]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurityd/lib/ssblob.cpp
Security-57337.50.23.tar.gz
[apple/security.git] / OSX / libsecurityd / lib / ssblob.cpp
index 2a47bd26ae6a1bc3c0f00ec09a01b7b4c63aa660..a758dc3b5a840bc8210f3d4cfc62fe19e7c0c80f 100644 (file)
 namespace Security {
 namespace SecurityServer {
 
+uint32 CommonBlob::getCurrentVersion() {
+  uint32 ret = version_MacOS_10_0;
+  // If the integrity protections are turned on, use version_partition.
+  // else, use version_MacOS_10_0.
+  CFTypeRef integrity = (CFNumberRef)CFPreferencesCopyValue(CFSTR("KeychainIntegrity"), CFSTR("com.apple.security"), kCFPreferencesAnyUser, kCFPreferencesCurrentHost);
+  if (integrity && CFGetTypeID(integrity) == CFBooleanGetTypeID()) {
+    bool integrityProtections = CFBooleanGetValue((CFBooleanRef)integrity);
+
+    if(integrityProtections) {
+      secdebugfunc("integrity", "creating a partition keychain; global is on");
+      ret = version_partition;
+    } else {
+      secdebugfunc("integrity", "creating a old-style keychain; global is off");
+      ret = version_MacOS_10_0;
+    }
+    CFRelease(integrity);
+  }
+
+  return ret;
+}
+
+
+void CommonBlob::initialize()
+{
+    magic = magicNumber;
+
+    this->blobVersion = getCurrentVersion();
+}
 
 //
 // Initialize the blob header for a given version
@@ -38,6 +66,8 @@ namespace SecurityServer {
 void CommonBlob::initialize(uint32 version)
 {
     magic = magicNumber;
+
+    secdebugfunc("integrity", "creating a partition keychain with version %d", version);
     this->blobVersion = version;
 }