Creates a security session.
- macOS 10.3+
A result code. See Sessions API Result Codes.
Upon completion, the new session contains the calling process (and none other). You can't create a session for someone else, and can't avoid being placed into the new session. This is (currently) the only call that changes a process's session membership.
By default, a new bootstrap subset port is created for the calling process. The process acquires this new port as its bootstrap port, which all its children will inherit. If you happen to have created the subset port on your own, you can pass the
session flag, and
Session will use it. Note however that you cannot supersede a prior
Session call that way; only a single
Session call is allowed for each session (however made).
This call will discard any security information established for the calling process. In particular, any authorization handles acquired will become invalid, and so will any keychain related information. Call
Session before making any other security-related calls that establish rights of any kind, to the extent this is practical. Also, do not perform security-related calls in any other threads while calling