--- /dev/null
+/*
+ * Copyright (c) 2015 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * SOSViews.c - Implementation of views
+ */
+
+#include <AssertMacros.h>
+#include <TargetConditionals.h>
+
+#include "SOSViews.h"
+#include <utilities/SecCFWrappers.h>
+#include <utilities/SecCFRelease.h>
+#include <utilities/SecXPCError.h>
+
+#include <utilities/SecCFError.h>
+#include <utilities/der_set.h>
+#include <Security/SecureObjectSync/SOSInternal.h>
+
+#include <Security/SecureObjectSync/SOSPeerInfo.h>
+#include <Security/SecureObjectSync/SOSPeerInfoV2.h>
+#include <Security/SecureObjectSync/SOSPeerInfoPriv.h>
+#include <Security/SecureObjectSync/SOSCloudCircle.h>
+#include <Security/SecureObjectSync/SOSAccount.h>
+#include <Security/SecureObjectSync/SOSAccountPriv.h>
+
+CFStringRef viewMemError = CFSTR("Failed to get memory for views in PeerInfo");
+CFStringRef viewUnknownError = CFSTR("Unknown view(%@) (ViewResultCode=%d)");
+CFStringRef viewInvalidError = CFSTR("Peer is invalid for this view(%@) (ViewResultCode=%d)");
+
+// Internal Views:
+const CFStringRef kSOSViewKeychainV0_tomb = CFSTR("KeychainV0-tomb"); // iCloud Keychain backup for v0 peers (no tombstones)
+const CFStringRef kSOSViewBackupBagV0_tomb = CFSTR("BackupBagV0-tomb"); // iCloud Keychain backup bag for v0 peers (no tombstones)
+const CFStringRef kSOSViewWiFi_tomb = CFSTR("WiFi-tomb");
+const CFStringRef kSOSViewAutofillPasswords_tomb = CFSTR("Passwords-tomb");
+const CFStringRef kSOSViewSafariCreditCards_tomb = CFSTR("CreditCards-tomb");
+const CFStringRef kSOSViewiCloudIdentity_tomb = CFSTR("iCloudIdentity-tomb");
+const CFStringRef kSOSViewOtherSyncable_tomb = CFSTR("OtherSyncable-tomb");
+
+// Views
+const CFStringRef kSOSViewKeychainV0 = CFSTR("KeychainV0"); // iCloud Keychain syncing for v0 peers
+
+const CFStringRef kSOSViewWiFi = CFSTR("WiFi");
+const CFStringRef kSOSViewAutofillPasswords = CFSTR("Passwords");
+const CFStringRef kSOSViewSafariCreditCards = CFSTR("CreditCards");
+const CFStringRef kSOSViewiCloudIdentity = CFSTR("iCloudIdentity");
+const CFStringRef kSOSViewBackupBagV0 = CFSTR("BackupBagV0"); // iCloud Keychain backup bag for v0 peers (single item)
+const CFStringRef kSOSViewOtherSyncable = CFSTR("OtherSyncable");
+
+// PCS (Protected Cloud Storage) Views
+const CFStringRef kSOSViewPCSMasterKey = CFSTR("PCS-MasterKey");
+const CFStringRef kSOSViewPCSiCloudDrive = CFSTR("PCS-iCloudDrive"); // Bladerunner
+const CFStringRef kSOSViewPCSPhotos = CFSTR("PCS-Photos"); // Hyperion
+const CFStringRef kSOSViewPCSCloudKit = CFSTR("PCS-CloudKit"); // Liverpool
+const CFStringRef kSOSViewPCSEscrow = CFSTR("PCS-Escrow");
+const CFStringRef kSOSViewPCSFDE = CFSTR("PCS-FDE");
+const CFStringRef kSOSViewPCSMailDrop = CFSTR("PCS-Maildrop"); // PianoMover
+const CFStringRef kSOSViewPCSiCloudBackup = CFSTR("PCS-Backup");
+const CFStringRef kSOSViewPCSNotes = CFSTR("PCS-Notes");
+const CFStringRef kSOSViewPCSiMessage = CFSTR("PCS-iMessage");
+const CFStringRef kSOSViewPCSFeldspar = CFSTR("PCS-Feldspar");
+
+const CFStringRef kSOSViewAppleTV = CFSTR("AppleTV");
+const CFStringRef kSOSViewHomeKit = CFSTR("HomeKit");
+
+// View Hints
+// Note that by definition, there cannot be a V0 view hint
+// These will be deprecated for new constants found in SecItemPriv.h
+const CFStringRef kSOSViewHintPCSMasterKey = CFSTR("PCS-MasterKey");
+const CFStringRef kSOSViewHintPCSiCloudDrive = CFSTR("PCS-iCloudDrive");
+const CFStringRef kSOSViewHintPCSPhotos = CFSTR("PCS-Photos");
+const CFStringRef kSOSViewHintPCSCloudKit = CFSTR("PCS-CloudKit");
+const CFStringRef kSOSViewHintPCSEscrow = CFSTR("PCS-Escrow");
+const CFStringRef kSOSViewHintPCSFDE = CFSTR("PCS-FDE");
+const CFStringRef kSOSViewHintPCSMailDrop = CFSTR("PCS-Maildrop");
+const CFStringRef kSOSViewHintPCSiCloudBackup = CFSTR("PCS-Backup");
+const CFStringRef kSOSViewHintPCSNotes = CFSTR("PCS-Notes");
+const CFStringRef kSOSViewHintPCSiMessage = CFSTR("PCS-iMessage");
+const CFStringRef kSOSViewHintPCSFeldspar = CFSTR("PCS-Feldspar");
+
+const CFStringRef kSOSViewHintAppleTV = CFSTR("AppleTV");
+const CFStringRef kSOSViewHintHomeKit = CFSTR("HomeKit");
+
+CFGiblisGetSingleton(CFSetRef, SOSViewsGetV0ViewSet, defaultViewSet, ^{
+ // Since peer->views must never be NULL, fill in with a default
+ const void *values[] = { kSOSViewKeychainV0 };
+ *defaultViewSet = CFSetCreate(kCFAllocatorDefault, values, array_size(values), &kCFTypeSetCallBacks);
+});
+
+CFGiblisGetSingleton(CFSetRef, SOSViewsGetV0SubviewSet, subViewSet, (^{
+ // Since peer->views must never be NULL, fill in with a default
+ const void *values[] = { kSOSViewWiFi, kSOSViewAutofillPasswords, kSOSViewSafariCreditCards,
+ kSOSViewiCloudIdentity, kSOSViewBackupBagV0, kSOSViewOtherSyncable };
+ *subViewSet = CFSetCreate(kCFAllocatorDefault, values, array_size(values), &kCFTypeSetCallBacks);
+}));
+
+CFGiblisGetSingleton(CFSetRef, SOSViewsGetV0BackupViewSet, defaultViewSet, ^{
+ const void *values[] = { kSOSViewKeychainV0_tomb };
+ *defaultViewSet = CFSetCreate(kCFAllocatorDefault, values, array_size(values), &kCFTypeSetCallBacks);
+});
+
+CFGiblisGetSingleton(CFSetRef, SOSViewsGetV0BackupBagViewSet, defaultViewSet, ^{
+ const void *values[] = { kSOSViewBackupBagV0_tomb };
+ *defaultViewSet = CFSetCreate(kCFAllocatorDefault, values, array_size(values), &kCFTypeSetCallBacks);
+});
+
+bool SOSViewsIsV0Subview(CFStringRef viewName) {
+ return CFSetContainsValue(SOSViewsGetV0BackupViewSet(), viewName);
+}
+
+CFSetRef sTestViewSet = NULL;
+void SOSViewsSetTestViewsSet(CFSetRef testViewNames) {
+ CFRetainAssign(sTestViewSet, testViewNames);
+}
+
+CFSetRef SOSViewsGetAllCurrent(void) {
+ static dispatch_once_t dot;
+ static CFMutableSetRef allViews = NULL;
+ dispatch_once(&dot, ^{
+ allViews = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
+ CFSetAddValue(allViews, kSOSViewKeychainV0);
+ CFSetAddValue(allViews, kSOSViewPCSMasterKey);
+ CFSetAddValue(allViews, kSOSViewPCSiCloudDrive);
+ CFSetAddValue(allViews, kSOSViewPCSPhotos);
+ CFSetAddValue(allViews, kSOSViewPCSCloudKit);
+ CFSetAddValue(allViews, kSOSViewPCSEscrow);
+ CFSetAddValue(allViews, kSOSViewPCSFDE);
+ CFSetAddValue(allViews, kSOSViewPCSMailDrop);
+ CFSetAddValue(allViews, kSOSViewPCSiCloudBackup);
+ CFSetAddValue(allViews, kSOSViewPCSNotes);
+ CFSetAddValue(allViews, kSOSViewPCSiMessage);
+ CFSetAddValue(allViews, kSOSViewPCSFeldspar);
+ CFSetAddValue(allViews, kSOSViewAppleTV);
+ CFSetAddValue(allViews, kSOSViewHomeKit);
+ CFSetAddValue(allViews, kSOSViewWiFi);
+ CFSetAddValue(allViews, kSOSViewAutofillPasswords);
+ CFSetAddValue(allViews, kSOSViewSafariCreditCards);
+ CFSetAddValue(allViews, kSOSViewiCloudIdentity);
+ CFSetAddValue(allViews, kSOSViewBackupBagV0);
+ CFSetAddValue(allViews, kSOSViewOtherSyncable);
+ });
+ return sTestViewSet ? sTestViewSet : allViews;
+}
+
+static CFMutableSetRef CFSetCreateMutableCopyForSOSViews(CFAllocatorRef allocator, CFSetRef original) {
+ if(!original) return NULL;
+ return CFSetCreateMutableCopy(allocator, 0, original);
+}
+
+CFMutableSetRef SOSViewsCreateDefault(bool includeLegacy, CFErrorRef *error) {
+ CFMutableSetRef result = CFSetCreateMutableCopyForSOSViews(NULL, SOSViewsGetAllCurrent());
+
+ // We don't by default particiate in V0, actually we don't want
+ // to let folks enable it.
+ CFSetRemoveValue(result, kSOSViewKeychainV0);
+
+ if (!includeLegacy) {
+ // We don't by default participate in fractures of iCloudKeychain
+ CFSetRemoveValue(result, kSOSViewWiFi);
+ CFSetRemoveValue(result, kSOSViewAutofillPasswords);
+ CFSetRemoveValue(result, kSOSViewSafariCreditCards);
+ CFSetRemoveValue(result, kSOSViewOtherSyncable);
+ }
+
+ return result;
+}
+
+// Eventually this will want to know the gestalt or security properties...
+void SOSViewsForEachDefaultEnabledViewName(void (^operation)(CFStringRef viewName)) {
+ CFMutableSetRef defaultViews = SOSViewsCreateDefault(false, NULL);
+
+ CFSetForEach(defaultViews, ^(const void *value) {
+ CFStringRef name = asString(value, NULL);
+
+ if (name) {
+ operation(name);
+ }
+ });
+
+ CFReleaseNull(defaultViews);
+}
+
+static bool SOSViewsIsKnownView(CFStringRef viewname) {
+ CFSetRef allViews = SOSViewsGetAllCurrent();
+ if(CFSetContainsValue(allViews, viewname)) return true;
+ secnotice("views","Not a known view");
+ return false;
+}
+
+bool SOSPeerInfoIsEnabledView(SOSPeerInfoRef pi, CFStringRef viewName) {
+ if (pi->version < kSOSPeerV2BaseVersion) {
+ return CFSetContainsValue(SOSViewsGetV0ViewSet(), viewName);
+ } else {
+ return SOSPeerInfoV2DictionaryHasSetContaining(pi, sViewsKey, viewName);
+ }
+}
+
+void SOSPeerInfoWithEnabledViewSet(SOSPeerInfoRef pi, void (^operation)(CFSetRef enabled)) {
+ if (pi->version < kSOSPeerV2BaseVersion) {
+ operation(SOSViewsGetV0ViewSet());
+ } else {
+ SOSPeerInfoV2DictionaryWithSet(pi, sViewsKey, operation);
+ }
+}
+
+CFMutableSetRef SOSPeerInfoCopyEnabledViews(SOSPeerInfoRef pi) {
+ if (pi->version < kSOSPeerV2BaseVersion) {
+ return CFSetCreateMutableCopy(kCFAllocatorDefault, CFSetGetCount(SOSViewsGetV0ViewSet()), SOSViewsGetV0ViewSet());
+ } else {
+ CFMutableSetRef views = SOSPeerInfoV2DictionaryCopySet(pi, sViewsKey);
+ if (!views) {
+ // This is unexpected: log and return an empty set to prevent <rdar://problem/21938868>
+ secerror("%@ v2 peer has no views", SOSPeerInfoGetPeerID(pi));
+ views = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
+ }
+ return views;
+ }
+}
+
+CFSetRef SOSPeerInfoGetPermittedViews(SOSPeerInfoRef pi) {
+ return SOSViewsGetAllCurrent();
+}
+
+static void SOSPeerInfoSetViews(SOSPeerInfoRef pi, CFSetRef newviews) {
+ if(!newviews) {
+ secnotice("views","Asked to swap to NULL views");
+ return;
+ }
+ SOSPeerInfoV2DictionarySetValue(pi, sViewsKey, newviews);
+}
+
+static bool SOSPeerInfoViewIsValid(SOSPeerInfoRef pi, CFStringRef viewname) {
+ return true;
+}
+
+static bool viewErrorReport(CFIndex errorCode, CFErrorRef *error, CFStringRef format, CFStringRef viewname, int retval) {
+ return SOSCreateErrorWithFormat(errorCode, NULL, error, NULL, format, viewname, retval);
+}
+
+SOSViewResultCode SOSViewsEnable(SOSPeerInfoRef pi, CFStringRef viewname, CFErrorRef *error) {
+ SOSViewResultCode retval = kSOSCCGeneralViewError;
+
+ CFMutableSetRef newviews = SOSPeerInfoCopyEnabledViews(pi);
+ require_action_quiet(newviews, fail,
+ SOSCreateError(kSOSErrorAllocationFailure, viewMemError, NULL, error));
+ require_action_quiet(SOSViewsIsKnownView(viewname), fail,
+ viewErrorReport(kSOSErrorNameMismatch, error, viewUnknownError, viewname, retval = kSOSCCNoSuchView));
+ require_action_quiet(SOSPeerInfoViewIsValid(pi, viewname), fail,
+ viewErrorReport(kSOSErrorNameMismatch, error, viewInvalidError, viewname, retval = kSOSCCViewNotQualified));
+ CFSetAddValue(newviews, viewname);
+ SOSPeerInfoSetViews(pi, newviews);
+ CFReleaseSafe(newviews);
+ return kSOSCCViewMember;
+
+fail:
+ CFReleaseNull(newviews);
+ secnotice("views","Failed to enable view(%@): %@", viewname, *error);
+ return retval;
+}
+
+bool SOSViewSetEnable(SOSPeerInfoRef pi, CFSetRef viewSet) {
+ __block bool retval = true;
+ __block bool addedView = false;
+ CFMutableSetRef newviews = SOSPeerInfoCopyEnabledViews(pi);
+ require_action_quiet(newviews, errOut, secnotice("views", "failed to copy enabled views"));
+
+ CFSetForEach(viewSet, ^(const void *value) {
+ CFStringRef viewName = (CFStringRef) value;
+ if(SOSViewsIsKnownView(viewName) && SOSPeerInfoViewIsValid(pi, viewName) && !CFSetContainsValue(newviews, viewName)) {
+ addedView = true;
+ CFSetAddValue(newviews, viewName);
+ } else {
+ retval = false;
+ secnotice("views", "couldn't add view %@", viewName);
+ }
+ });
+ require_quiet(retval, errOut);
+
+ if (addedView) {
+ SOSPeerInfoSetViews(pi, newviews);
+ }
+
+errOut:
+ CFReleaseNull(newviews);
+ return retval;
+}
+
+
+SOSViewResultCode SOSViewsDisable(SOSPeerInfoRef pi, CFStringRef viewname, CFErrorRef *error) {
+ SOSViewResultCode retval = kSOSCCGeneralViewError;
+ CFMutableSetRef newviews = SOSPeerInfoCopyEnabledViews(pi);
+ require_action_quiet(newviews, fail,
+ SOSCreateError(kSOSErrorAllocationFailure, viewMemError, NULL, error));
+ require_action_quiet(SOSViewsIsKnownView(viewname), fail,
+ viewErrorReport(kSOSErrorNameMismatch, error, viewUnknownError, viewname, retval = kSOSCCNoSuchView));
+
+ CFSetRemoveValue(newviews, viewname);
+ SOSPeerInfoSetViews(pi, newviews);
+ CFReleaseSafe(newviews);
+ return kSOSCCViewNotMember;
+
+fail:
+ CFReleaseNull(newviews);
+ secnotice("views","Failed to disable view(%@): %@", viewname, *error);
+ return retval;
+}
+
+
+bool SOSViewSetDisable(SOSPeerInfoRef pi, CFSetRef viewSet) {
+ __block bool retval = true;
+ __block bool removed = false;
+ CFMutableSetRef newviews = SOSPeerInfoCopyEnabledViews(pi);
+ require_action_quiet(newviews, errOut, secnotice("views", "failed to copy enabled views"));
+
+ CFSetForEach(viewSet, ^(const void *value) {
+ CFStringRef viewName = (CFStringRef) value;
+ if(SOSViewsIsKnownView(viewName) && CFSetContainsValue(newviews, viewName)) {
+ removed = true;
+ CFSetRemoveValue(newviews, viewName);
+ } else {
+ retval = false;
+ secnotice("views", "couldn't delete view %@", viewName);
+ }
+ });
+
+ require_quiet(retval, errOut);
+
+ if(removed) {
+ SOSPeerInfoSetViews(pi, newviews);
+ }
+
+errOut:
+ CFReleaseNull(newviews);
+ return retval;
+}
+
+
+SOSViewResultCode SOSViewsQuery(SOSPeerInfoRef pi, CFStringRef viewname, CFErrorRef *error) {
+ SOSViewResultCode retval = kSOSCCNoSuchView;
+ CFSetRef views = NULL;
+ secnotice("views", "Querying %@", viewname);
+ require_action_quiet(SOSViewsIsKnownView(viewname), fail,
+ SOSCreateError(kSOSErrorNameMismatch, viewUnknownError, NULL, error));
+ views = SOSPeerInfoCopyEnabledViews(pi);
+ if(!views){
+ retval = kSOSCCViewNotMember;
+ CFReleaseNull(views);
+ return retval;
+ }
+ retval = (CFSetContainsValue(views, viewname)) ? kSOSCCViewMember: kSOSCCViewNotMember;
+ CFReleaseNull(views);
+ return retval;
+
+fail:
+ secnotice("views","Failed to query view(%@): %@", viewname, *error);
+ CFReleaseNull(views);
+ return retval;
+}
+
+static CFArrayRef SOSCreateActiveViewIntersectionArrayForPeerInfos(SOSPeerInfoRef pi1, SOSPeerInfoRef pi2) {
+ CFMutableArrayRef retval = NULL;
+ CFSetRef views1 = SOSPeerInfoCopyEnabledViews(pi1);
+ CFSetRef views2 = SOSPeerInfoCopyEnabledViews(pi2);
+ size_t count = CFSetGetCount(views1);
+ if(count == 0){
+ CFReleaseNull(views1);
+ CFReleaseNull(views2);
+ return NULL;
+ }
+ CFStringRef pi1views[count];
+
+ retval = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ CFSetGetValues(views1, (const void **) &pi1views);
+ for(size_t i = 0; i < count; i++) {
+ if(CFSetContainsValue(views2, pi1views[i])) {
+ CFArrayAppendValue(retval, pi1views[i]);
+ }
+ }
+ CFReleaseNull(views1);
+ CFReleaseNull(views2);
+
+ return retval;
+}
+
+CFArrayRef SOSCreateActiveViewIntersectionArrayForPeerID(SOSAccountRef account, CFStringRef peerID) {
+ CFArrayRef retval = NULL;
+ SOSPeerInfoRef myPI = SOSAccountGetMyPeerInfo(account);
+ SOSPeerInfoRef theirPI = SOSAccountCopyPeerWithID(account, peerID, NULL);
+ require_action_quiet(myPI, errOut, retval = NULL);
+ require_action_quiet(theirPI, errOut, retval = NULL);
+
+ retval = SOSCreateActiveViewIntersectionArrayForPeerInfos(myPI, theirPI);
+
+errOut:
+ CFReleaseNull(theirPI);
+ return retval;
+}
+
+// This needs to create a dictionary of sets of intersected views for an account
+CFDictionaryRef SOSViewsCreateActiveViewMatrixDictionary(SOSAccountRef account, SOSCircleRef circle, CFErrorRef *error) {
+ CFMutableDictionaryRef retval = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+ SOSPeerInfoRef myPI = SOSAccountGetMyPeerInfo(account);
+
+ // For now, all views require that a valid member peer is in the circle and active/valid
+ CFMutableSetRef peers = SOSCircleCopyPeers(circle, kCFAllocatorDefault);
+
+ require_action_quiet(retval, errOut, SOSCreateError(kSOSErrorAllocationFailure, CFSTR("Could not allocate ViewMatrix"), NULL, error));
+ require_action_quiet(myPI, errOut, SOSCreateError(kSOSErrorPeerNotFound, CFSTR("Could not find our PeerInfo"), NULL, error));
+ require(peers, errOut);
+
+ CFSetRef myViews = SOSPeerInfoCopyEnabledViews(myPI);
+
+ if (myViews)
+ CFSetForEach(myViews, ^(const void *value) {
+ CFStringRef viewname = (CFStringRef) value;
+ CFMutableSetRef viewset = CFSetCreateMutable(NULL, 0, &kCFTypeSetCallBacks);
+ CFSetForEach(peers, ^(const void *peervalue) {
+ SOSPeerInfoRef pi = (SOSPeerInfoRef) peervalue;
+ CFSetRef piViews = SOSPeerInfoCopyEnabledViews(pi);
+
+ if(piViews && CFSetContainsValue(piViews, viewname)) {
+ CFStringRef peerID = SOSPeerInfoGetPeerID(pi);
+ CFSetAddValue(viewset, peerID);
+ }
+ CFReleaseNull(piViews);
+
+ });
+ CFDictionaryAddValue(retval, viewname, viewset);
+ });
+
+ if(CFDictionaryGetCount(retval) == 0) goto errOut; // Not really an error - just no intersection of views with anyone
+ CFReleaseNull(peers);
+ CFReleaseNull(myViews);
+ return retval;
+
+errOut:
+ CFReleaseNull(retval);
+ CFReleaseNull(peers);
+ return NULL;
+}
+
+
+
+
+
+/* Need XPC way to carry CFSets of views */
+
+
+CFSetRef CreateCFSetRefFromXPCObject(xpc_object_t xpcSetDER, CFErrorRef* error) {
+ CFSetRef retval = NULL;
+ require_action_quiet(xpcSetDER, errOut, SecCFCreateErrorWithFormat(kSecXPCErrorUnexpectedNull, sSecXPCErrorDomain, NULL, error, NULL, CFSTR("Unexpected Null Set to decode")));
+
+ require_action_quiet(xpc_get_type(xpcSetDER) == XPC_TYPE_DATA, errOut, SecCFCreateErrorWithFormat(kSecXPCErrorUnexpectedType, sSecXPCErrorDomain, NULL, error, NULL, CFSTR("xpcSetDER not data, got %@"), xpcSetDER));
+
+ const uint8_t* der = xpc_data_get_bytes_ptr(xpcSetDER);
+ const uint8_t* der_end = der + xpc_data_get_length(xpcSetDER);
+ der = der_decode_set(kCFAllocatorDefault, kCFPropertyListMutableContainersAndLeaves, &retval, error, der, der_end);
+ if (der != der_end) {
+ SecError(errSecDecode, error, CFSTR("trailing garbage at end of SecAccessControl data"));
+ goto errOut;
+ }
+ return retval;
+errOut:
+ CFReleaseNull(retval);
+ return NULL;
+}
+
+xpc_object_t CreateXPCObjectWithCFSetRef(CFSetRef setref, CFErrorRef *error) {
+ xpc_object_t result = NULL;
+ size_t data_size = 0;
+ uint8_t *data = NULL;
+ require_action_quiet(setref, errOut, SecCFCreateErrorWithFormat(kSecXPCErrorUnexpectedNull, sSecXPCErrorDomain, NULL, error, NULL, CFSTR("Unexpected Null Set to encode")));
+ require_quiet((data_size = der_sizeof_set(setref, error)) != 0, errOut);
+ require_quiet((data = (uint8_t *)malloc(data_size)) != NULL, errOut);
+
+ der_encode_set(setref, error, data, data + data_size);
+ result = xpc_data_create(data, data_size);
+ free(data);
+errOut:
+ return result;
+}
+
projects / apple / security.git / blobdiff