]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_keychain/lib/SecACL.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59306.61.1.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / SecACL.cpp
diff --git a/OSX/libsecurity_keychain/lib/SecACL.cpp b/OSX/libsecurity_keychain/lib/SecACL.cpp
index 335c6cf9c8453eb3b7cb73350fa5b5feeddc4f94..5e5dbb7b3a5701b5ef2e05de304b73884930c10b 100644 (file)
--- a/OSX/libsecurity_keychain/lib/SecACL.cpp
+++ b/OSX/libsecurity_keychain/lib/SecACL.cpp
@@ -26,6 +26,8 @@
 #include <security_keychain/Access.h>
 #include <security_keychain/SecAccessPriv.h>
 
 #include <security_keychain/Access.h>
 #include <security_keychain/SecAccessPriv.h>
 
+#include <os/activity.h>
+
 #include "SecBridge.h"
 
 // Forward reference
 #include "SecBridge.h"
 
 // Forward reference
@@ -63,8 +65,11 @@ OSStatus SecACLCreateFromSimpleContents(SecAccessRef accessRef,
        SecACLRef *newAcl)
 {
        BEGIN_SECAPI
        SecACLRef *newAcl)
 {
        BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecACLCreateFromSimpleContents", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
        SecPointer<Access> access = Access::required(accessRef);
        SecPointer<Access> access = Access::required(accessRef);
-       SecPointer<ACL> acl = new ACL(*access, cfString(description), *promptSelector);
+       SecPointer<ACL> acl = new ACL(cfString(description), *promptSelector);
        if (applicationList) {
                // application-list + prompt
                acl->form(ACL::appListForm);
        if (applicationList) {
                // application-list + prompt
                acl->form(ACL::appListForm);
@@ -96,6 +101,9 @@ OSStatus SecACLCreateWithSimpleContents(SecAccessRef access,
 OSStatus SecACLRemove(SecACLRef aclRef)
 {
        BEGIN_SECAPI
 OSStatus SecACLRemove(SecACLRef aclRef)
 {
        BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecACLRemove", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
        ACL::required(aclRef)->remove();
        END_SECAPI
 }
        ACL::required(aclRef)->remove();
        END_SECAPI
 }
@@ -125,10 +133,18 @@ OSStatus SecACLCopySimpleContents(SecACLRef aclRef,
                break;
        case ACL::appListForm:
                Required(applicationList) =
                break;
        case ACL::appListForm:
                Required(applicationList) =
-                       makeCFArray(convert, acl->applications());
+                       makeCFArrayFrom(convert, acl->applications());
                Required(promptDescription) = makeCFString(acl->promptDescription());
                Required(promptSelector) = acl->promptSelector();
                break;
                Required(promptDescription) = makeCFString(acl->promptDescription());
                Required(promptSelector) = acl->promptSelector();
                break;
+    case ACL::integrityForm:
+        Required(applicationList) = NULL;
+        Required(promptDescription) = makeCFString(acl->integrity().toHex());
+
+        // We don't have a prompt selector. Nullify.
+        Required(promptSelector).version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION;
+        Required(promptSelector).flags = 0;
+        break;
        default:
                return errSecACLNotSimple;              // custom or unknown
        }
        default:
                return errSecACLNotSimple;              // custom or unknown
        }
@@ -154,16 +170,34 @@ OSStatus SecACLSetSimpleContents(SecACLRef aclRef,
        CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
 {
        BEGIN_SECAPI
        CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
 {
        BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecACLSetSimpleContents", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
        SecPointer<ACL> acl = ACL::required(aclRef);
        SecPointer<ACL> acl = ACL::required(aclRef);
-       acl->promptDescription() = description ? cfString(description) : "";
+    if(acl->form() == ACL::integrityForm) {
+        // If this is an integrity ACL, route the (unhexified) promptDescription into the right place
+        string hex = cfString(description);
+        if(hex.length() %2 == 0) {
+            // might be a valid hex string, try to set
+            CssmAutoData data(Allocator::standard());
+            data.malloc(hex.length() / 2);
+            data.get().fromHex(hex.c_str());
+            acl->setIntegrity(data);
+        }
+    } else {
+        // Otherwise, put it in the promptDescription where it belongs
+        acl->promptDescription() = description ? cfString(description) : "";
+    }
        acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector;
        acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector;
-       if (applicationList) {
-               // application-list + prompt
-               acl->form(ACL::appListForm);
-               setApplications(acl, applicationList);
-       } else {
-               // allow-any
-               acl->form(ACL::allowAllForm);
+    if(acl->form() !=  ACL::integrityForm) {
+        if (applicationList) {
+            // application-list + prompt
+            acl->form(ACL::appListForm);
+            setApplications(acl, applicationList);
+        } else {
+            // allow-any
+            acl->form(ACL::allowAllForm);
+        }
        }
        acl->modify();
        END_SECAPI
        }
        acl->modify();
        END_SECAPI
@@ -248,7 +282,7 @@ CFArrayRef SecACLCopyAuthorizations(SecACLRef acl)
                strings[iCnt] = (CFTypeRef)GetAuthStringFromACLAuthorizationTag(tags[iCnt]);
        }
 
                strings[iCnt] = (CFTypeRef)GetAuthStringFromACLAuthorizationTag(tags[iCnt]);
        }
 
-       result = CFArrayCreate(kCFAllocatorDefault, (const void **)strings, numAuths, NULL);
+       result = CFArrayCreate(kCFAllocatorDefault, (const void **)strings, numAuths, &kCFTypeArrayCallBacks);
 
        delete[] strings;
     delete[] tags;
 
        delete[] strings;
     delete[] tags;
@@ -261,6 +295,9 @@ OSStatus SecACLSetAuthorizations(SecACLRef aclRef,
        CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount)
 {
        BEGIN_SECAPI
        CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount)
 {
        BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecACLSetAuthorizations", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
        SecPointer<ACL> acl = ACL::required(aclRef);
        if (acl->isOwner())             // can't change rights of the owner ACL
                MacOSError::throwMe(errSecInvalidOwnerEdit);
        SecPointer<ACL> acl = ACL::required(aclRef);
        if (acl->isOwner())             // can't change rights of the owner ACL
                MacOSError::throwMe(errSecInvalidOwnerEdit);
mirror of Security