use crate::base::{Error, Result};
use core_foundation::base::{kCFAllocatorDefault, CFOptionFlags, TCFType};
use core_foundation::string::CFString;
use core_foundation::{declare_TCFType, impl_TCFType};
use security_framework_sys::access_control::{
kSecAttrAccessibleAfterFirstUnlock, kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, kSecAttrAccessibleWhenUnlocked,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly, SecAccessControlCreateWithFlags,
SecAccessControlGetTypeID,
};
use security_framework_sys::base::{errSecParam, SecAccessControlRef};
use std::fmt;
use std::ptr;
declare_TCFType! {
SecAccessControl, SecAccessControlRef
}
impl_TCFType!(
SecAccessControl,
SecAccessControlRef,
SecAccessControlGetTypeID
);
unsafe impl Sync for SecAccessControl {}
unsafe impl Send for SecAccessControl {}
pub enum ProtectionMode {
AccessibleWhenPasscodeSetThisDeviceOnly,
AccessibleWhenUnlockedThisDeviceOnly,
AccessibleWhenUnlocked,
AccessibleAfterFirstUnlockThisDeviceOnly,
AccessibleAfterFirstUnlock,
}
impl SecAccessControl {
pub fn create_with_flags(flags: CFOptionFlags) -> Result<Self> {
Self::create_with_protection(None, flags)
}
pub fn create_with_protection(protection: Option<ProtectionMode>, flags: CFOptionFlags) -> Result<Self> {
let protection_val = protection.map(|v| {
match v {
ProtectionMode::AccessibleWhenPasscodeSetThisDeviceOnly => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly) },
ProtectionMode::AccessibleWhenUnlockedThisDeviceOnly => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleWhenUnlockedThisDeviceOnly) },
ProtectionMode::AccessibleWhenUnlocked => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleWhenUnlocked) },
ProtectionMode::AccessibleAfterFirstUnlockThisDeviceOnly => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly) },
ProtectionMode::AccessibleAfterFirstUnlock => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleAfterFirstUnlock) },
}
}).unwrap_or_else(|| {
unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleWhenUnlocked) }
});
unsafe {
let access_control = SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
protection_val.as_CFTypeRef(),
flags,
ptr::null_mut(),
);
if access_control.is_null() {
Err(Error::from_code(errSecParam))
} else {
Ok(Self::wrap_under_create_rule(access_control))
}
}
}
}
impl fmt::Debug for SecAccessControl {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("SecAccessControl").finish_non_exhaustive()
}
}