Ensure sdk directory has no file protections (#217)

Without this, apps that set the protection entitlement of `NSURLFileProtectionNone` are likely to crash when the device is locked
bitdriftlabs · Feb 10, 2025 · 341a8f6 · 341a8f6
1 parent 6a5b8b7
commit 341a8f6
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 2 deletions.
diff --git a/examples/swift/hello_world/BUILD b/examples/swift/hello_world/BUILD
@@ -36,6 +36,7 @@ swift_library(
 ios_application(
     name = "ios_app",
     bundle_id = "io.bitdrift.example.helloworld",
+    entitlements = "Protected.entitlements",
     families = [
         "iphone",
         "ipad",
@@ -66,6 +67,7 @@ swift_library(
 ios_application(
     name = "hello_world_app",
     bundle_id = "io.bitdrift.example.helloworld",
+    entitlements = "Protected.entitlements",
     families = [
         "iphone",
         "ipad",

diff --git a/examples/swift/hello_world/Protected.entitlements b/examples/swift/hello_world/Protected.entitlements
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.developer.default-data-protection</key>
+	<string>NSFileProtectionComplete</string>
+</dict>
+</plist>
diff --git a/platform/swift/source/LoggerBridge.swift b/platform/swift/source/LoggerBridge.swift
@@ -10,6 +10,31 @@ import Foundation
 
 typealias LoggerID = Int64
 
+/// Creates the directory we'll use for the SDK's ring buffer and other storage files,
+/// and disables file protection on it to prevent the app from crashing with EXEC_BAD_ACCESS
+/// when the device is locked. Failing to set the protection policy on the directory will result
+/// in a nil logger.
+///
+/// - parameter path: The path to be created and/or set to none protection
+private func makeDirectoryAndDisableProtection(at path: String) throws {
+    let url = NSURL(fileURLWithPath: path)
+    let manager = FileManager.default
+    if !manager.fileExists(atPath: path) {
+        try manager.createDirectory(
+            atPath: path,
+            withIntermediateDirectories: true,
+            attributes: [FileAttributeKey.protectionKey: FileProtectionType.none]
+        )
+        return
+    }
+
+    var fileProtection: AnyObject?
+    try url.getResourceValue(&fileProtection, forKey: .fileProtectionKey)
+    if let protection = fileProtection as? FileProtectionType, protection != .none {
+        try url.setResourceValue(FileProtectionType.none, forKey: .fileProtectionKey)
+    }
+}
+
 /// A wrapper around Rust logger ID that makes it possible to call Rust logger methods.
 /// It shutdowns underlying Rust logger on release.
 final class LoggerBridge: LoggerBridging {
@@ -30,6 +55,14 @@ final class LoggerBridge: LoggerBridging {
         network: Network?,
         errorReporting: RemoteErrorReporting
     ) {
+        do {
+            try bufferDirectoryPath.map(makeDirectoryAndDisableProtection(at:))
+        } catch {
+            // To be safe we don't initialize the logger if we can't create the directory or set
+            // the file protection policy.
+            return nil
+        }
+
         let loggerID = capture_create_logger(
             bufferDirectoryPath,
             apiKey,

diff --git a/platform/swift/source/ObjCWrapper.h b/platform/swift/source/ObjCWrapper.h
@@ -5,8 +5,6 @@
 // LICENSE file or at:
 // https://polyformproject.org/wp-content/uploads/2020/06/PolyForm-Shield-1.0.0.txt
 
-#import <UIKit/UIKit.h>
-
 @interface ObjCWrapper: NSObject
 
 /**