Skip to content

Commit cf122ce

Browse files
committed
iOS: harden Keychain storage with delete-then-add and accessibility attribute
1 parent eb35fb7 commit cf122ce

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

apps/ios/Sources/Gateway/KeychainStore.swift

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,17 +18,17 @@ enum KeychainStore {
1818
}
1919

2020
static func saveString(_ value: String, service: String, account: String) -> Bool {
21+
// Delete-then-add ensures kSecAttrAccessible is always applied.
22+
// SecItemUpdate cannot change the accessibility level of an existing item,
23+
// so a stale item created with a weaker policy would retain it on update.
2124
let data = Data(value.utf8)
2225
let query: [String: Any] = [
2326
kSecClass as String: kSecClassGenericPassword,
2427
kSecAttrService as String: service,
2528
kSecAttrAccount as String: account,
2629
]
2730

28-
let update: [String: Any] = [kSecValueData as String: data]
29-
let status = SecItemUpdate(query as CFDictionary, update as CFDictionary)
30-
if status == errSecSuccess { return true }
31-
if status != errSecItemNotFound { return false }
31+
SecItemDelete(query as CFDictionary)
3232

3333
var insert = query
3434
insert[kSecValueData as String] = data

0 commit comments

Comments
 (0)