2 * Copyright (c) 2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 @header SecAccessControlPriv
26 SecAccessControl defines access rights for items.
29 #ifndef _SECURITY_SECACCESSCONTROLPRIV_H_
30 #define _SECURITY_SECACCESSCONTROLPRIV_H_
32 #include <Security/SecBase.h>
33 #include <CoreFoundation/CFError.h>
34 #include <CoreFoundation/CFData.h>
35 #include <CoreFoundation/CFDictionary.h>
39 /*! Creates new empty access control object. */
40 SecAccessControlRef
SecAccessControlCreate(CFAllocatorRef allocator
, CFErrorRef
*error
);
42 // Protection, currently only kSecAttrAccessible* constants are allowed. In future, another probable protection type might be CTK key object ID.
43 CFTypeRef
SecAccessControlGetProtection(SecAccessControlRef access_control
);
44 bool SecAccessControlSetProtection(SecAccessControlRef access_control
, CFTypeRef protection
, CFErrorRef
*error
);
46 /*! Represents constraint of the operation. */
47 typedef CFTypeRef SecAccessConstraintRef
;
49 /*! Creates constraint based on specified policy.
50 @param policy Identification of policy to be used.
52 SecAccessConstraintRef
SecAccessConstraintCreatePolicy(CFAllocatorRef allocator
, CFTypeRef policy
, CFErrorRef
*error
);
54 /*! Creates constraint which requires passcode verification. */
55 SecAccessConstraintRef
SecAccessConstraintCreatePasscode(CFAllocatorRef allocator
);
57 /*! Creates constraint which requires TouchID verification.*/
58 SecAccessConstraintRef
SecAccessConstraintCreateTouchIDAny(CFAllocatorRef allocator
, CFDataRef catacombUUID
);
60 /*! Creates constraint which requires TouchID verification.*/
61 SecAccessConstraintRef
SecAccessConstraintCreateTouchIDCurrentSet(CFAllocatorRef allocator
, CFDataRef catacombUUID
, CFDataRef bioDbHash
);
63 /*! Creates constraint composed of other constraints.
64 @param numRequired Number of constraints required to be satisfied in order to consider overal constraint satisfied.
65 @param constraints Array of constraints to be chosen from.
67 SecAccessConstraintRef
SecAccessConstraintCreateKofN(CFAllocatorRef allocator
, size_t numRequired
, CFArrayRef constraints
, CFErrorRef
*error
);
69 /*! Adds new constraint for specified operation.
70 @param access_control Instance of access control object to add constraint to.
71 @param operation Operation type.
72 @param constraint Constraint object, created by one of SecAccessControlConstraintCreate() functions or kCFBooleanTrue
73 meaning that operation will be always allowed.
75 bool SecAccessControlAddConstraintForOperation(SecAccessControlRef access_control
, CFTypeRef operation
,
76 SecAccessConstraintRef constraint
, CFErrorRef
*error
);
78 /*! Retrieves dictionary with constraint applicable for specified operation.
79 @param access_control Instance of access control object to query.
80 @param operation Operation type.
81 @return Dictionary or kCFBooleanTrue representing constraint applied for requested operation. If the operation
82 is not allowed at all, NULL is returned.
84 SecAccessConstraintRef
SecAccessControlGetConstraint(SecAccessControlRef access_control
, CFTypeRef operation
);
86 /*! Serializes constraint applicable for specified operation into binary data form.
87 @param access_control Instance of access control object to query.
88 @param operation Operation type.
89 @return Binary data representing constraint applied for requested operation
91 CFDataRef
SecAccessControlCopyConstraintData(SecAccessControlRef access_control
, CFTypeRef operation
);
93 /*! Retrieves dictionary with constraints keyed by operations (i.e. the ACL part of access control object).
94 @return Dictionary with all constraints keyed by operation types. Returns NULL if no operations are constrained.
96 CFDictionaryRef
SecAccessControlGetConstraints(SecAccessControlRef access_control
);
98 /*! Sets dictionary with constraints for access control object.
99 @param access_control Instance of access control object to set default access group to.
100 @param constraints Constraint with all constraints.
102 void SecAccessControlSetConstraints(SecAccessControlRef access_control
, CFDictionaryRef constraints
);
104 /*! Sets if application passwor is required.
105 @param require Indicate if password is required or not.
107 void SecAccessControlSetRequirePassword(SecAccessControlRef access_control
, bool require
);
109 /*! Gets boolean value if application password is required.*/
110 bool SecAccessControlGetRequirePassword(SecAccessControlRef access_control
);
112 /*! Sets if acl is bound.
113 @param bound Indicate if password is bound or not.
115 void SecAccessControlSetBound(SecAccessControlRef access_control
, bool bound
);
117 /*! Gets boolean value if acl is bound.*/
118 bool SecAccessControlIsBound(SecAccessControlRef access_control
);
120 /*! Creates Access control instance from data serialized by SecAccessControlCopyData(). */
121 SecAccessControlRef
SecAccessControlCreateFromData(CFAllocatorRef allocator
, CFDataRef data
, CFErrorRef
*error
);
123 /*! Serializes all access control object into binary data form. */
124 CFDataRef
SecAccessControlCopyData(SecAccessControlRef access_control
);
128 #endif // _SECURITY_SECACCESSCONTROLPRIV_H_
projects / apple / security.git / blob