Hi,
I'd like to allow only a specific process to read sensitive items from keychain (based on process signature using method SecItemCopyMatching), and fail any other read attempt.
Is it possible, what are the access control rules I can define for keychain access if this is not possible ?
I'm now using the default user keychain, perhaps I should create a different keychain with non-trivial access control, so that not all processes that are running with user context or even with root privileges, would be able to get the data.
Thanks
Here's my read example :
func read(service: String, account: String) -> Data? {
let query = [
kSecAttrService: service,
kSecAttrAccount: account,
kSecClass: kSecClassGenericPassword,
kSecReturnData: true
] as CFDictionary
var result: AnyObject?
SecItemCopyMatching(query, &result)
return (result as? Data)
}