objc2_security/generated/

SecAccessControl.rs

//! This file has been automatically generated by `objc2`'s `header-translator`.
//! DO NOT EDIT
use core::ptr::NonNull;
#[cfg(feature = "objc2")]
use objc2::__framework_prelude::*;
use objc2_core_foundation::*;

use crate::*;

#[cfg(feature = "SecBase")]
unsafe impl ConcreteType for SecAccessControl {
    /// Returns the type identifier of SecAccessControl instances.
    ///
    /// Returns: The CFTypeID of SecAccessControl instances.
    #[doc(alias = "SecAccessControlGetTypeID")]
    #[inline]
    fn type_id() -> CFTypeID {
        extern "C-unwind" {
            fn SecAccessControlGetTypeID() -> CFTypeID;
        }
        unsafe { SecAccessControlGetTypeID() }
    }
}

/// User presence policy using biometry or Passcode. Biometry does not have to be available or enrolled. Item is still
/// accessible by Touch ID even if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled.
///
///
/// Constraint: Touch ID (any finger) or Face ID. Touch ID or Face ID must be available. With Touch ID
/// at least one finger must be enrolled. With Face ID user has to be enrolled. Item is still accessible by Touch ID even
/// if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled.
///
///
/// Deprecated, please use kSecAccessControlBiometryAny instead.
///
///
/// Constraint: Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must
/// be enrolled. When fingers are added or removed, the item is invalidated. When Face ID is re-enrolled this item is invalidated.
///
///
/// Deprecated, please use kSecAccessControlBiometryCurrentSet instead.
///
///
/// Constraint: Device passcode
///
///
/// Deprecated, please use kSecAccessControlCompanion instead.
///
///
/// Constraint: Paired companion device
///
///
/// Constraint logic operation: when using more than one constraint, at least one of them must be satisfied.
///
///
/// Constraint logic operation: when using more than one constraint, all must be satisfied.
///
///
/// Create access control for private key operations (i.e. sign operation)
///
///
/// Security: Application provided password for data encryption key generation. This is not a constraint but additional item
/// encryption mechanism.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/secaccesscontrolcreateflags?language=objc)
// NS_OPTIONS
#[repr(transparent)]
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
pub struct SecAccessControlCreateFlags(pub CFOptionFlags);
bitflags::bitflags! {
    impl SecAccessControlCreateFlags: CFOptionFlags {
        #[doc(alias = "kSecAccessControlUserPresence")]
        const UserPresence = 1<<0;
        #[doc(alias = "kSecAccessControlBiometryAny")]
        const BiometryAny = 1<<1;
#[deprecated]
        #[doc(alias = "kSecAccessControlTouchIDAny")]
        const TouchIDAny = 1<<1;
        #[doc(alias = "kSecAccessControlBiometryCurrentSet")]
        const BiometryCurrentSet = 1<<3;
#[deprecated]
        #[doc(alias = "kSecAccessControlTouchIDCurrentSet")]
        const TouchIDCurrentSet = 1<<3;
        #[doc(alias = "kSecAccessControlDevicePasscode")]
        const DevicePasscode = 1<<4;
#[deprecated]
        #[doc(alias = "kSecAccessControlWatch")]
        const Watch = 1<<5;
        #[doc(alias = "kSecAccessControlCompanion")]
        const Companion = 1<<5;
        #[doc(alias = "kSecAccessControlOr")]
        const Or = 1<<14;
        #[doc(alias = "kSecAccessControlAnd")]
        const And = 1<<15;
        #[doc(alias = "kSecAccessControlPrivateKeyUsage")]
        const PrivateKeyUsage = 1<<30;
        #[doc(alias = "kSecAccessControlApplicationPassword")]
        const ApplicationPassword = 1<<31;
    }
}

#[cfg(feature = "objc2")]
unsafe impl Encode for SecAccessControlCreateFlags {
    const ENCODING: Encoding = CFOptionFlags::ENCODING;
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for SecAccessControlCreateFlags {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

/// Creates new access control object based on protection type and additional flags.
///
/// Created access control object should be used as a value for kSecAttrAccessControl attribute in SecItemAdd,
/// SecItemUpdate or SecKeyGeneratePair functions.  Accessing keychain items or performing operations on keys which are
/// protected by access control objects can block the execution because of UI which can appear to satisfy the access control
/// conditions, therefore it is recommended to either move those potentially blocking operations out of the main
/// application thread or use combination of kSecUseAuthenticationContext and kSecUseAuthenticationUI attributes to control
/// where the UI interaction can appear.
///
/// Parameter `allocator`: Allocator to be used by this instance.
///
/// Parameter `protection`: Protection class to be used for the item. One of kSecAttrAccessible constants.
///
/// Parameter `flags`: If no flags are set then all operations are allowed.
///
/// Parameter `error`: Additional error information filled in case of failure.
///
/// Returns: Newly created access control object.
#[cfg(feature = "SecBase")]
#[inline]
pub unsafe extern "C-unwind" fn SecAccessControlCreateWithFlags(
    allocator: Option<&CFAllocator>,
    protection: &CFType,
    flags: SecAccessControlCreateFlags,
    error: *mut *mut CFError,
) -> Option<CFRetained<SecAccessControl>> {
    extern "C-unwind" {
        fn SecAccessControlCreateWithFlags(
            allocator: Option<&CFAllocator>,
            protection: &CFType,
            flags: SecAccessControlCreateFlags,
            error: *mut *mut CFError,
        ) -> Option<NonNull<SecAccessControl>>;
    }
    let ret = unsafe { SecAccessControlCreateWithFlags(allocator, protection, flags, error) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}