1/* 2 * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25// 26// acl_process - Process-attribute ACL subject type. 27// 28// NOTE: 29// The default Environment provides data about the current process (the one that 30// validate() is run in). If this isn't right for you (e.g. because you want to 31// validate against a process on the other side of some IPC connection), you must 32// make your own version of Environment and pass it to validate(). 33// 34#ifndef _ACL_PROCESS 35#define _ACL_PROCESS 36 37#include <security_cdsa_utilities/cssmacl.h> 38#include <string> 39 40namespace Security 41{ 42 43class AclProcessSubjectSelector 44 : public PodWrapper<AclProcessSubjectSelector, CSSM_ACL_PROCESS_SUBJECT_SELECTOR> { 45public: 46 AclProcessSubjectSelector() 47 { version = CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION; mask = 0; } 48 49 bool uses(uint32 m) const { return mask & m; } 50}; 51 52 53// 54// The ProcessAclSubject matches process attributes securely identified 55// by the system across IPC channels. 56// 57class ProcessAclSubject : public AclSubject { 58public: 59 bool validate(const AclValidationContext &baseCtx) const; 60 CssmList toList(Allocator &alloc) const; 61 62 ProcessAclSubject(const AclProcessSubjectSelector &selector) 63 : AclSubject(CSSM_ACL_SUBJECT_TYPE_PROCESS), 64 select(selector) { } 65 66 void exportBlob(Writer::Counter &pub, Writer::Counter &priv); 67 void exportBlob(Writer &pub, Writer &priv); 68 69 IFDUMP(void debugDump() const); 70 71public: 72 class Environment : public virtual AclValidationEnvironment { 73 public: 74 virtual uid_t getuid() const; // retrieve effective userid to match 75 virtual gid_t getgid() const; // retrieve effective groupid to match 76 }; 77 78public: 79 class Maker : public AclSubject::Maker { 80 public: 81 Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PROCESS) { } 82 ProcessAclSubject *make(const TypedList &list) const; 83 ProcessAclSubject *make(Version, Reader &pub, Reader &priv) const; 84 }; 85 86private: 87 AclProcessSubjectSelector select; 88}; 89 90} // end namespace Security 91 92 93#endif //_ACL_PROCESS 94