1 /* * Copyright (c) 2000-2008,2011-2014 Apple Inc. All Rights Reserved.
3 * @APPLE_LICENSE_HEADER_START@
5 * This file contains Original Code and/or Modifications of Original Code
6 * as defined in and that are subject to the Apple Public Source License
7 * Version 2.0 (the 'License'). You may not use this file except in
8 * compliance with the License. Please obtain a copy of the License at
9 * http://www.opensource.apple.com/apsl/ and read it before using this
12 * The Original Code and all software distributed under the License are
13 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
17 * Please see the License for the specific language governing rights and
18 * limitations under the License.
20 * @APPLE_LICENSE_HEADER_END@
24 @header SecKeychainItem
25 SecKeychainItem implements an item which may be stored in a SecKeychain, with publicly
26 visible attributes and encrypted data. Access to the data of an item is protected
27 using strong cryptographic algorithms.
30 #ifndef _SECURITY_SECKEYCHAINITEM_H_
31 #define _SECURITY_SECKEYCHAINITEM_H_
33 #include <AvailabilityMacros.h>
34 #include <CoreFoundation/CFData.h>
35 #include <Security/SecBase.h>
36 #include <Security/cssmapple.h>
38 #if defined(__cplusplus)
42 CF_ASSUME_NONNULL_BEGIN
45 @enum ItemClassConstants
46 @abstract Specifies a keychain item's class code.
47 @constant kSecInternetPasswordItemClass Indicates that the item is an Internet password.
48 @constant kSecGenericPasswordItemClass Indicates that the item is a generic password.
49 @constant kSecAppleSharePasswordItemClass Indicates that the item is an AppleShare password.
50 Note: AppleShare passwords are no longer used by OS X, starting in Leopard (10.5). Use of this item class is deprecated in OS X 10.9 and later; kSecInternetPasswordItemClass should be used instead when storing or looking up passwords for an Apple Filing Protocol (AFP) server.
51 @constant kSecCertificateItemClass Indicates that the item is a digital certificate.
52 @constant kSecPublicKeyItemClass Indicates that the item is a public key.
53 @constant kSecPrivateKeyItemClass Indicates that the item is a private key.
54 @constant kSecSymmetricKeyItemClass Indicates that the item is a symmetric key.
55 @discussion The SecItemClass enumeration defines constants your application can use to specify the type of the keychain item you wish to create, dispose, add, delete, update, copy, or locate. You can also use these constants with the tag constant SecItemAttr.
57 typedef CF_ENUM(FourCharCode
, SecItemClass
)
59 kSecInternetPasswordItemClass
= 'inet',
60 kSecGenericPasswordItemClass
= 'genp',
61 kSecAppleSharePasswordItemClass
CF_ENUM_DEPRECATED(10_0
, 10_9
, NA
, NA
) = 'ashp',
62 kSecCertificateItemClass
= 0x80001000,
63 kSecPublicKeyItemClass
= 0x0000000F,
64 kSecPrivateKeyItemClass
= 0x00000010,
65 kSecSymmetricKeyItemClass
= 0x00000011
69 @enum ItemAttributeConstants
70 @abstract Specifies keychain item attributes.
71 @constant kSecCreationDateItemAttr (read-only) Identifies the creation date attribute. You use this tag to get a value of type string that represents the date the item was created, expressed in Zulu Time format ("YYYYMMDDhhmmSSZ"). This format is identical to CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE (cssmtype.h). When specifying the creation date as input to a function (e.g. SecKeychainSearchCreateFromAttributes), you may alternatively provide a numeric value of type UInt32 or SInt64, expressed as seconds since 1/1/1904 (DateTimeUtils.h).
72 @constant kSecModDateItemAttr (read-only) Identifies the modification date attribute. You use this tag to get a value of type string that represents the last time the item was updated, expressed in Zulu Time format ("YYYYMMDDhhmmSSZ"). This format is identical to CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE (cssmtype.h). When specifying the modification date as input to a function (e.g. SecKeychainSearchCreateFromAttributes), you may alternatively provide a numeric value of type UInt32 or SInt64, expressed as seconds since 1/1/1904 (DateTimeUtils.h).
73 @constant kSecDescriptionItemAttr Identifies the description attribute. You use this tag to set or get a value of type string that represents a user-visible string describing this particular kind of item (e.g. "disk image password").
74 @constant kSecCommentItemAttr Identifies the comment attribute. You use this tag to set or get a value of type string that represents a user-editable string containing comments for this item.
75 @constant kSecCreatorItemAttr Identifies the creator attribute. You use this tag to set or get a value of type FourCharCode that represents the item's creator.
76 @constant kSecTypeItemAttr Identifies the type attribute. You use this tag to set or get a value of type FourCharCode that represents the item's type.
77 @constant kSecScriptCodeItemAttr Identifies the script code attribute. You use this tag to set or get a value of type ScriptCode that represents the script code for all strings. (Note: use of this attribute is deprecated; string attributes should always be stored in UTF-8 encoding.)
78 @constant kSecLabelItemAttr Identifies the label attribute. You use this tag to set or get a value of type string that represents a user-editable string containing the label for this item.
79 @constant kSecInvisibleItemAttr Identifies the invisible attribute. You use this tag to set or get a value of type Boolean that indicates whether the item is invisible (i.e. should not be displayed).
80 @constant kSecNegativeItemAttr Identifies the negative attribute. You use this tag to set or get a value of type Boolean that indicates whether there is a valid password associated with this keychain item. This is useful if your application doesn't want a password for some particular service to be stored in the keychain, but prefers that it always be entered by the user. The item (typically invisible and with zero-length data) acts as a placeholder to say "don't use me."
81 @constant kSecCustomIconItemAttr Identifies the custom icon attribute. You use this tag to set or get a value of type Boolean that indicates whether the item has an application-specific icon. To do this, you must also set the attribute value identified by the tag kSecTypeItemAttr to a file type for which there is a corresponding icon in the desktop database, and set the attribute value identified by the tag kSecCreatorItemAttr to an appropriate application creator type. If a custom icon corresponding to the item's type and creator can be found in the desktop database, it will be displayed by Keychain Access. Otherwise, default icons are used. (Note: use of this attribute is deprecated; custom icons for keychain items are not supported in Mac OS X.)
82 @constant kSecAccountItemAttr Identifies the account attribute. You use this tag to set or get a string that represents the user account. This attribute applies to generic, Internet, and AppleShare password items.
83 @constant kSecServiceItemAttr Identifies the service attribute. You use this tag to set or get a string that represents the service associated with this item. This attribute is unique to generic password items.
84 @constant kSecGenericItemAttr Identifies the generic attribute. You use this tag to set or get a value of untyped bytes that represents a user-defined attribute. This attribute is unique to generic password items.
85 @constant kSecSecurityDomainItemAttr Identifies the security domain attribute. You use this tag to set or get a value that represents the Internet security domain. This attribute is unique to Internet password items.
86 @constant kSecServerItemAttr Identifies the server attribute. You use this tag to set or get a value of type string that represents the Internet server's domain name or IP address. This attribute is unique to Internet password items.
87 @constant kSecAuthenticationTypeItemAttr Identifies the authentication type attribute. You use this tag to set or get a value of type SecAuthenticationType that represents the Internet authentication scheme. This attribute is unique to Internet password items.
88 @constant kSecPortItemAttr Identifies the port attribute. You use this tag to set or get a value of type UInt32 that represents the Internet port number. This attribute is unique to Internet password items.
89 @constant kSecPathItemAttr Identifies the path attribute. You use this tag to set or get a string value that represents the path. This attribute is unique to Internet password items.
90 @constant kSecVolumeItemAttr Identifies the volume attribute. You use this tag to set or get a string value that represents the AppleShare volume. This attribute is unique to AppleShare password items. Note: AppleShare passwords are no longer used by OS X as of Leopard (10.5); Internet password items are used instead.
91 @constant kSecAddressItemAttr Identifies the address attribute. You use this tag to set or get a string value that represents the AppleTalk zone name, or the IP or domain name that represents the server address. This attribute is unique to AppleShare password items. Note: AppleShare passwords are no longer used by OS X as of Leopard (10.5); Internet password items are used instead.
92 @constant kSecSignatureItemAttr Identifies the server signature attribute. You use this tag to set or get a value of type SecAFPServerSignature that represents the server signature block. This attribute is unique to AppleShare password items. Note: AppleShare passwords are no longer used by OS X as of Leopard (10.5); Internet password items are used instead.
93 @constant kSecProtocolItemAttr Identifies the protocol attribute. You use this tag to set or get a value of type SecProtocolType that represents the Internet protocol. This attribute applies to AppleShare and Internet password items.
94 @constant kSecCertificateType Indicates a CSSM_CERT_TYPE type.
95 @constant kSecCertificateEncoding Indicates a CSSM_CERT_ENCODING type.
96 @constant kSecCrlType Indicates a CSSM_CRL_TYPE type.
97 @constant kSecCrlEncoding Indicates a CSSM_CRL_ENCODING type.
98 @constant kSecAlias Indicates an alias.
99 @discussion To obtain information about a certificate, use the CDSA Certificate Library (CL) API. To obtain information about a key, use the SecKeyGetCSSMKey function and the CDSA Cryptographic Service Provider (CSP) API.
101 typedef CF_ENUM(FourCharCode
, SecItemAttr
)
103 kSecCreationDateItemAttr
= 'cdat',
104 kSecModDateItemAttr
= 'mdat',
105 kSecDescriptionItemAttr
= 'desc',
106 kSecCommentItemAttr
= 'icmt',
107 kSecCreatorItemAttr
= 'crtr',
108 kSecTypeItemAttr
= 'type',
109 kSecScriptCodeItemAttr
= 'scrp',
110 kSecLabelItemAttr
= 'labl',
111 kSecInvisibleItemAttr
= 'invi',
112 kSecNegativeItemAttr
= 'nega',
113 kSecCustomIconItemAttr
= 'cusi',
114 kSecAccountItemAttr
= 'acct',
115 kSecServiceItemAttr
= 'svce',
116 kSecGenericItemAttr
= 'gena',
117 kSecSecurityDomainItemAttr
= 'sdmn',
118 kSecServerItemAttr
= 'srvr',
119 kSecAuthenticationTypeItemAttr
= 'atyp',
120 kSecPortItemAttr
= 'port',
121 kSecPathItemAttr
= 'path',
122 kSecVolumeItemAttr
= 'vlme',
123 kSecAddressItemAttr
= 'addr',
124 kSecSignatureItemAttr
= 'ssig',
125 kSecProtocolItemAttr
= 'ptcl',
126 kSecCertificateType
= 'ctyp',
127 kSecCertificateEncoding
= 'cenc',
128 kSecCrlType
= 'crtp',
129 kSecCrlEncoding
= 'crnc',
134 @typedef SecAFPServerSignature
135 @abstract Represents a 16-byte Apple File Protocol server signature block.
137 typedef UInt8 SecAFPServerSignature
[16];
140 @typedef SecPublicKeyHash
141 @abstract Represents a 20-byte public key hash.
143 typedef UInt8 SecPublicKeyHash
[20];
145 #pragma mark ---- Keychain Item Management ----
147 @function SecKeychainItemGetTypeID
148 @abstract Returns the type identifier of SecKeychainItem instances.
149 @result The CFTypeID of SecKeychainItem instances.
151 CFTypeID
SecKeychainItemGetTypeID(void);
154 @function SecKeychainItemModifyAttributesAndData
155 @abstract Updates an existing keychain item after changing its attributes or data.
156 @param itemRef A reference to the keychain item to modify.
157 @param attrList The list of attributes to modify, along with their new values. Pass NULL if you don't need to modify any attributes.
158 @param length The length of the buffer pointed to by data.
159 @param data Pointer to a buffer containing the data to store. Pass NULL if you don't need to modify the data.
160 @result A result code. See "Security Error Codes" (SecBase.h).
161 @discussion The keychain item is written to the keychain's permanent data store. If the keychain item has not previously been added to a keychain, a call to the SecKeychainItemModifyContent function does nothing and returns errSecSuccess.
163 OSStatus
SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef
, const SecKeychainAttributeList
* __nullable attrList
, UInt32 length
, const void * __nullable data
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
166 @function SecKeychainItemCreateFromContent
167 @abstract Creates a new keychain item from the supplied parameters.
168 @param itemClass A constant identifying the class of item to create.
169 @param attrList The list of attributes of the item to create.
170 @param length The length of the buffer pointed to by data.
171 @param data A pointer to a buffer containing the data to store.
172 @param initialAccess A reference to the access for this keychain item.
173 @param keychainRef A reference to the keychain in which to add the item.
174 @param itemRef On return, a pointer to a reference to the newly created keychain item (optional). When the item reference is no longer required, call CFRelease to deallocate memory occupied by the item.
175 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if not enough valid parameters are supplied, or errSecAllocate (-108) if there is not enough memory in the current heap zone to create the object.
177 OSStatus
SecKeychainItemCreateFromContent(SecItemClass itemClass
, SecKeychainAttributeList
*attrList
,
178 UInt32 length
, const void * __nullable data
, SecKeychainRef __nullable keychainRef
,
179 SecAccessRef __nullable initialAccess
, SecKeychainItemRef
* __nullable CF_RETURNS_RETAINED itemRef
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
182 @function SecKeychainItemModifyContent
183 @abstract Updates an existing keychain item after changing its attributes or data. This call should only be used in conjunction with SecKeychainItemCopyContent().
184 @param itemRef A reference to the keychain item to modify.
185 @param attrList The list of attributes to modify, along with their new values. Pass NULL if you don't need to modify any attributes.
186 @param length The length of the buffer pointed to by data.
187 @param data A pointer to a buffer containing the data to store. Pass NULL if you don't need to modify the data.
188 @result A result code. See "Security Error Codes" (SecBase.h).
190 OSStatus
SecKeychainItemModifyContent(SecKeychainItemRef itemRef
, const SecKeychainAttributeList
* __nullable attrList
, UInt32 length
, const void * __nullable data
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
193 @function SecKeychainItemCopyContent
194 @abstract Copies the data and/or attributes stored in the given keychain item. It is recommended that you use SecKeychainItemCopyAttributesAndData(). You must call SecKeychainItemFreeContent when you no longer need the attributes and data. If you want to modify the attributes returned here, use SecKeychainModifyContent().
195 @param itemRef A reference to the keychain item to modify.
196 @param itemClass On return, the item's class. Pass NULL if you don't require this information.
197 @param attrList On input, the list of attributes to retrieve. On output, the attributes are filled in. Pass NULL if you don't need to retrieve any attributes. You must call SecKeychainItemFreeContent when you no longer need the attributes.
198 @param length On return, the length of the buffer pointed to by outData.
199 @param outData On return, a pointer to a buffer containing the data in this item. Pass NULL if you don't need to retrieve the data. You must call SecKeychainItemFreeContent when you no longer need the data.
200 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if not enough valid parameters are supplied.
202 OSStatus
SecKeychainItemCopyContent(SecKeychainItemRef itemRef
, SecItemClass
* __nullable itemClass
, SecKeychainAttributeList
* __nullable attrList
, UInt32
* __nullable length
, void * __nullable
* __nullable outData
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
205 @function SecKeychainItemFreeContent
206 @abstract Releases the memory used by the keychain attribute list and the keychain data retrieved in a previous call to SecKeychainItemCopyContent.
207 @param attrList A pointer to the attribute list to release. Pass NULL to ignore this parameter.
208 @param data A pointer to the data buffer to release. Pass NULL to ignore this parameter.
210 OSStatus
SecKeychainItemFreeContent(SecKeychainAttributeList
* __nullable attrList
, void * __nullable data
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
213 @function SecKeychainItemCopyAttributesAndData
214 @abstract Copies the data and/or attributes stored in the given keychain item. You must call SecKeychainItemFreeAttributesAndData when you no longer need the attributes and data. If you want to modify the attributes returned here, use SecKeychainModifyAttributesAndData.
215 @param itemRef A reference to the keychain item to copy.
216 @param info A list of tags and formats of the attributes you wish to retrieve. Pass NULL if you don't need to retrieve any attributes. You can call SecKeychainAttributeInfoForItemID to obtain a list with all possible attribute tags and formats for the item's class.
217 @param itemClass On return, the item's class. Pass NULL if you don't require this information.
218 @param attrList On return, a pointer to the list of retrieved attributes. Pass NULL if you don't need to retrieve any attributes. You must call SecKeychainItemFreeAttributesAndData when you no longer need this list.
219 @param length On return, the length of the buffer pointed to by outData.
220 @param outData On return, a pointer to a buffer containing the data in this item. Pass NULL if you don't need to retrieve the data. You must call SecKeychainItemFreeAttributesAndData when you no longer need the data.
221 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if not enough valid parameters are supplied.
223 OSStatus
SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef
, SecKeychainAttributeInfo
* __nullable info
, SecItemClass
* __nullable itemClass
, SecKeychainAttributeList
* __nullable
* __nullable attrList
, UInt32
* __nullable length
, void * __nullable
* __nullable outData
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
226 @function SecKeychainItemFreeAttributesAndData
227 @abstract Releases the memory used by the keychain attribute list and the keychain data retrieved in a previous call to SecKeychainItemCopyAttributesAndData.
228 @param attrList A pointer to the attribute list to release. Pass NULL to ignore this parameter.
229 @param data A pointer to the data buffer to release. Pass NULL to ignore this parameter.
230 @result A result code. See "Security Error Codes" (SecBase.h).
232 OSStatus
SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList
* __nullable attrList
, void * __nullable data
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
235 @function SecKeychainItemDelete
236 @abstract Deletes a keychain item from the default keychain's permanent data store.
237 @param itemRef A keychain item reference of the item to delete.
238 @result A result code. See "Security Error Codes" (SecBase.h).
239 @discussion If itemRef has not previously been added to the keychain, SecKeychainItemDelete does nothing and returns errSecSuccess. IMPORTANT: SecKeychainItemDelete does not dispose the memory occupied by the item reference itself; use the CFRelease function when you are completely finished with an item.
241 OSStatus
SecKeychainItemDelete(SecKeychainItemRef itemRef
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
244 @function SecKeychainItemCopyKeychain
245 @abstract Copies an existing keychain reference from a keychain item.
246 @param itemRef A keychain item reference.
247 @param keychainRef On return, the keychain reference for the specified item. Release this reference by calling the CFRelease function.
248 @result A result code. See "Security Error Codes" (SecBase.h).
250 OSStatus
SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef
, SecKeychainRef
* __nonnull CF_RETURNS_RETAINED keychainRef
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
253 @function SecKeychainItemCreateCopy
254 @abstract Copies a keychain item.
255 @param itemRef A reference to the keychain item to copy.
256 @param destKeychainRef A reference to the keychain in which to insert the copied keychain item.
257 @param initialAccess The initial access for the copied keychain item.
258 @param itemCopy On return, a reference to the copied keychain item.
259 @result A result code. See "Security Error Codes" (SecBase.h).
261 OSStatus
SecKeychainItemCreateCopy(SecKeychainItemRef itemRef
, SecKeychainRef __nullable destKeychainRef
,
262 SecAccessRef __nullable initialAccess
, SecKeychainItemRef
* __nonnull CF_RETURNS_RETAINED itemCopy
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
265 @function SecKeychainItemCreatePersistentReference
266 @abstract Returns a CFDataRef which can be used as a persistent reference to the given keychain item. The data obtained can be turned back into a SecKeychainItemRef later by calling SecKeychainItemCopyFromPersistentReference().
267 @param itemRef A reference to a keychain item.
268 @param persistentItemRef On return, a CFDataRef containing a persistent reference. You must release this data reference by calling the CFRelease function.
269 @result A result code. See "Security Error Codes" (SecBase.h).
271 OSStatus
SecKeychainItemCreatePersistentReference(SecKeychainItemRef itemRef
, CFDataRef
* __nonnull CF_RETURNS_RETAINED persistentItemRef
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
275 @function SecKeychainItemCopyFromPersistentReference
276 @abstract Returns a SecKeychainItemRef, given a persistent reference previously obtained by calling SecKeychainItemCreatePersistentReference().
277 @param persistentItemRef A CFDataRef containing a persistent reference to a keychain item.
278 @param itemRef On return, a SecKeychainItemRef for the keychain item described by the persistent reference. You must release this item reference by calling the CFRelease function.
279 @result A result code. See "Security Error Codes" (SecBase.h).
281 OSStatus
SecKeychainItemCopyFromPersistentReference(CFDataRef persistentItemRef
, SecKeychainItemRef
* __nonnull CF_RETURNS_RETAINED itemRef
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
284 #pragma mark ---- CSSM Bridge Functions ----
286 @function SecKeychainItemGetDLDBHandle
287 @abstract Returns the CSSM_DL_DB_HANDLE for a given keychain item reference.
288 @param keyItemRef A keychain item reference.
289 @param dldbHandle On return, a CSSM_DL_DB_HANDLE for the keychain database containing the given item. The handle is valid until the keychain reference is released.
290 @result A result code. See "Security Error Codes" (SecBase.h).
291 @discussion This API is deprecated for 10.7. It should no longer be needed.
293 OSStatus
SecKeychainItemGetDLDBHandle(SecKeychainItemRef keyItemRef
, CSSM_DL_DB_HANDLE
* __nonnull dldbHandle
)
297 @function SecKeychainItemGetUniqueRecordID
298 @abstract Returns a CSSM_DB_UNIQUE_RECORD for the given keychain item reference.
299 @param itemRef A keychain item reference.
300 @param uniqueRecordID On return, a pointer to a CSSM_DB_UNIQUE_RECORD structure for the given item. The unique record is valid until the item reference is released.
301 @result A result code. See "Security Error Codes" (SecBase.h).
302 @discussion This API is deprecated for 10.7. It should no longer be needed.
304 OSStatus
SecKeychainItemGetUniqueRecordID(SecKeychainItemRef itemRef
, const CSSM_DB_UNIQUE_RECORD
* __nullable
* __nonnull uniqueRecordID
)
307 #pragma mark ---- Keychain Item Access Management ----
309 @function SecKeychainItemCopyAccess
310 @abstract Copies the access of a given keychain item.
311 @param itemRef A reference to a keychain item.
312 @param access On return, a reference to the keychain item's access.
313 @result A result code. See "Security Error Codes" (SecBase.h).
315 OSStatus
SecKeychainItemCopyAccess(SecKeychainItemRef itemRef
, SecAccessRef
* __nonnull CF_RETURNS_RETAINED access
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
318 @function SecKeychainItemSetAccess
319 @abstract Sets the access of a given keychain item.
320 @param itemRef A reference to a keychain item.
321 @param access A reference to an access to replace the keychain item's current access.
322 @result A result code. See "Security Error Codes" (SecBase.h).
324 OSStatus
SecKeychainItemSetAccess(SecKeychainItemRef itemRef
, SecAccessRef access
) API_UNAVAILABLE(ios
, watchos
, tvos
, bridgeos
, iosmac
);
326 CF_ASSUME_NONNULL_END
328 #if defined(__cplusplus)
332 #endif /* !_SECURITY_SECKEYCHAINITEM_H_ */