From b58b9743922b47bf8e93d4c7428efd0c05cebae6 Mon Sep 17 00:00:00 2001 From: Christophe Deschamps Date: Fri, 18 Jun 2021 09:41:51 +0200 Subject: [PATCH] VFS changes : - Added accessibility attribute to the secure preference key - Added mechanism to delete any existing key when activating VFS for the first time - Improved log messages --- Classes/LinphoneAppDelegate.m | 2 +- Classes/LinphoneCoreSettingsStore.m | 2 +- Classes/VFSUtil.swift | 39 +++++++++++++++++++++++++---- 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/Classes/LinphoneAppDelegate.m b/Classes/LinphoneAppDelegate.m index 9b6984e75..c494796b0 100644 --- a/Classes/LinphoneAppDelegate.m +++ b/Classes/LinphoneAppDelegate.m @@ -252,7 +252,7 @@ if (TARGET_IPHONE_SIMULATOR) { LOGW(@"[VFS] Can not active for simulators."); [VFSUtil setVfsEnabbledWithEnabled:false groupName:kLinphoneMsgNotificationAppGroupId]; - } else if (!VFSUtil.activateVFS) { + } else if (![VFSUtil activateVFSForFirstTime:false]) { [VFSUtil log:@"[VFS] Error unable to activate." :OS_LOG_TYPE_ERROR]; [VFSUtil setVfsEnabbledWithEnabled:false groupName:kLinphoneMsgNotificationAppGroupId]; } diff --git a/Classes/LinphoneCoreSettingsStore.m b/Classes/LinphoneCoreSettingsStore.m index cde3750cc..dce78f3b2 100644 --- a/Classes/LinphoneCoreSettingsStore.m +++ b/Classes/LinphoneCoreSettingsStore.m @@ -797,7 +797,7 @@ LOGW(@"[VFS] Can not active for simulators."); [VFSUtil setVfsEnabbledWithEnabled:false groupName:kLinphoneMsgNotificationAppGroupId]; [self setBool:FALSE forKey:@"vfs_enabled_mode"]; - } else if (!VFSUtil.activateVFS) { + } else if (![VFSUtil activateVFSForFirstTime:true]) { [VFSUtil log:@"[VFS] Error unable to activate ! Warning disabling VFS enabled preference." :OS_LOG_TYPE_ERROR]; [VFSUtil setVfsEnabbledWithEnabled:false groupName:kLinphoneMsgNotificationAppGroupId]; [self setBool:FALSE forKey:@"vfs_enabled_mode"]; diff --git a/Classes/VFSUtil.swift b/Classes/VFSUtil.swift index 36a859fbc..4fae043bc 100644 --- a/Classes/VFSUtil.swift +++ b/Classes/VFSUtil.swift @@ -120,25 +120,39 @@ import os let insertQUery: [String: Any] = [kSecClass as String: kSecClassGenericPassword, kSecAttrAccessGroup as String : accessGroup, + kSecAttrAccessible as String : kSecAttrAccessibleAlwaysThisDeviceOnly, + kSecAttrService as String: Bundle.main.bundleIdentifier!, kSecAttrAccount as String: key.data(using: .utf8)!, kSecValueData as String:value.data(using: .utf8)!] let insertStatus = SecItemAdd(insertQUery as CFDictionary, nil) + log("[VFS] addSecuredPreference : SecItemAdd status \(insertStatus)", .info) return insertStatus == errSecSuccess } + @objc static func deleteSecurePreference(key:String) { + let delQuery: [String: Any] = [kSecClass as String: kSecClassGenericPassword, + kSecAttrAccount as String: key.data(using: .utf8)!, + kSecAttrAccessGroup as String : accessGroup] + let deleteSatus = SecItemDelete(delQuery as CFDictionary) + log("[VFS] deleteSecurePreference : SecItemDelete status for removing key \(key) = \(deleteSatus)", .info) + } + + + @objc static func getSecuredPreference(key:String) -> String? { let query: [String:Any] = [ kSecClass as String: kSecClassGenericPassword, kSecAttrAccount as String: key.data(using: .utf8)!, kSecReturnData as String: kCFBooleanTrue, - kSecAttrAccessGroup as String : accessGroup + kSecAttrAccessGroup as String : accessGroup, ] var result: AnyObject? let status: OSStatus = withUnsafeMutablePointer(to: &result) { SecItemCopyMatching(query as CFDictionary, UnsafeMutablePointer($0)) } + log("[VFS] getSecuredPreference : SecItemCopyMatching status \(status)", .info) return status == errSecSuccess ? String(decoding: result as! Data , as: UTF8.self) : nil } @@ -153,8 +167,11 @@ import os - @objc static func activateVFS() -> Bool { + @objc static func activateVFS(forFirstTime: Bool = false) -> Bool { do { + if (forFirstTime) { + removeExistingVFSKeyIfAny() + } if (getSecuredPreference(key: prefName) == nil) { log("[VFS] no secret key set, building one.", .info) try generateKey(requiresBiometry: false) @@ -182,7 +199,7 @@ import os @objc static func vfsEnabled(groupName: String) -> Bool { let defaults = UserDefaults.init(suiteName: groupName) if (defaults == nil) { - log("Unable to get VFS enabled preference userDefaults is null",.error); + log("[VFS] Unable to get VFS enabled preference userDefaults is null",.error); } return defaults?.bool(forKey: "vfs_enabled_preference") == true } @@ -190,7 +207,7 @@ import os @objc static func setVfsEnabbled(enabled: Bool, groupName: String) { let defaults = UserDefaults.init(suiteName: groupName) if (defaults == nil) { - log("Unable to set VFS enabled preferece userDefaults is null",.error); + log("[VFS] Unable to set VFS enabled preferece userDefaults is null",.error); } defaults?.setValue(enabled, forKey: "vfs_enabled_preference") } @@ -203,8 +220,20 @@ import os case.fault:LoggingService.Instance.fatal(message: log) default:LoggingService.Instance.message(message: log) } - + if #available(iOS 10.0, *) { + os_log("%{public}@", type: level,log) + } else { + NSLog(log) + } + } + + @objc static func removeExistingVFSKeyIfAny() { + log("[VFS] removing existing key if any",.debug) + if (getSecuredPreference(key: prefName) != nil) { + deleteSecurePreference(key: prefName) + } } + }