listing for C
cssm_IsFuncCallValid - Check secure linkage (CDSA)
# include <cdsa/cssm.h>
CSSM_RETURN CSSMAPI cssm_IsFuncCallValid
CSSM_PROC_ADDR SrcAddress, /* application */,
CSSM_BOOL * IsOK)
Common Security Services Manager library (libcssm.so)
The handle identifying the attach-session whose caller and callee
scope is being tested by this function.
An address to be tested for containment within the application that
requested and created the attach-session identified by the module
An address within a service module. The destination address must be
valid for the service provider associated with the attach-session
identified by the module handle.
The privilege value to be checked. Privilege checks apply to both
SrcAddress and DestAddress.
If non-NULL, the global privilege will be checked and returned in
A flag providing search hints.
CSSM_TRUE if success, CSSM_FALSE if fail.
This function checks secure linkage between an application and a service
module. Based on address scope of the application and the service module
associated with the attach handle, CSSM determines whether the SrcAddress
is within an associated application and DestAddress is within the
associated service module. The scope of the application and the service
module is determined by their respective signed manifest credentials, which
attest to the integrity of each entity.
This function uses the input privilege value InPriv to compare against the
privilege range associated with the ranges for SrcAddress and DestAddres.
The privilege check is performed when the InPriv privilege value is non-
NULL. If the EMM wants the global privilege value to be checked, InPriv is
zero and OutPriv is non-NULL. CSSM will return the privilege value in
OutPriv. If integrity only checks are to be performed, InPriv is zero and
OutPriv is NULL.
Another parameter called Hints is used to help CSSM efficiently perform the
integrity and privilege verification operations. Hints helps CSSM know
where to look to find the desired state information. In the regular case,
CSSM will look for SrcAddress in the CallerList and DestAddress in the
AttachList. For callback functions, the SrcAddress and DestAddress are
likely to be in AttachList.
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values represent
an error condition.
Errors are described in the CDSA technical standard. See CDSA_intro(3).
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
listing for C