(AuthorizationToken *auth);
72 void checkAuthorization(AuthorizationToken *auth);
73 bool removeAuthorization(AuthorizationToken *auth);
74
75 using PerProcess::kill;
76 void kill();
77
78 void changeSession(Port servicePort); // very special indeed
79
80 void requestNotifications(Port port, NotificationDomain domain, NotificationMask events);
81 void stopNotifications(Port port);
82
83 Session& session() const;
84
85 LocalDatabase &localStore();
86 Key *makeTemporaryKey(const CssmKey &key, CSSM_KEYATTR_FLAGS moreAttributes,
87 const AclEntryPrototype *owner);
88
89 // aclSequence is taken to serialize ACL validations to pick up mutual changes
90 Mutex aclSequence;
91
92 IFDUMP(void dumpNode());
93
94 protected:
95 std::string getPath() const;
96 const CssmData getHash(CodeSigning::OSXSigner &signer) const;
97
98 void setup(const ClientSetupInfo *info, const char *identity);
99
100 private:
101 // peer state: established during connection startup; fixed thereafter
102 TaskPort mTaskPort; // task port
103 bool mByteFlipped; // client's byte order is reverse of ours
104 pid_t mPid; // process id
105 uid_t mUid; // UNIX uid credential
106 gid_t mGid; // primary UNIX gid credential
107
108 RefPointer<OSXCode> mClientCode; // code object for client (NULL if unknown)
109 mutable enum { deferred, known, unknown } mClientIdent; // state of client identity
110 mutable auto_ptr<CodeSigning::Signature> mCachedSignature; // cached signature (if already known)
111
112 // authorization dictionary
113 typedef multiset<AuthorizationToken *> AuthorizationSet;
114 AuthorizationSet mAuthorizations; // set of valid authorizations for process
115
116 // canonical local (transient) key store
117 RefPointer<LocalDatabase> mLocalStore;
118 };
119
120
121 //
122 // Convenience comparison
123 //
124 inline bool operator == (const Process &p1, const Process &p2)
125 {
126 return &p1 == &p2;
127 }
128
129
130 #endif //_H_PROCESS