1*6777b538SAndroid Build Coastguard Worker// Copyright 2024 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker// Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker// found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker#include "crypto/apple_keychain_util.h" 6*6777b538SAndroid Build Coastguard Worker 7*6777b538SAndroid Build Coastguard Worker#include <string> 8*6777b538SAndroid Build Coastguard Worker 9*6777b538SAndroid Build Coastguard Worker#import <Security/Security.h> 10*6777b538SAndroid Build Coastguard Worker 11*6777b538SAndroid Build Coastguard Worker#include "base/apple/bridging.h" 12*6777b538SAndroid Build Coastguard Worker#include "base/apple/foundation_util.h" 13*6777b538SAndroid Build Coastguard Worker#include "base/apple/scoped_cftyperef.h" 14*6777b538SAndroid Build Coastguard Worker#include "base/strings/sys_string_conversions.h" 15*6777b538SAndroid Build Coastguard Worker#include "crypto/apple_keychain_v2.h" 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Workernamespace crypto { 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker#if !BUILDFLAG(IS_IOS) 20*6777b538SAndroid Build Coastguard Workerbool ExecutableHasKeychainAccessGroupEntitlement( 21*6777b538SAndroid Build Coastguard Worker const std::string& keychain_access_group) { 22*6777b538SAndroid Build Coastguard Worker base::apple::ScopedCFTypeRef<SecTaskRef> task(SecTaskCreateFromSelf(nullptr)); 23*6777b538SAndroid Build Coastguard Worker if (!task) { 24*6777b538SAndroid Build Coastguard Worker return false; 25*6777b538SAndroid Build Coastguard Worker } 26*6777b538SAndroid Build Coastguard Worker 27*6777b538SAndroid Build Coastguard Worker base::apple::ScopedCFTypeRef<CFTypeRef> entitlement_value_cftype( 28*6777b538SAndroid Build Coastguard Worker AppleKeychainV2::GetInstance().TaskCopyValueForEntitlement( 29*6777b538SAndroid Build Coastguard Worker task.get(), CFSTR("keychain-access-groups"), nullptr)); 30*6777b538SAndroid Build Coastguard Worker if (!entitlement_value_cftype) { 31*6777b538SAndroid Build Coastguard Worker return false; 32*6777b538SAndroid Build Coastguard Worker } 33*6777b538SAndroid Build Coastguard Worker 34*6777b538SAndroid Build Coastguard Worker NSArray* entitlement_value_nsarray = base::apple::CFToNSPtrCast( 35*6777b538SAndroid Build Coastguard Worker base::apple::CFCast<CFArrayRef>(entitlement_value_cftype.get())); 36*6777b538SAndroid Build Coastguard Worker if (!entitlement_value_nsarray) { 37*6777b538SAndroid Build Coastguard Worker return false; 38*6777b538SAndroid Build Coastguard Worker } 39*6777b538SAndroid Build Coastguard Worker 40*6777b538SAndroid Build Coastguard Worker return [entitlement_value_nsarray 41*6777b538SAndroid Build Coastguard Worker containsObject:base::SysUTF8ToNSString(keychain_access_group)]; 42*6777b538SAndroid Build Coastguard Worker} 43*6777b538SAndroid Build Coastguard Worker#endif // !BUILDFLAG(IS_IOS) 44*6777b538SAndroid Build Coastguard Worker 45*6777b538SAndroid Build Coastguard Worker} // namespace crypto 46