Is it expected/documented that the atomically parameter prevents the
inheritance of NSFileProtectionType?
AFAIK it’s not documented and, as demonstrated by this thread, expectations depend on experience (-:
What’s happening here is:
Passing YES to atomically triggers a safe save.
The standard algorithm for a safe save is to save the data in a temporary file and then rename it to the new name, thus replacing the old file with the new file.
The temporary directory has default data protection, and so that’s what the temporary file gets.
Data protection is an attribute of the file, not the name, and thus the final file ends up with the temporary file’s data protection.
The easy fix here is to move over to -writeToURL:options:error:
which takes a NSDataWritingOptions
parameter which allows you to specify both NSDataWritingAtomic
and various NSDataWritingFileProtectionXxx
The copied item does not inherit the NSFileProtectionType of its new
Oh boy, that’s a whole different kettle of fish, one that depends how you define what a file is. Is it just the bytes in the data fork? What about metadata, like the creation date? What about the extended attributes? Different people have different definitions and those differences are reflected in various APIs. Indeed, this even bubbles up to the user level, for example:
Data protection is just one piece of metadata and it’s clear that FileManager
has chosen to preserver it.
Do I have to manually change the attribute after the item has been
That’s less than ideal from a security perspective because there’s a window of time where it’s unprotected.
How big is this file? If it’s tiny you could just copying it by using NSData
to read the old one and write the new one. NSData
gives you control over data protection and thus there’s no window of vulnerability.
If the file is too large to fit in memory then I’d have to do some more research as to how best to copy it.
Share and Enjoy
Quinn “The Eskimo!” @ Developer Technical Support @ Applelet myEmail = "eskimo" + "1" + "@" + "apple.com"
Hi @eskimo - My app is currently set to Complete data protection. Because of my usage of UserDefaults, I want to lower this NSFileProtectionCompleteUntilFirstUserAuthentication. How do I 'migrate' the data protection level of UserDefaults files/storage?