OSStatus SecACLSetSimpleContents(SecACLRef aclRef, CFArrayRef applicationList, CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector) { BEGIN_SECAPI SecPointer<ACL> acl = ACL::required(aclRef); if(acl->form() == ACL::integrityForm) { // If this is an integrity ACL, route the (unhexified) promptDescription into the right place string hex = cfString(description); if(hex.length() %2 == 0) { // might be a valid hex string, try to set CssmAutoData data(Allocator::standard()); data.malloc(hex.length() / 2); data.get().fromHex(hex.c_str()); acl->setIntegrity(data); } } else { // Otherwise, put it in the promptDescription where it belongs acl->promptDescription() = description ? cfString(description) : ""; } acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector; if(acl->form() != ACL::integrityForm) { if (applicationList) { // application-list + prompt acl->form(ACL::appListForm); setApplications(acl, applicationList); } else { // allow-any acl->form(ACL::allowAllForm); } } acl->modify(); END_SECAPI }
OSStatus SecACLSetAuthorizations(SecACLRef aclRef, CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount) { BEGIN_SECAPI SecPointer<ACL> acl = ACL::required(aclRef); if (acl->isOwner()) // can't change rights of the owner ACL MacOSError::throwMe(errSecInvalidOwnerEdit); AclAuthorizationSet &auths = acl->authorizations(); auths.clear(); copy(tags, tags + tagCount, insert_iterator<AclAuthorizationSet>(auths, auths.begin())); acl->modify(); END_SECAPI }