MacOSCryptoSettings: Disable encryption if keychain entitlement is missing #9679
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
As noted in the discussion of #9584 we have a need to be a bit smarter in how and when we enable cryposettings on MacOS. Traditionally this was done at compile time by doing a no-op for the
getKey()
in the dummy builds, but this should really be done by examining the processes' entitlements to know whether the binary can access the encrypted settings. The entitlement that guards this access is thekeychain-access-group
permission.Normally, when this entitlement is missing, the user is greeted with a login prompt asking for the user's password before permitting them access to the keychain, which is a minor annoyance for developers. This PR will also make unsigned developer builds fall back to plaintext settings instead of triggering such a prompt.
Reference
JIRA Issue: VPN-5486
Inciting PR: #9584
Discussion: here
Checklist