How to get right to read/write file when passcode enabled on the device after device reboot

App & System Services Core OS
Vocera OP
Created Nov ’17
Replies 2
Boosts 0
Views 966
Participants 2

Hi All,


Sqlite is not able to open database once device passcode enabled after reboot.

Here is precondition:

1) Passcode enabled on the device.

2) Reboot device.

3) Leave the device unlocked.

4) Cause my App is VoIP application, OS will launch my upon notification. for example, receiving a message, and user slide notification to open the app.

5) app try to open a database during

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
...
    NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
    NSString *storePath = [[paths objectAtIndex:0] stringByAppendingPathComponent:DATA_BASE_NAME];
    int code = sqlite3_open([storePath fileSystemRepresentation], &m_DB);//Fail to open during reboot with passcode enabled
...
     return TRUE;
}


6) open data base will fail.


All other case are working fine except the above case.

1) Unlock device, tap to launch. Pass

2) Reboot device with no passcode, slide to open app, Pass


I think it is because that pass code enabled after Reboot, OS restrain app from accessing data.


How to hanlde this case, or any idea?


Thanks,

Replies  2
Boosts  0
Views  966
Participants  2
DTS Engineer OP
Apple
Nov ’17
Accepted Answer

If your app can run before the phone is unlocked, you need to make sure that the data it needs is available. There’s two types of data of interest here:

  • Keychain item — You control the available of keychain items via the 

    kSecAttrAccessible
    attribute.

  • File — For individual files you can control this via 

    NSURLFileProtectionKey
    key for 
    NSURL
    (or the older 
    NSFileProtectionKey
    for `NSFileManager).

SQLite is interesting because it uses a bunch of coordinated files (the database, the journal and so on). For that reason SQLite has an Apple-specific extension that lets you set the protection; check out the 

SQLITE_OPEN_FILEPROTECTION_xxx
constants in 
<sqlite3.h>
.

IMPORTANT As you make this change I encourage you to carefully consider exactly what data needs to be available before first unlock. For something to be available before first unlock you have to set the protection to ‘none’, which makes it easier for an attacker to access it. So, rather than change the protection on your entire database, you might want to leave the main database as it is and extract the small amount of data that you absolutely need before first unlock into a new database with no protection.

You can learn more about this stuff in the Protecting Data Using On-Disk Encryption section of the App Programming Guide for iOS. I also recommend reading iOS Security, which describes how this actually works.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
Vocera OP
Nov ’17

Thanks for your hint and information,


We have got an workaround to avoid read Data until user unlock the device.

0
How to get right to read/write file when passcode enabled on the device after device reboot
First post date Last post date
 
 
Q