nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

iOS: harden Keychain storage with delete-then-add and accessibility attribute 

(cherry picked from commit cf122ce68e)
This commit is contained in:
Rocuts 2026-03-02 12:31:08 -05:00 committed by mbelinky
parent 606cd0d591
commit 37d6cb54d2
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/ios/Sources/Gateway/KeychainStore.swift
View File

@ -18,6 +18,9 @@ enum KeychainStore {
}
static func saveString(_ value: String, service: String, account: String) -> Bool {
// Delete-then-add ensures kSecAttrAccessible is always applied.
// SecItemUpdate cannot change the accessibility level of an existing item,
// so a stale item created with a weaker policy would retain it on update.
let data = Data(value.utf8)
let query: [String: Any] = [
kSecClass as String: kSecClassGenericPassword,
@ -25,10 +28,7 @@ enum KeychainStore {
kSecAttrAccount as String: account,
]
let update: [String: Any] = [kSecValueData as String: data]
let status = SecItemUpdate(query as CFDictionary, update as CFDictionary)
if status == errSecSuccess { return true }
if status != errSecItemNotFound { return false }
SecItemDelete(query as CFDictionary)
var insert = query
insert[kSecValueData as String] = data