Keychain access no longer works in Guided Access mode (iOS9)

Originator:Mark2xV
Number:rdar://23045769 Date Originated:09-10-2015
Status:Open Resolved:
Product:iOS Product Version:9.0.2
Classification: Reproducible:Always
 
Summary:
We use Guided Access mode to create a ‘hand-off’ mode in our app, in which the iPad is handed to a non-privileged user.
The user ‘locks’ the app, causing Guided Access mode to be enabled, using “UIAccessibilityRequestGuidedAccessSession(TRUE, lockdownCallback);”.
Afterwards, the ‘normal’ user can unlock the app by either re-entering his credentials or authenticating via TouchId, using “SecItemCopyMatching(query, &data);”
If the authentication went successful, we leave Guided Access mode. “UIAccessibilityRequestGuidedAccessSession(TRUE, nil);”

All of this worked perfectly prior to iOS 9. Now, in the current iOS (9.0.2), The  “SecItemCopyMatching” call blocks for 3 seconds or so, then returning “errSecAuthFailed” (-25293).

Has this functionality been removed, or is it a temporary bug? I could not find any notice of this in any of the changelogs.

Steps to Reproduce:
0: You will need your iPad to be in a MDM which allows your app to run in Guided Access mode. 

1: Insert a keychain item with information like this (outside guided access mode)
```
NSData *secretData = [NSKeyedArchiver archivedDataWithRootObject:@{@"username":username,
                                                                   @"password":password}];
NSDictionary *addAttributes = @{
                                (id)kSecClass: (id)kSecClassGenericPassword,
                                (id)kSecAttrService: [self getLocalAuthServerName],
                                (id)kSecValueData: secretData,
                                (id)kSecAttrAccessControl: (id)TouchIdSecurityObject
                                };

SecItemAdd((__bridge CFDictionaryRef)addAttributes, nil);
```
 
2: Enter guided access mode
```
UIAccessibilityRequestGuidedAccessSession(TRUE, lockdownCallback);
```

3: Once in guided access mode
```
NSDictionary *query = @{
                        (id)kSecClass: (id)kSecClassGenericPassword,
                        (id)kSecAttrService: [LoginBox getLocalAuthServerName],
                        (id)kSecReturnData: @YES,
                        (id)kSecAttrAccessControl: (id)TouchIdSecurityObject,
                        (id)kSecUseOperationPrompt: $(@"TOUCHID IDENTIFY PROMPT")
                        };
CFTypeRef dataTypeRef = NULL;
OSStatus status = SecItemCopyMatching((CFDictionaryRef)(query), &dataTypeRef);
if (status == errSecSuccess) {
    NSData *authData = [NSKeyedUnarchiver unarchiveObjectWithData:(NSData *)dataTypeRef];
    NSLog(@"%@", authData);
} else {
    NSLog(@"Authentication failed");
}
```


Expected Results:
TouchID prompt popping up, after successful TouchId authentication, “errSecSuccess” (0) return value.

Actual Results:
Long block time, no TouchId prompt, “errSecAuthFailed” (-25293) return value.

Version:
iOS9.0.2

Notes:


Configuration:
Any iDevice with TouchId

Attachments:

Comments

iOS 9.1

The update to iOS 9.1 changes nothing about this issue.

By Mark2xV at Oct. 22, 2015, 10:30 a.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!