[PLAT-8604] Disable NSFileProtectionComplete
for crash reports
#1415
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Goal
Fix reporting of crashes that occur while data protection is enabled and the device is locked.
Crash reports were failing to be written, with diagnostic logs like the following:
Changeset
If the default protection is
NSFileProtectionComplete
, changes the protection for the crash reports directory (and contents) andrun_context
toNSFileProtectionCompleteUnlessOpen
.NSFileProtectionCompleteUnlessOpen
allows new files to be created while the device is locked, but once closed, cannot be opened again until the device is unlocked. This allows crash reports to be written while preserving security through data protection.Stores config JSON in memory to allow inclusion in crash reports without reading from a file which may be inaccessible.
Testing
Manually verified crash reporting using test app.