X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/6b200bc335dc93c5516ccb52f14bd896d8c7fad7..refs/heads/master:/OSX/libsecurity_filedb/lib/AtomicFile.cpp

diff --git a/OSX/libsecurity_filedb/lib/AtomicFile.cpp b/OSX/libsecurity_filedb/lib/AtomicFile.cpp
index fbfae750..24ca9907 100644
--- a/OSX/libsecurity_filedb/lib/AtomicFile.cpp
+++ b/OSX/libsecurity_filedb/lib/AtomicFile.cpp
@@ -18,10 +18,10 @@
 
 #include <security_filedb/AtomicFile.h>
 
-#include <security_utilities/devrandom.h>
 #include <CommonCrypto/CommonDigest.h>
 #include <security_cdsa_utilities/cssmerrors.h>
 #include <Security/cssm.h>
+#include <Security/SecRandom.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
@@ -36,7 +36,7 @@
 #include <copyfile.h>
 #include <sandbox.h>
 #include <set>
-#include <assert.h>
+#include <security_utilities/simulatecrash_assert.h>
 
 #define kAtomicFileMaxBlockSize INT_MAX
 
@@ -98,7 +98,7 @@ AtomicFile::performDelete()
 	if (::unlink(mPath.c_str()) != 0)
 	{
 		int error = errno;
-		secnotice("atomicfile", "unlink %s: %s", mPath.c_str(), strerror(error));
+		secinfo("atomicfile", "unlink %s: %s", mPath.c_str(), strerror(error));
         if (error == ENOENT)
 			CssmError::throwMe(CSSMERR_DL_DATASTORE_DOESNOT_EXIST);
 		else
@@ -121,7 +121,7 @@ AtomicFile::rename(const std::string &inNewPath)
 	if (::rename(path, newPath) != 0)
 	{
 		int error = errno;
-		secnotice("atomicfile", "rename(%s, %s): %s", path, newPath, strerror(error));
+		secinfo("atomicfile", "rename(%s, %s): %s", path, newPath, strerror(error));
 		UnixError::throwMe(error);
 	}
 }
@@ -140,7 +140,7 @@ AtomicFile::create(mode_t mode)
     if (fileRef == -1)
     {
         int error = errno;
-		secnotice("atomicfile", "open %s: %s", path, strerror(error));
+		secinfo("atomicfile", "open %s: %s", path, strerror(error));
 
         // Do the obvious error code translations here.
 		// @@@ Consider moving these up a level.
@@ -338,6 +338,7 @@ AtomicFile::ropen(const char *const name, int flags, mode_t mode)
             int result = sandbox_check(getpid(), "file-read-data", (sandbox_filter_type) (SANDBOX_FILTER_PATH | SANDBOX_CHECK_NO_REPORT), name);
             if (result != 0)
             {
+                secdebug("atomicfile", "sandboxing rejected read access to %s", name);
                 return -1;
             }
         }
@@ -347,6 +348,7 @@ AtomicFile::ropen(const char *const name, int flags, mode_t mode)
             int result = sandbox_check(getpid(), "file-write-data", (sandbox_filter_type) (SANDBOX_FILTER_PATH | SANDBOX_CHECK_NO_REPORT), name);
             if (result != 0)
             {
+                secdebug("atomicfile", "sandboxing rejected write access to %s", name);
                 return -1;
             }
         }
@@ -389,8 +391,8 @@ AtomicBufferedFile::~AtomicBufferedFile()
 {
 	if (mFileRef >= 0)
 	{
-	  	// In release mode, the assert() is compiled out so rv may be unused.
-	        __unused int rv = AtomicFile::rclose(mFileRef);
+		// In release mode, the assert() is compiled out so rv may be unused.
+		__unused int rv = AtomicFile::rclose(mFileRef);
 		assert(rv == 0);
 		secinfo("atomicfile", "%p closed %s", this, mPath.c_str());
 	}
@@ -411,7 +413,7 @@ AtomicBufferedFile::open()
 	const char *path = mPath.c_str();
 	if (mFileRef >= 0)
 	{
-		secnotice("atomicfile", "open %s: already open, closing and reopening", path);
+		secinfo("atomicfile", "open %s: already open, closing and reopening", path);
 		close();
 	}
 
@@ -446,7 +448,7 @@ AtomicBufferedFile::open()
 		UnixError::throwMe(error);
 	}
 
-	secnotice("atomicfile", "%p opened %s: %qd bytes", this, path, mLength);
+	secinfo("atomicfile", "%p opened %s: %qd bytes", this, path, mLength);
 
 	return mLength;
 }
@@ -544,7 +546,7 @@ AtomicBufferedFile::close()
 {
 	if (mFileRef < 0)
 	{
-		secnotice("atomicfile", "close %s: already closed", mPath.c_str());
+		secinfo("atomicfile", "close %s: already closed", mPath.c_str());
 	}
 	else
 	{
@@ -648,7 +650,7 @@ AtomicTempFile::create(mode_t mode)
 		}
 	}
 
-	secnotice("atomicfile", "%p created %s", this, path);
+	secinfo("atomicfile", "%p created %s", this, path);
 }
 
 void
@@ -828,7 +830,7 @@ AtomicTempFile::commit()
 
 // Rollback the current create or write (happens automatically if commit() isn't called before the destructor is.
 void
-AtomicTempFile::rollback() throw()
+AtomicTempFile::rollback() _NOEXCEPT
 {
 	if (mFileRef >= 0)
 	{
@@ -960,7 +962,6 @@ std::string
 NetworkFileLocker::unique(mode_t mode)
 {
 	static const int randomPart = 16;
-	DevRandomGenerator randomGen;
 	std::string::size_type dirSize = mDir.size();
 	std::string fullname(dirSize + randomPart + 2, '\0');
 	fullname.replace(0, dirSize, mDir);
@@ -972,7 +973,7 @@ NetworkFileLocker::unique(mode_t mode)
 	for (int retries = 0; retries < 10; ++retries)
 	{
 		/* Make a random filename. */
-		randomGen.random(buf, randomPart);
+        MacOSError::check(SecRandomCopyBytes(kSecRandomDefault, randomPart, buf));
 		for (int ix = 0; ix < randomPart; ++ix)
 		{
 			char ch = buf[ix] & 0x3f;
@@ -1239,7 +1240,7 @@ AtomicLockedFile::lock(mode_t mode)
 
 
 
-void AtomicLockedFile::unlock() throw()
+void AtomicLockedFile::unlock() _NOEXCEPT
 {
 	mFileLocker->unlock();
 }