process.h
1 /* 2 * Copyright (c) 2000-2009 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25 // 26 // process - track a single client process and its belongings 27 // 28 #ifndef _H_PROCESS 29 #define _H_PROCESS 30 31 #include "structure.h" 32 #include "session.h" 33 #include <security_utilities/refcount.h> 34 #include <security_utilities/ccaudit.h> 35 #include "clientid.h" 36 #include "localkey.h" 37 #include "notifications.h" 38 #include <string> 39 40 using MachPlusPlus::Port; 41 using MachPlusPlus::TaskPort; 42 43 class Session; 44 class LocalDatabase; 45 class AuthorizationToken; 46 47 48 // 49 // A Process object represents a UNIX process (and associated Mach Task) that has 50 // had contact with us and may have some state associated with it. It primarily tracks 51 // the process nature of the client. Individual threads in the client are tracked by 52 // Connection objects. 53 // 54 // ClientIdentification tracks the identity of guests in the client *as securityd clients*. 55 // It is concerned with which guest is asking for securityd services, and whether this 56 // should be granted. 57 // 58 class Process : public PerProcess, 59 public ClientIdentification{ 60 public: 61 Process(TaskPort tPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit); 62 virtual ~Process(); 63 64 void reset(TaskPort tPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit); 65 66 uid_t uid() const { return mUid; } 67 gid_t gid() const { return mGid; } 68 pid_t pid() const { return mPid; } 69 Security::CommonCriteria::AuditToken const &audit_token() const { return mAudit; } 70 TaskPort taskPort() const { return mTaskPort; } 71 bool byteFlipped() const { return mByteFlipped; } 72 73 using PerProcess::kill; 74 void kill(); 75 76 void changeSession(Session::SessionId sessionId); 77 78 Session& session() const; 79 void checkSession(const audit_token_t &auditToken); 80 81 LocalDatabase &localStore(); 82 Key *makeTemporaryKey(const CssmKey &key, CSSM_KEYATTR_FLAGS moreAttributes, 83 const AclEntryPrototype *owner); 84 85 // aclSequence is taken to serialize ACL validations to pick up mutual changes 86 Mutex aclSequence; 87 88 // Dumping is buggy and only hurts debugging. It's dead Jim. 89 //IFDUMP(void dumpNode()); 90 91 private: 92 void setup(const ClientSetupInfo *info); 93 94 private: 95 // peer state: established during connection startup; fixed thereafter 96 TaskPort mTaskPort; // task port 97 bool mByteFlipped; // client's byte order is reverse of ours 98 pid_t mPid; // process id 99 uid_t mUid; // UNIX uid credential 100 gid_t mGid; // primary UNIX gid credential 101 102 Security::CommonCriteria::AuditToken const mAudit; // audit token 103 104 // canonical local (transient) key store 105 RefPointer<LocalDatabase> mLocalStore; 106 }; 107 108 109 // 110 // Convenience comparison 111 // 112 inline bool operator == (const Process &p1, const Process &p2) 113 { 114 return &p1 == &p2; 115 } 116 117 118 #endif //_H_PROCESS