3 // seckeychainnetworkextensionunauthorizedaccesstest
5 // Created by Luke Hiesterman on 2/23/17.
8 #import <Foundation/Foundation.h>
9 #import <Security/Security.h>
10 #import <Security/SecItemPriv.h>
13 static NSString* NetworkExtensionPersistentRefSharingAccessGroup = @"com.apple.NetworkExtensionPersistentRefSharingAccessGroup";
14 static NSString* TestAccount = @"MyTestAccount";
16 int main(int argc, const char* argv[])
19 NSMutableDictionary* attributes = [NSMutableDictionary dictionary];
20 attributes[(__bridge NSString*)kSecClass] = (__bridge NSString*)kSecClassGenericPassword;
21 attributes[(__bridge NSString*)kSecAttrAccessGroup] = NetworkExtensionPersistentRefSharingAccessGroup;
22 attributes[(__bridge NSString*)kSecAttrAccount] = TestAccount;
23 attributes[(__bridge NSString*)kSecReturnData] = @YES;
24 attributes[(__bridge NSString*)kSecUseDataProtectionKeychain] = @YES;
26 CFTypeRef persistentRefData = NULL;
27 OSStatus result = SecItemCopyMatching((__bridge CFDictionaryRef)attributes, &persistentRefData);
28 if (result != 0 || !persistentRefData) {
29 NSLog(@"got an error: %d", (int)result);
30 errx(1, "failed to retrieve persistent ref data from keychain");
33 attributes = [NSMutableDictionary dictionary];
34 attributes[(__bridge NSString*)kSecClass] = (__bridge NSString*)kSecClassGenericPassword;
35 attributes[(__bridge NSString*)kSecValuePersistentRef] = (__bridge NSData*)persistentRefData;
36 attributes[(__bridge NSString*)kSecReturnData] = @YES;
37 attributes[(__bridge NSString*)kSecUseDataProtectionKeychain] = @YES;
39 CFTypeRef passwordData = NULL;
40 result = SecItemCopyMatching((__bridge CFDictionaryRef)attributes, &passwordData);
41 if (result == 0 && passwordData) {
42 errx(1, "failed to block unentitled app from accessing network extension keychain item");
45 NSLog(@"successfully blocked unentitled app from accessing network extension keychain item");
projects / apple / security.git / blob