#include <security_keychain/Access.h>
#include <security_keychain/SecAccessPriv.h>
+#include <os/activity.h>
+
#include "SecBridge.h"
// Forward reference
SecACLRef *newAcl)
{
BEGIN_SECAPI
+ os_activity_t activity = os_activity_create("SecACLCreateFromSimpleContents", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+ os_activity_scope(activity);
+ os_release(activity);
SecPointer<Access> access = Access::required(accessRef);
- SecPointer<ACL> acl = new ACL(*access, cfString(description), *promptSelector);
+ SecPointer<ACL> acl = new ACL(cfString(description), *promptSelector);
if (applicationList) {
// application-list + prompt
acl->form(ACL::appListForm);
OSStatus SecACLRemove(SecACLRef aclRef)
{
BEGIN_SECAPI
+ os_activity_t activity = os_activity_create("SecACLRemove", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+ os_activity_scope(activity);
+ os_release(activity);
ACL::required(aclRef)->remove();
END_SECAPI
}
break;
case ACL::appListForm:
Required(applicationList) =
- makeCFArray(convert, acl->applications());
+ makeCFArrayFrom(convert, acl->applications());
Required(promptDescription) = makeCFString(acl->promptDescription());
Required(promptSelector) = acl->promptSelector();
break;
+ case ACL::integrityForm:
+ Required(applicationList) = NULL;
+ Required(promptDescription) = makeCFString(acl->integrity().toHex());
+
+ // We don't have a prompt selector. Nullify.
+ Required(promptSelector).version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION;
+ Required(promptSelector).flags = 0;
+ break;
default:
return errSecACLNotSimple; // custom or unknown
}
CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
{
BEGIN_SECAPI
+ os_activity_t activity = os_activity_create("SecACLSetSimpleContents", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+ os_activity_scope(activity);
+ os_release(activity);
SecPointer<ACL> acl = ACL::required(aclRef);
- acl->promptDescription() = description ? cfString(description) : "";
+ if(acl->form() == ACL::integrityForm) {
+ // If this is an integrity ACL, route the (unhexified) promptDescription into the right place
+ string hex = cfString(description);
+ if(hex.length() %2 == 0) {
+ // might be a valid hex string, try to set
+ CssmAutoData data(Allocator::standard());
+ data.malloc(hex.length() / 2);
+ data.get().fromHex(hex.c_str());
+ acl->setIntegrity(data);
+ }
+ } else {
+ // Otherwise, put it in the promptDescription where it belongs
+ acl->promptDescription() = description ? cfString(description) : "";
+ }
acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector;
- if (applicationList) {
- // application-list + prompt
- acl->form(ACL::appListForm);
- setApplications(acl, applicationList);
- } else {
- // allow-any
- acl->form(ACL::allowAllForm);
+ if(acl->form() != ACL::integrityForm) {
+ if (applicationList) {
+ // application-list + prompt
+ acl->form(ACL::appListForm);
+ setApplications(acl, applicationList);
+ } else {
+ // allow-any
+ acl->form(ACL::allowAllForm);
+ }
}
acl->modify();
END_SECAPI
strings[iCnt] = (CFTypeRef)GetAuthStringFromACLAuthorizationTag(tags[iCnt]);
}
- result = CFArrayCreate(kCFAllocatorDefault, (const void **)strings, numAuths, NULL);
+ result = CFArrayCreate(kCFAllocatorDefault, (const void **)strings, numAuths, &kCFTypeArrayCallBacks);
delete[] strings;
delete[] tags;
CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount)
{
BEGIN_SECAPI
+ os_activity_t activity = os_activity_create("SecACLSetAuthorizations", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+ os_activity_scope(activity);
+ os_release(activity);
SecPointer<ACL> acl = ACL::required(aclRef);
if (acl->isOwner()) // can't change rights of the owner ACL
MacOSError::throwMe(errSecInvalidOwnerEdit);
projects / apple / security.git / blobdiff