Security-59754.80.3.tar.gz

[apple/security.git] / securityd / src / localkey.cpp

diff --git a/securityd/src/localkey.cpp b/securityd/src/localkey.cpp
index 7543ded371b60415e3435ebb917f298b2510fb6a..23d5c2938ac2da298efb5c5a6d5ed3b64bca1b2d 100644 (file)
--- a/securityd/src/localkey.cpp
+++ b/securityd/src/localkey.cpp
@@ -29,6 +29,8 @@
 #include "server.h"
 #include "database.h"
 #include <security_cdsa_utilities/acl_any.h>
+#include <security_utilities/cfmunge.h>
+#include <security_utilities/logging.h>
 
 
 //
@@ -39,7 +41,7 @@ LocalKey::LocalKey(Database &db, const CssmKey &newKey, CSSM_KEYATTR_FLAGS moreA
 {
        mValidKey = true;
        setup(newKey, moreAttributes);
-    secdebug("SSkey", "%p (handle %#x) created from key alg=%u use=0x%x attr=0x%x db=%p",
+    secinfo("SSkey", "%p (handle %#x) created from key alg=%u use=0x%x attr=0x%x db=%p",
         this, handle(), mKey.header().algorithm(), mKey.header().usage(), mAttributes, &db);
 }
 
@@ -75,7 +77,7 @@ void LocalKey::setup(const CssmKey &newKey, CSSM_KEYATTR_FLAGS moreAttributes)
 
 LocalKey::~LocalKey()
 {
-    secdebug("SSkey", "%p destroyed", this);
+    secinfo("SSkey", "%p destroyed", this);
 }
 
 
@@ -86,6 +88,13 @@ void LocalKey::setOwner(const AclEntryPrototype *owner)
                acl().cssmSetInitial(*owner);                                   // specified
        else
                acl().cssmSetInitial(new AnyAclSubject());              // defaulted
+
+    if (this->database().dbVersion() >= CommonBlob::version_partition) {
+        // put payload into an AclEntry tagged as CSSM_APPLE_ACL_TAG_PARTITION_ID...
+        // ... unless the client has the "converter" entitlement as attested by Apple
+        if (!(process().checkAppleSigned() && process().hasEntitlement(migrationEntitlement)))
+            this->acl().createClientPartitionID(this->process());
+    }
 }