Index Index for
Section 3
Index Alphabetical
listing for C
Bottom of page Bottom of
page		 

cssm_IsFuncCallValid(3)


NAME

  cssm_IsFuncCallValid - Check secure linkage (CDSA)


SYNOPSIS

  # include <cdsa/cssm.h>

       CSSM_RETURN CSSMAPI cssm_IsFuncCallValid
       (CSSM_MODULE_HANDLE hAddin,
       CSSM_PROC_ADDR SrcAddress, /* application */,
       CSSM_PROC_ADDR DestAddress,
       CSSM_PRIVILEGE InPriv,
       CSSM_PRIVILEGE *OutPriv,
       CSSM_BITMASK Hints,
       CSSM_BOOL * IsOK)


LIBRARY

  Common Security Services Manager library (libcssm.so)


PARAMETERS

  hAddIn (input)
	  The handle identifying the attach-session whose caller and callee
	  scope is being tested by this function.

  SrcAddress (input/optional)
	  An address to be tested for containment within the application that
	  requested and created the attach-session identified by the module
	  handle.

  DestAddress (input/optional)
	  An address within a service module. The destination address must be
	  valid for the service provider associated with the attach-session
	  identified by the module handle.

  InPriv (input)
	  The privilege value to be checked. Privilege checks apply to both
	  SrcAddress and DestAddress.

  OutPriv (output)
	  If non-NULL, the global privilege will be checked and returned in
	  OutPriv.

  Hints (input)
	  A flag providing search hints.

  IsOK (output)
	  CSSM_TRUE if success, CSSM_FALSE if fail.


DESCRIPTION

  This function checks secure linkage between an application and a service
  module. Based on address scope of the application and the service module
  associated with the attach handle, CSSM determines whether the SrcAddress
  is within an associated application and DestAddress is within the
  associated service module. The scope of the application and the service
  module is determined by their respective signed manifest credentials, which
  attest to the integrity of each entity.

  This function uses the input privilege value InPriv to compare against the
  privilege range associated with the ranges for SrcAddress and DestAddres.
  The privilege check is performed when the InPriv privilege value is non-
  NULL.	 If the EMM wants the global privilege value to be checked, InPriv is
  zero and OutPriv is non-NULL. CSSM will return the privilege value in
  OutPriv. If integrity only checks are to be performed, InPriv is zero and
  OutPriv is NULL.

  Another parameter called Hints is used to help CSSM efficiently perform the
  integrity and privilege verification operations.  Hints helps CSSM know
  where to look to find the desired state information.	In the regular case,
  CSSM will look for SrcAddress in the CallerList and DestAddress in the
  AttachList. For callback functions, the SrcAddress and DestAddress are
  likely to be in AttachList.


RETURN VALUE

  A CSSM_RETURN value indicating success or specifying a particular error
  condition. The value CSSM_OK indicates success. All other values represent
  an error condition.


ERRORS

  Errors are described in the CDSA technical standard.	See CDSA_intro(3).


SEE ALSO

  Books

  Intel CDSA Application Developer's Guide (see CDSA_intro(3))

  Reference Pages

Index Index for
Section 3
Index Alphabetical
listing for C
Top of page Top of
page