X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_keychain/lib/SecACL.cpp?ds=inline

diff --git a/OSX/libsecurity_keychain/lib/SecACL.cpp b/OSX/libsecurity_keychain/lib/SecACL.cpp
index 335c6cf9..5e5dbb7b 100644
--- a/OSX/libsecurity_keychain/lib/SecACL.cpp
+++ b/OSX/libsecurity_keychain/lib/SecACL.cpp
@@ -26,6 +26,8 @@
 #include <security_keychain/Access.h>
 #include <security_keychain/SecAccessPriv.h>
 
+#include <os/activity.h>
+
 #include "SecBridge.h"
 
 // Forward reference
@@ -63,8 +65,11 @@ OSStatus SecACLCreateFromSimpleContents(SecAccessRef accessRef,
 	SecACLRef *newAcl)
 {
 	BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecACLCreateFromSimpleContents", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 	SecPointer<Access> access = Access::required(accessRef);
-	SecPointer<ACL> acl = new ACL(*access, cfString(description), *promptSelector);
+	SecPointer<ACL> acl = new ACL(cfString(description), *promptSelector);
 	if (applicationList) {
 		// application-list + prompt
 		acl->form(ACL::appListForm);
@@ -96,6 +101,9 @@ OSStatus SecACLCreateWithSimpleContents(SecAccessRef access,
 OSStatus SecACLRemove(SecACLRef aclRef)
 {
 	BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecACLRemove", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 	ACL::required(aclRef)->remove();
 	END_SECAPI
 }
@@ -125,10 +133,18 @@ OSStatus SecACLCopySimpleContents(SecACLRef aclRef,
 		break;
 	case ACL::appListForm:
 		Required(applicationList) =
-			makeCFArray(convert, acl->applications());
+			makeCFArrayFrom(convert, acl->applications());
 		Required(promptDescription) = makeCFString(acl->promptDescription());
 		Required(promptSelector) = acl->promptSelector();
 		break;
+    case ACL::integrityForm:
+        Required(applicationList) = NULL;
+        Required(promptDescription) = makeCFString(acl->integrity().toHex());
+
+        // We don't have a prompt selector. Nullify.
+        Required(promptSelector).version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION;
+        Required(promptSelector).flags = 0;
+        break;
 	default:
 		return errSecACLNotSimple;		// custom or unknown
 	}
@@ -154,16 +170,34 @@ OSStatus SecACLSetSimpleContents(SecACLRef aclRef,
 	CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
 {
 	BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecACLSetSimpleContents", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 	SecPointer<ACL> acl = ACL::required(aclRef);
-	acl->promptDescription() = description ? cfString(description) : "";
+    if(acl->form() == ACL::integrityForm) {
+        // If this is an integrity ACL, route the (unhexified) promptDescription into the right place
+        string hex = cfString(description);
+        if(hex.length() %2 == 0) {
+            // might be a valid hex string, try to set
+            CssmAutoData data(Allocator::standard());
+            data.malloc(hex.length() / 2);
+            data.get().fromHex(hex.c_str());
+            acl->setIntegrity(data);
+        }
+    } else {
+        // Otherwise, put it in the promptDescription where it belongs
+        acl->promptDescription() = description ? cfString(description) : "";
+    }
 	acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector;
-	if (applicationList) {
-		// application-list + prompt
-		acl->form(ACL::appListForm);
-		setApplications(acl, applicationList);
-	} else {
-		// allow-any
-		acl->form(ACL::allowAllForm);
+    if(acl->form() !=  ACL::integrityForm) {
+        if (applicationList) {
+            // application-list + prompt
+            acl->form(ACL::appListForm);
+            setApplications(acl, applicationList);
+        } else {
+            // allow-any
+            acl->form(ACL::allowAllForm);
+        }
 	}
 	acl->modify();
 	END_SECAPI
@@ -248,7 +282,7 @@ CFArrayRef SecACLCopyAuthorizations(SecACLRef acl)
 		strings[iCnt] = (CFTypeRef)GetAuthStringFromACLAuthorizationTag(tags[iCnt]);
 	}
 
-	result = CFArrayCreate(kCFAllocatorDefault, (const void **)strings, numAuths, NULL);
+	result = CFArrayCreate(kCFAllocatorDefault, (const void **)strings, numAuths, &kCFTypeArrayCallBacks);
 
 	delete[] strings;
     delete[] tags;
@@ -261,6 +295,9 @@ OSStatus SecACLSetAuthorizations(SecACLRef aclRef,
 	CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount)
 {
 	BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecACLSetAuthorizations", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 	SecPointer<ACL> acl = ACL::required(aclRef);
 	if (acl->isOwner())		// can't change rights of the owner ACL
 		MacOSError::throwMe(errSecInvalidOwnerEdit);