Cradicle Explorer
darling-security
/ securityd / src / acls.h
acls.h
  1  /*
  2   * Copyright (c) 2000-2001,2003-2007,2011 Apple Inc. All Rights Reserved.
  3   * 
  4   * @APPLE_LICENSE_HEADER_START@
  5   * 
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   * 
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   * 
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  
 24  
 25  //
 26  // acls - securityd ACL implementation
 27  //
 28  // These classes implement securityd's local ACL machine in terms of the generic
 29  // ObjectAcl model. In particular, they define securityd's AclValidationEnvironment,
 30  // which hooks the real-world state into the abstract AclSubject submachines.
 31  //
 32  // Note that these classes are *complete* but *extendable*. The default implementation
 33  // uses unmodified local ObjectAcl state. Subclasses (and certain AclSubjects) may delegate
 34  // validation to outside agents (such as a tokend) and thus act as caching forwarding agents.
 35  // Don't assume.
 36  //
 37  #ifndef _H_ACLS
 38  #define _H_ACLS
 39  
 40  #include <securityd_client/sscommon.h>
 41  #include <security_cdsa_utilities/cssmacl.h>
 42  #include <security_cdsa_utilities/context.h>
 43  #include <security_cdsa_utilities/acl_process.h>
 44  #include <security_cdsa_utilities/acl_codesigning.h>
 45  #include <security_cdsa_utilities/acl_secret.h>
 46  #include <security_cdsa_utilities/acl_preauth.h>
 47  #include <security_cdsa_utilities/acl_prompted.h>
 48  #include <security_cdsa_utilities/acl_threshold.h>
 49  #include "acl_partition.h"
 50  
 51  using namespace SecurityServer;
 52  
 53  
 54  class Connection;
 55  class Database;
 56  class Process;
 57  class SecurityServerEnvironment;
 58  
 59  
 60  //
 61  // Interesting entitlements
 62  //
 63  static const char migrationEntitlement[] = "com.apple.private.security.allow-migration";
 64  
 65  
 66  //
 67  // ACL implementation as used by the SecurityServer
 68  //
 69  class SecurityServerAcl : public ObjectAcl {
 70  public:
 71  	SecurityServerAcl() : ObjectAcl(Allocator::standard()), aclSequence(Mutex::recursive) { }
 72  	virtual ~SecurityServerAcl();
 73  
 74      // validation calls restated
 75  	virtual void validate(AclAuthorization auth, const AccessCredentials *cred, Database *relatedDatabase);
 76  	void validate(AclAuthorization auth, const Context &context, Database *relatedDatabase);
 77  
 78  	// CSSM layer ACL calls
 79  	virtual void getOwner(AclOwnerPrototype &owner);
 80  	virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
 81      virtual void changeAcl(const AclEdit &edit, const AccessCredentials *cred,
 82  		Database *relatedDatabase);
 83  	virtual void changeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred,
 84  		Database *relatedDatabase);
 85  	
 86  	// to be provided by implementations
 87  	virtual AclKind aclKind() const = 0;
 88  	
 89  	// a helper to (try to) add an ACL to a "standard form" item ACL
 90  	static bool addToStandardACL(const AclValidationContext &context, AclSubject *subject);
 91  	static bool looksLikeLegacyDotMac(const AclValidationContext &context);
 92  	
 93  	bool createClientPartitionID(Process& process);
 94  	bool addClientPartitionID(Process& process);
 95  	
 96  	// implicit partitioning support
 97  	PartitionAclSubject* findPartitionSubject();
 98  	CFDictionaryRef createPartitionPayload();
 99  
100  	// aclSequence is taken to serialize ACL validations to pick up mutual changes
101  	Mutex aclSequence;
102  	
103  private:
104  	void validatePartition(SecurityServerEnvironment& env, bool prompt);
105  	bool extendPartition(SecurityServerEnvironment& env);
106  };
107  
108  
109  //
110  // Our implementation of an ACL validation environment uses information
111  // derived from a Connection object. It implements context for a fair number
112  // of subject types (see the inheritance list below).
113  //
114  class SecurityServerEnvironment : public virtual AclValidationEnvironment,
115      public virtual ProcessAclSubject::Environment,
116  	public virtual CodeSignatureAclSubject::Environment,
117  	public virtual SecretAclSubject::Environment,
118  	public virtual PromptedAclSubject::Environment,
119  	public virtual PreAuthorizationAcls::Environment {
120  public:
121      SecurityServerEnvironment(SecurityServerAcl &baseAcl, Database *db)
122      : acl(baseAcl), database(db) { }
123  	
124  	SecurityServerAcl &acl;
125  	Database * const database;
126      
127  	// personalities
128      uid_t getuid() const;
129      gid_t getgid() const;
130  	pid_t getpid() const;
131  	bool verifyCodeSignature(const OSXVerifier &verifier, const AclValidationContext &context);
132  	bool validateSecret(const SecretAclSubject *me, const AccessCredentials *cred);
133  	bool getSecret(CssmOwnedData &secret, const CssmData &prompt) const;
134  	ObjectAcl *preAuthSource();
135  	Adornable &store(const AclSubject *subject);
136  	
137  	// subject editing
138  	ThresholdAclSubject *standardSubject(const AclValidationContext &context);
139  };
140  
141  
142  //
143  // An abstract source of a SecurityServerAcl.
144  // There is a default implementation, which throws OBJECT_ACL_NOT_SUPPORTED.
145  //
146  class AclSource {
147  protected:
148  	AclSource() { }
149  	virtual ~AclSource();
150  	
151  public:
152  	virtual SecurityServerAcl &acl();	// defaults to "no ACL; throw exception"
153  	virtual Database *relatedDatabase(); // optionally, a Database related to me
154  
155  	//
156      // Forward ACL calls, passing some locally obtained stuff along.
157  	// These are virtual so an AclSource can override them. Such overrides
158  	// should enhance/post-process rather than replace functionality.
159  	//
160  	virtual void getOwner(AclOwnerPrototype &owner)
161  	{ return acl().getOwner(owner); }
162  	virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
163  	{ return acl().getAcl(tag, count, acls); }
164  	virtual void changeAcl(const AclEdit &edit, const AccessCredentials *cred)
165  	{ return acl().changeAcl(edit, cred, relatedDatabase()); }
166  	virtual void changeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred)
167  	{ return acl().changeOwner(newOwner, cred, relatedDatabase()); }
168  	virtual void validate(AclAuthorization auth, const AccessCredentials *cred, Database* relatedDb = NULL)
169      { acl().validate(auth, cred, relatedDb ? relatedDb : relatedDatabase()); }
170  	virtual void validate(AclAuthorization auth, const Context &context, Database* relatedDb = NULL)
171  	{ acl().validate(auth, context, relatedDb ? relatedDb : relatedDatabase()); }
172  };
173  
174  
175  #endif //_H_ACLS