securityd_client.h [plain text]
#ifndef _SECURITYD_CLIENT_H_
#define _SECURITYD_CLIENT_H_
#include <stdint.h>
# include <Security/SecTrust.h>
#ifndef MINIMIZE_INCLUDES
# include <Security/SecTrustStore.h>
# include <Security/SecCertificatePath.h>
#else
typedef struct __SecTrustStore *SecTrustStoreRef;
# ifndef _SECURITY_SECCERTIFICATE_H_
typedef struct __SecCertificate *SecCertificateRef;
# endif // _SECURITY_SECCERTIFICATE_H_
# ifndef _SECURITY_SECCERTIFICATEPATH_H_
typedef struct SecCertificatePath *SecCertificatePathRef;
# endif // _SECURITY_SECCERTIFICATEPATH_H_
#endif // MINIMIZE_INCLUDES
#include <CoreFoundation/CFArray.h>
#include <CoreFoundation/CFDictionary.h>
#include <CoreFoundation/CFError.h>
#include <SecureObjectSync/SOSCloudCircle.h>
#include <xpc/xpc.h>
#include <CoreFoundation/CFXPCBridge.h>
#if SECITEM_SHIM_OSX
#define kSecuritydXPCServiceName "com.apple.securityd.xpc"
#else
#define kSecuritydXPCServiceName "com.apple.securityd"
#endif // *** END SECITEM_SHIM_OSX ***
extern CFStringRef sSecXPCErrorDomain;
extern const char *kSecXPCKeyOperation;
extern const char *kSecXPCKeyResult;
extern const char *kSecXPCKeyError;
extern const char *kSecXPCKeyPeerInfos;
extern const char *kSecXPCKeyUserLabel;
extern const char *kSecXPCKeyBackup;
extern const char *kSecXPCKeyKeybag;
extern const char *kSecXPCKeyUserPassword;
#define SECURITYD_XPC(sdp, wrapper, ...) ((gSecurityd && gSecurityd->sdp) ? gSecurityd->sdp(__VA_ARGS__) : wrapper(sdp ## _id, __VA_ARGS__))
extern const char *kSecXPCKeyOperation;
extern const char *kSecXPCKeyResult;
extern const char *kSecXPCKeyError;
extern const char *kSecXPCKeyPeerInfos;
extern const char *kSecXPCKeyUserLabel;
extern const char *kSecXPCKeyUserPassword;
extern const char *kSecXPCLimitInMinutes;
extern const char *kSecXPCKeyQuery;
extern const char *kSecXPCKeyAttributesToUpdate;
extern const char *kSecXPCKeyDomain;
extern const char *kSecXPCKeyDigest;
extern const char *kSecXPCKeyCertificate;
extern const char *kSecXPCKeySettings;
enum SecXPCOperation {
sec_item_add_id,
sec_item_copy_matching_id,
sec_item_update_id,
sec_item_delete_id,
sec_trust_store_contains_id,
sec_trust_store_set_trust_settings_id,
sec_trust_store_remove_certificate_id,
sec_delete_all_id,
sec_trust_evaluate_id,
sec_keychain_backup_id,
sec_keychain_restore_id,
sec_keychain_sync_update_id,
sec_keychain_backup_syncable_id,
sec_keychain_restore_syncable_id,
sec_ota_pki_asset_version_id,
kSecXPCOpOTAPKIGetNewAsset,
kSecXPCOpOTAGetEscrowCertificates,
kSecXPCOpProcessUnlockNotification,
kSecXPCOpProcessSyncWithAllPeers,
kSecXPCOpTryUserCredentials,
kSecXPCOpSetUserCredentials,
kSecXPCOpCanAuthenticate,
kSecXPCOpPurgeUserCredentials,
kSecXPCOpDeviceInCircle,
kSecXPCOpRequestToJoin,
kSecXPCOpRequestToJoinAfterRestore,
kSecXPCOpResetToOffering,
kSecXPCOpResetToEmpty,
kSecXPCOpRemoveThisDeviceFromCircle,
kSecXPCOpBailFromCircle,
kSecXPCOpAcceptApplicants,
kSecXPCOpRejectApplicants,
kSecXPCOpCopyApplicantPeerInfo,
kSecXPCOpCopyPeerPeerInfo,
kSecXPCOpCopyConcurringPeerPeerInfo,
kSecXPCOpGetLastDepartureReason,
kSecXPCOpCopyIncompatibilityInfo
};
struct securityd {
bool (*sec_item_add)(CFDictionaryRef attributes, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef* error);
bool (*sec_item_copy_matching)(CFDictionaryRef query, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef* error);
bool (*sec_item_update)(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, CFArrayRef accessGroups, CFErrorRef* error);
bool (*sec_item_delete)(CFDictionaryRef query, CFArrayRef accessGroups, CFErrorRef* error);
SecTrustStoreRef (*sec_trust_store_for_domain)(CFStringRef domainName, CFErrorRef* error); bool (*sec_trust_store_contains)(SecTrustStoreRef ts, CFDataRef digest, bool *contains, CFErrorRef* error);
bool (*sec_trust_store_set_trust_settings)(SecTrustStoreRef ts, SecCertificateRef certificate, CFTypeRef trustSettingsDictOrArray, CFErrorRef* error);
bool (*sec_trust_store_remove_certificate)(SecTrustStoreRef ts, CFDataRef digest, CFErrorRef* error);
bool (*sec_truststore_remove_all)(SecTrustStoreRef ts, CFErrorRef* error); bool (*sec_item_delete_all)(CFErrorRef* error);
SecTrustResultType (*sec_trust_evaluate)(CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, CFArrayRef policies, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, CFArrayRef *details, CFDictionaryRef *info, SecCertificatePathRef *chain, CFErrorRef *error);
CFDataRef (*sec_keychain_backup)(CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
bool (*sec_keychain_restore)(CFDataRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
bool (*sec_keychain_sync_update)(CFDictionaryRef update, CFErrorRef *error);
CFDictionaryRef (*sec_keychain_backup_syncable)(CFDictionaryRef backup_in, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
bool (*sec_keychain_restore_syncable)(CFDictionaryRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
int (*sec_ota_pki_asset_version)(CFErrorRef* error);
bool (*soscc_TryUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
bool (*soscc_SetUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
bool (*soscc_CanAuthenticate)(CFErrorRef *error);
bool (*soscc_PurgeUserCredentials)(CFErrorRef *error);
SOSCCStatus (*soscc_ThisDeviceIsInCircle)(CFErrorRef* error);
bool (*soscc_RequestToJoinCircle)(CFErrorRef* error);
bool (*soscc_RequestToJoinCircleAfterRestore)(CFErrorRef* error);
bool (*soscc_ResetToOffering)(CFErrorRef* error);
bool (*soscc_ResetToEmpty)(CFErrorRef* error);
bool (*soscc_RemoveThisDeviceFromCircle)(CFErrorRef* error);
bool (*soscc_BailFromCircle)(uint64_t limit_in_seconds, CFErrorRef* error);
bool (*soscc_AcceptApplicants)(CFArrayRef applicants, CFErrorRef* error);
bool (*soscc_RejectApplicants)(CFArrayRef applicants, CFErrorRef* error);
CFArrayRef (*soscc_CopyApplicantPeerInfo)(CFErrorRef* error);
CFArrayRef (*soscc_CopyPeerInfo)(CFErrorRef* error);
CFArrayRef (*soscc_CopyConcurringPeerInfo)(CFErrorRef* error);
CFStringRef (*soscc_CopyIncompatibilityInfo)(CFErrorRef* error);
enum DepartureReason (*soscc_GetLastDepartureReason)(CFErrorRef* error);
CFArrayRef (*ota_CopyEscrowCertificates)(CFErrorRef* error);
int (*sec_ota_pki_get_new_asset)(CFErrorRef* error);
SyncWithAllPeersReason (*soscc_ProcessSyncWithAllPeers)(CFErrorRef* error);
};
extern struct securityd *gSecurityd;
CFArrayRef SecAccessGroupsGetCurrent(void);
CFStringRef SOSCCGetOperationDescription(enum SecXPCOperation op);
xpc_object_t securityd_message_with_reply_sync(xpc_object_t message, CFErrorRef *error);
xpc_object_t securityd_create_message(enum SecXPCOperation op, CFErrorRef *error);
bool securityd_message_no_error(xpc_object_t message, CFErrorRef *error);
bool securityd_send_sync_and_do(enum SecXPCOperation op, CFErrorRef *error,
bool (^add_to_message)(xpc_object_t message, CFErrorRef* error),
bool (^handle_response)(xpc_object_t response, CFErrorRef* error));
void SecServerSetMachServiceName(const char *name);
#endif