objc2_security/generated/
SecAccessControl.rs

1//! This file has been automatically generated by `objc2`'s `header-translator`.
2//! DO NOT EDIT
3use core::ptr::NonNull;
4#[cfg(feature = "objc2")]
5use objc2::__framework_prelude::*;
6use objc2_core_foundation::*;
7
8use crate::*;
9
10#[cfg(feature = "SecBase")]
11unsafe impl ConcreteType for SecAccessControl {
12    /// Returns the type identifier of SecAccessControl instances.
13    ///
14    /// Returns: The CFTypeID of SecAccessControl instances.
15    #[doc(alias = "SecAccessControlGetTypeID")]
16    #[inline]
17    fn type_id() -> CFTypeID {
18        extern "C-unwind" {
19            fn SecAccessControlGetTypeID() -> CFTypeID;
20        }
21        unsafe { SecAccessControlGetTypeID() }
22    }
23}
24
25/// User presence policy using biometry or Passcode. Biometry does not have to be available or enrolled. Item is still
26/// accessible by Touch ID even if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled.
27///
28///
29/// Constraint: Touch ID (any finger) or Face ID. Touch ID or Face ID must be available. With Touch ID
30/// at least one finger must be enrolled. With Face ID user has to be enrolled. Item is still accessible by Touch ID even
31/// if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled.
32///
33///
34/// Deprecated, please use kSecAccessControlBiometryAny instead.
35///
36///
37/// Constraint: Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must
38/// be enrolled. When fingers are added or removed, the item is invalidated. When Face ID is re-enrolled this item is invalidated.
39///
40///
41/// Deprecated, please use kSecAccessControlBiometryCurrentSet instead.
42///
43///
44/// Constraint: Device passcode
45///
46///
47/// Deprecated, please use kSecAccessControlCompanion instead.
48///
49///
50/// Constraint: Paired companion device
51///
52///
53/// Constraint logic operation: when using more than one constraint, at least one of them must be satisfied.
54///
55///
56/// Constraint logic operation: when using more than one constraint, all must be satisfied.
57///
58///
59/// Create access control for private key operations (i.e. sign operation)
60///
61///
62/// Security: Application provided password for data encryption key generation. This is not a constraint but additional item
63/// encryption mechanism.
64///
65/// See also [Apple's documentation](https://developer.apple.com/documentation/security/secaccesscontrolcreateflags?language=objc)
66// NS_OPTIONS
67#[repr(transparent)]
68#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
69pub struct SecAccessControlCreateFlags(pub CFOptionFlags);
70bitflags::bitflags! {
71    impl SecAccessControlCreateFlags: CFOptionFlags {
72        #[doc(alias = "kSecAccessControlUserPresence")]
73        const UserPresence = 1<<0;
74        #[doc(alias = "kSecAccessControlBiometryAny")]
75        const BiometryAny = 1<<1;
76        #[doc(alias = "kSecAccessControlTouchIDAny")]
77#[deprecated]
78        const TouchIDAny = 1<<1;
79        #[doc(alias = "kSecAccessControlBiometryCurrentSet")]
80        const BiometryCurrentSet = 1<<3;
81        #[doc(alias = "kSecAccessControlTouchIDCurrentSet")]
82#[deprecated]
83        const TouchIDCurrentSet = 1<<3;
84        #[doc(alias = "kSecAccessControlDevicePasscode")]
85        const DevicePasscode = 1<<4;
86        #[doc(alias = "kSecAccessControlWatch")]
87#[deprecated]
88        const Watch = 1<<5;
89        #[doc(alias = "kSecAccessControlCompanion")]
90        const Companion = 1<<5;
91        #[doc(alias = "kSecAccessControlOr")]
92        const Or = 1<<14;
93        #[doc(alias = "kSecAccessControlAnd")]
94        const And = 1<<15;
95        #[doc(alias = "kSecAccessControlPrivateKeyUsage")]
96        const PrivateKeyUsage = 1<<30;
97        #[doc(alias = "kSecAccessControlApplicationPassword")]
98        const ApplicationPassword = 1<<31;
99    }
100}
101
102#[cfg(feature = "objc2")]
103unsafe impl Encode for SecAccessControlCreateFlags {
104    const ENCODING: Encoding = CFOptionFlags::ENCODING;
105}
106
107#[cfg(feature = "objc2")]
108unsafe impl RefEncode for SecAccessControlCreateFlags {
109    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
110}
111
112#[cfg(feature = "SecBase")]
113impl SecAccessControl {
114    /// Creates new access control object based on protection type and additional flags.
115    ///
116    /// Created access control object should be used as a value for kSecAttrAccessControl attribute in SecItemAdd,
117    /// SecItemUpdate or SecKeyGeneratePair functions.  Accessing keychain items or performing operations on keys which are
118    /// protected by access control objects can block the execution because of UI which can appear to satisfy the access control
119    /// conditions, therefore it is recommended to either move those potentially blocking operations out of the main
120    /// application thread or use combination of kSecUseAuthenticationContext and kSecUseAuthenticationUI attributes to control
121    /// where the UI interaction can appear.
122    ///
123    /// Parameter `allocator`: Allocator to be used by this instance.
124    ///
125    /// Parameter `protection`: Protection class to be used for the item. One of kSecAttrAccessible constants.
126    ///
127    /// Parameter `flags`: If no flags are set then all operations are allowed.
128    ///
129    /// Parameter `error`: Additional error information filled in case of failure.
130    ///
131    /// Returns: Newly created access control object.
132    #[doc(alias = "SecAccessControlCreateWithFlags")]
133    #[cfg(feature = "SecBase")]
134    #[inline]
135    pub unsafe fn with_flags(
136        allocator: Option<&CFAllocator>,
137        protection: &CFType,
138        flags: SecAccessControlCreateFlags,
139        error: *mut *mut CFError,
140    ) -> Option<CFRetained<SecAccessControl>> {
141        extern "C-unwind" {
142            fn SecAccessControlCreateWithFlags(
143                allocator: Option<&CFAllocator>,
144                protection: &CFType,
145                flags: SecAccessControlCreateFlags,
146                error: *mut *mut CFError,
147            ) -> Option<NonNull<SecAccessControl>>;
148        }
149        let ret = unsafe { SecAccessControlCreateWithFlags(allocator, protection, flags, error) };
150        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
151    }
152}
153
154#[cfg(feature = "SecBase")]
155#[deprecated = "renamed to `SecAccessControl::with_flags`"]
156#[inline]
157pub unsafe extern "C-unwind" fn SecAccessControlCreateWithFlags(
158    allocator: Option<&CFAllocator>,
159    protection: &CFType,
160    flags: SecAccessControlCreateFlags,
161    error: *mut *mut CFError,
162) -> Option<CFRetained<SecAccessControl>> {
163    extern "C-unwind" {
164        fn SecAccessControlCreateWithFlags(
165            allocator: Option<&CFAllocator>,
166            protection: &CFType,
167            flags: SecAccessControlCreateFlags,
168            error: *mut *mut CFError,
169        ) -> Option<NonNull<SecAccessControl>>;
170    }
171    let ret = unsafe { SecAccessControlCreateWithFlags(allocator, protection, flags, error) };
172    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
173}