In iOS, every file and keychain item is protected using one of protection classes. Depending on the particular class used, encryption key for files and/or keychain items is computed differently, allowing (or disallowing) access while device is locked.
Available protection classes are (see "File Protection Values" in "NSFileManager Class Reference":
* NSFileProtectionNone: file can be accessed any time, even if device is locked;
* NSFileProtectionComplete: file can accessed only when device is unlocked (note there's ~10 seconds grace period after device is locked during which files are still accessible);
* NSFileProtectionCompleteUnlessOpen: file can be created while device is locked, but once closed, can only be accessed when device is unlocked;
* NSFileProtectionCompleteUntilFirstUserAuthentication: file can be accessed only if device has been unlocked at least once since boot.
Note that all classes except NSFileProtectionNone use user's passcode to derive actual file encryption key, so key is cryptographically tied to the passcode.
To answer your questions: NSFileProtectionNone is what allows iOS to access files while device is locked. This is the "weakest" protection class of all and its use is discouraged, but there are cases when its use is necessary (like the examples you provide). Yes, all the items you mention are stored in the file system like everything else, but because of NSFileProtectionNone they are encrypted with key that is not tied to the passcode and thus can be computed when device is locked.
