NAME    [Toc]    [Back]

       cssm_IsFuncCallValid - Check secure linkage (CDSA)

SYNOPSIS    [Toc]    [Back]

       # include <cdsa/cssm.h>

       CSSM_RETURN CSSMAPI cssm_IsFuncCallValid (CSSM_MODULE_HANDLE
 hAddin, CSSM_PROC_ADDR SrcAddress, /* application  */,
       CSSM_PROC_ADDR    DestAddress,    CSSM_PRIVILEGE   InPriv,
       CSSM_PRIVILEGE *OutPriv, CSSM_BITMASK Hints,  CSSM_BOOL  *
       IsOK)

LIBRARY    [Toc]    [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS    [Toc]    [Back]

       The handle identifying the attach-session whose caller and
       callee scope is being tested by this function.  An address
       to  be  tested for containment within the application that
       requested and created the attach-session identified by the
       module  handle.   An  address within a service module. The
       destination address must be valid for the service provider
       associated  with the attach-session identified by the module
 handle.  The privilege value to be checked.  Privilege
       checks  apply to both SrcAddress and DestAddress.  If nonNULL,
 the global privilege will be checked and returned in
       OutPriv.   A  flag  providing  search hints.  CSSM_TRUE if
       success, CSSM_FALSE if fail.

DESCRIPTION    [Toc]    [Back]

       This function checks secure linkage between an application
       and a service module. Based on address scope of the application
 and the service module associated with  the  attach
       handle,  CSSM  determines whether the SrcAddress is within
       an associated application and DestAddress  is  within  the
       associated  service  module.  The scope of the application
       and the service module is determined by  their  respective
       signed manifest credentials, which attest to the integrity
       of each entity.

       This function uses the input  privilege  value  InPriv  to
       compare  against  the  privilege range associated with the
       ranges for SrcAddress and DestAddres. The privilege  check
       is  performed when the InPriv privilege value is non-NULL.
       If the EMM wants the global privilege value to be checked,
       InPriv  is  zero and OutPriv is non-NULL. CSSM will return
       the privilege value in OutPriv. If integrity  only  checks
       are to be performed, InPriv is zero and OutPriv is NULL.

       Another  parameter called Hints is used to help CSSM efficiently
 perform the integrity and  privilege  verification
       operations.   Hints  helps CSSM know where to look to find
       the desired state information.  In the regular case,  CSSM
       will look for SrcAddress in the CallerList and DestAddress
       in the AttachList. For callback functions, the  SrcAddress
       and DestAddress are likely to be in AttachList.

RETURN VALUE    [Toc]    [Back]

       A  CSSM_RETURN  value  indicating  success or specifying a
       particular error condition. The  value  CSSM_OK  indicates
       success. All other values represent an error condition.

ERRORS    [Toc]    [Back]

       Errors  are described in the CDSA technical standard.  See
       CDSA_intro(3).

SEE ALSO    [Toc]    [Back]

       Books

       Intel   CDSA   Application    Developer's    Guide    (see
       CDSA_intro(3))

       Reference Pages    [Toc]    [Back]




                                          cssm_IsFuncCallValid(3)