Function

SecAccessControlCreateWithFlags

Creates a new access control object with the specified protection type and flags.

Declaration

SecAccessControlRef SecAccessControlCreateWithFlags(CFAllocatorRef allocator, CFTypeRef protection, SecAccessControlCreateFlags flags, CFErrorRef  _Nullable *error);

Parameters

allocator

The allocator to use to allocate memory for the new SecAccessControlRef object. Pass NULL or kCFAllocatorDefault to allocate memory for the new allocator using the default allocator.

protection

Protection class to be used for the item. Use one of the values that go with the kSecAttrAccessible attribute key, namely those listed in Accessibility Values.

flags

Flags specifying the allowed operations for the item. See SecAccessControlCreateFlags.

error

On return, if an error occurred, the reference pointed at by this parameter refers to an error object that indicates the reason for failure. The caller is responsible for releasing the error object. Pass NULL for this parameter to ignore the error.

Return Value

The newly created access control object. Free this item with CFRelease when you are done with it.

Discussion

You use the result of this function as a value for the kSecAttrAccessControl attribute in the SecItemAdd, SecItemUpdate, or SecKeyGeneratePair functions.

Accessing keychain items or performing operations on keys that are protected by access control objects may block execution on the main thread. Perform these actions in the background, or use them in combination with the kSecUseAuthenticationContext and kSecUseAuthenticationUI attributes to manage user interactions.

See Also

Keychain Item Access

Sharing Access to Keychain Items Among a Collection of Apps

Enable apps to share keychain items with each other by adding the apps to an access group.

Keychain Access Groups Entitlement

The identifiers for the keychain groups that the app may share items with.

Key: keychain-access-groups
Restricting Keychain Item Accessibility

Set the conditions under which an app can access a keychain item such as a password.

SecAccessControlCreateFlags

Access control constants that dictate how a keychain item may be used.

SecAccessControlRef

An opaque type that contains information about how a keychain item may be used.

SecAccessControlGetTypeID

Returns the unique identifier of the opaque type to which a keychain item access control object belongs.

Beta Software

This documentation contains preliminary information about an API or technology in development. This information is subject to change, and software implemented according to this documentation should be tested with final operating system software.

Learn more about using Apple's beta software