OSStatus SecACLSetSimpleContents(SecACLRef aclRef,
CFArrayRef applicationList,
CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
{
BEGIN_SECAPI
SecPointer<ACL> acl = ACL::required(aclRef);
if(acl->form() == ACL::integrityForm) {
// If this is an integrity ACL, route the (unhexified) promptDescription into the right place
string hex = cfString(description);
if(hex.length() %2 == 0) {
// might be a valid hex string, try to set
CssmAutoData data(Allocator::standard());
data.malloc(hex.length() / 2);
data.get().fromHex(hex.c_str());
acl->setIntegrity(data);
}
} else {
// Otherwise, put it in the promptDescription where it belongs
acl->promptDescription() = description ? cfString(description) : "";
}
acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector;
if(acl->form() != ACL::integrityForm) {
if (applicationList) {
// application-list + prompt
acl->form(ACL::appListForm);
setApplications(acl, applicationList);
} else {
// allow-any
acl->form(ACL::allowAllForm);
}
}
acl->modify();
END_SECAPI
}
/*!
*/
OSStatus SecACLCopySimpleContents(SecACLRef aclRef,
CFArrayRef *applicationList,
CFStringRef *promptDescription, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
{
BEGIN_SECAPI
SecPointer<ACL> acl = ACL::required(aclRef);
switch (acl->form()) {
case ACL::allowAllForm:
Required(applicationList) = NULL;
Required(promptDescription) =
acl->promptDescription().empty() ? NULL
: makeCFString(acl->promptDescription());
Required(promptSelector) = acl->promptSelector();
break;
case ACL::appListForm:
Required(applicationList) =
makeCFArrayFrom(convert, acl->applications());
Required(promptDescription) = makeCFString(acl->promptDescription());
Required(promptSelector) = acl->promptSelector();
break;
case ACL::integrityForm:
Required(applicationList) = NULL;
Required(promptDescription) = makeCFString(acl->integrity().toHex());
// We don't have a prompt selector. Nullify.
Required(promptSelector).version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION;
Required(promptSelector).flags = 0;
break;
default:
return errSecACLNotSimple; // custom or unknown
}
END_SECAPI
}
/*!
*/
OSStatus SecACLCreateFromSimpleContents(SecAccessRef accessRef,
CFArrayRef applicationList,
CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector,
SecACLRef *newAcl)
{
BEGIN_SECAPI
SecPointer<Access> access = Access::required(accessRef);
SecPointer<ACL> acl = new ACL(cfString(description), *promptSelector);
if (applicationList) {
// application-list + prompt
acl->form(ACL::appListForm);
setApplications(acl, applicationList);
} else {
// allow-any
acl->form(ACL::allowAllForm);
}
access->add(acl.get());
Required(newAcl) = acl->handle();
END_SECAPI
}