X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb..refs/heads/master:/securityd/src/localkey.cpp?ds=sidebyside

diff --git a/securityd/src/localkey.cpp b/securityd/src/localkey.cpp
index 7543ded3..23d5c293 100644
--- a/securityd/src/localkey.cpp
+++ b/securityd/src/localkey.cpp
@@ -29,6 +29,8 @@
 #include "server.h"
 #include "database.h"
 #include <security_cdsa_utilities/acl_any.h>
+#include <security_utilities/cfmunge.h>
+#include <security_utilities/logging.h>
 
 
 //
@@ -39,7 +41,7 @@ LocalKey::LocalKey(Database &db, const CssmKey &newKey, CSSM_KEYATTR_FLAGS moreA
 {
 	mValidKey = true;
 	setup(newKey, moreAttributes);
-    secdebug("SSkey", "%p (handle %#x) created from key alg=%u use=0x%x attr=0x%x db=%p",
+    secinfo("SSkey", "%p (handle %#x) created from key alg=%u use=0x%x attr=0x%x db=%p",
         this, handle(), mKey.header().algorithm(), mKey.header().usage(), mAttributes, &db);
 }
 
@@ -75,7 +77,7 @@ void LocalKey::setup(const CssmKey &newKey, CSSM_KEYATTR_FLAGS moreAttributes)
 
 LocalKey::~LocalKey()
 {
-    secdebug("SSkey", "%p destroyed", this);
+    secinfo("SSkey", "%p destroyed", this);
 }
 
 
@@ -86,6 +88,13 @@ void LocalKey::setOwner(const AclEntryPrototype *owner)
 		acl().cssmSetInitial(*owner);					// specified
 	else
 		acl().cssmSetInitial(new AnyAclSubject());		// defaulted
+
+    if (this->database().dbVersion() >= CommonBlob::version_partition) {
+        // put payload into an AclEntry tagged as CSSM_APPLE_ACL_TAG_PARTITION_ID...
+        // ... unless the client has the "converter" entitlement as attested by Apple
+        if (!(process().checkAppleSigned() && process().hasEntitlement(migrationEntitlement)))
+            this->acl().createClientPartitionID(this->process());
+    }
 }