X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..refs/heads/master:/OSX/libsecurity_keychain/lib/SecACL.cpp diff --git a/OSX/libsecurity_keychain/lib/SecACL.cpp b/OSX/libsecurity_keychain/lib/SecACL.cpp index 335c6cf9..23cb2413 100644 --- a/OSX/libsecurity_keychain/lib/SecACL.cpp +++ b/OSX/libsecurity_keychain/lib/SecACL.cpp @@ -26,8 +26,12 @@ #include #include +#include + #include "SecBridge.h" +#include "LegacyAPICounts.h" + // Forward reference /*! @function GetACLAuthorizationTagFromString @@ -63,8 +67,11 @@ OSStatus SecACLCreateFromSimpleContents(SecAccessRef accessRef, SecACLRef *newAcl) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecACLCreateFromSimpleContents", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); SecPointer access = Access::required(accessRef); - SecPointer acl = new ACL(*access, cfString(description), *promptSelector); + SecPointer acl = new ACL(cfString(description), *promptSelector); if (applicationList) { // application-list + prompt acl->form(ACL::appListForm); @@ -84,6 +91,7 @@ OSStatus SecACLCreateWithSimpleContents(SecAccessRef access, SecKeychainPromptSelector promptSelector, SecACLRef *newAcl) { + COUNTLEGACYAPI CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR cdsaPromptSelector; cdsaPromptSelector.version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION; cdsaPromptSelector.flags = promptSelector; @@ -96,6 +104,9 @@ OSStatus SecACLCreateWithSimpleContents(SecAccessRef access, OSStatus SecACLRemove(SecACLRef aclRef) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecACLRemove", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); ACL::required(aclRef)->remove(); END_SECAPI } @@ -125,10 +136,18 @@ OSStatus SecACLCopySimpleContents(SecACLRef aclRef, break; case ACL::appListForm: Required(applicationList) = - makeCFArray(convert, acl->applications()); + makeCFArrayFrom(convert, acl->applications()); Required(promptDescription) = makeCFString(acl->promptDescription()); Required(promptSelector) = acl->promptSelector(); break; + case ACL::integrityForm: + Required(applicationList) = NULL; + Required(promptDescription) = makeCFString(acl->integrity().toHex()); + + // We don't have a prompt selector. Nullify. + Required(promptSelector).version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION; + Required(promptSelector).flags = 0; + break; default: return errSecACLNotSimple; // custom or unknown } @@ -140,6 +159,7 @@ OSStatus SecACLCopyContents(SecACLRef acl, CFStringRef *description, SecKeychainPromptSelector *promptSelector) { + COUNTLEGACYAPI CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR cdsaPromptSelector; memset(&cdsaPromptSelector, 0, sizeof(cdsaPromptSelector)); OSStatus err = errSecSuccess; @@ -154,16 +174,34 @@ OSStatus SecACLSetSimpleContents(SecACLRef aclRef, CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecACLSetSimpleContents", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); SecPointer acl = ACL::required(aclRef); - acl->promptDescription() = description ? cfString(description) : ""; + if(acl->form() == ACL::integrityForm) { + // If this is an integrity ACL, route the (unhexified) promptDescription into the right place + string hex = cfString(description); + if(hex.length() %2 == 0) { + // might be a valid hex string, try to set + CssmAutoData data(Allocator::standard()); + data.malloc(hex.length() / 2); + data.get().fromHex(hex.c_str()); + acl->setIntegrity(data); + } + } else { + // Otherwise, put it in the promptDescription where it belongs + acl->promptDescription() = description ? cfString(description) : ""; + } acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector; - if (applicationList) { - // application-list + prompt - acl->form(ACL::appListForm); - setApplications(acl, applicationList); - } else { - // allow-any - acl->form(ACL::allowAllForm); + if(acl->form() != ACL::integrityForm) { + if (applicationList) { + // application-list + prompt + acl->form(ACL::appListForm); + setApplications(acl, applicationList); + } else { + // allow-any + acl->form(ACL::allowAllForm); + } } acl->modify(); END_SECAPI @@ -174,6 +212,7 @@ OSStatus SecACLSetContents(SecACLRef acl, CFStringRef description, SecKeychainPromptSelector promptSelector) { + COUNTLEGACYAPI CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR cdsaPromptSelector; cdsaPromptSelector.version = CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION; cdsaPromptSelector.flags = promptSelector; @@ -214,6 +253,7 @@ OSStatus SecACLGetAuthorizations(SecACLRef acl, CFArrayRef SecACLCopyAuthorizations(SecACLRef acl) { + COUNTLEGACYAPI CFArrayRef result = NULL; if (NULL == acl) { @@ -248,7 +288,7 @@ CFArrayRef SecACLCopyAuthorizations(SecACLRef acl) strings[iCnt] = (CFTypeRef)GetAuthStringFromACLAuthorizationTag(tags[iCnt]); } - result = CFArrayCreate(kCFAllocatorDefault, (const void **)strings, numAuths, NULL); + result = CFArrayCreate(kCFAllocatorDefault, (const void **)strings, numAuths, &kCFTypeArrayCallBacks); delete[] strings; delete[] tags; @@ -261,6 +301,9 @@ OSStatus SecACLSetAuthorizations(SecACLRef aclRef, CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecACLSetAuthorizations", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); SecPointer acl = ACL::required(aclRef); if (acl->isOwner()) // can't change rights of the owner ACL MacOSError::throwMe(errSecInvalidOwnerEdit); @@ -273,6 +316,7 @@ OSStatus SecACLSetAuthorizations(SecACLRef aclRef, OSStatus SecACLUpdateAuthorizations(SecACLRef acl, CFArrayRef authorizations) { + COUNTLEGACYAPI if (NULL == acl || NULL == authorizations) { return errSecParam;