CFArrayRef SecAccessCopyMatchingACLList(SecAccessRef accessRef, CFTypeRef authorizationTag) { CFArrayRef result = NULL; CSSM_ACL_AUTHORIZATION_TAG tag = GetACLAuthorizationTagFromString((CFStringRef)authorizationTag); OSStatus err = SecAccessCopySelectedACLList(accessRef, tag, &result); if (errSecSuccess != err) { result = NULL; } return result; }
OSStatus SecACLUpdateAuthorizations(SecACLRef acl, CFArrayRef authorizations) { if (NULL == acl || NULL == authorizations) { return errSecParam; } uint32 tagCount = (uint32)CFArrayGetCount(authorizations); size_t tagSize = (tagCount * sizeof(CSSM_ACL_AUTHORIZATION_TAG)); CSSM_ACL_AUTHORIZATION_TAG* tags = (CSSM_ACL_AUTHORIZATION_TAG*)malloc(tagSize); memset(tags, 0, tagSize); for (uint32 iCnt = 0; iCnt < tagCount; iCnt++) { tags[iCnt] = GetACLAuthorizationTagFromString((CFStringRef)CFArrayGetValueAtIndex(authorizations, iCnt)); } OSStatus result = SecACLSetAuthorizations(acl, tags, tagCount); free(tags); return result; }
SecAccessRef SecAccessCreateWithOwnerAndACL(uid_t userId, gid_t groupId, SecAccessOwnerType ownerType, CFArrayRef acls, CFErrorRef *error) { SecAccessRef result = NULL; CSSM_ACL_PROCESS_SUBJECT_SELECTOR selector = { CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION, // selector version ownerType, userId, groupId }; CSSM_LIST_ELEMENT subject2 = { NULL, 0 }; subject2.Element.Word.Data = (UInt8 *)&selector; subject2.Element.Word.Length = sizeof(selector); CSSM_LIST_ELEMENT subject1 = { &subject2, CSSM_ACL_SUBJECT_TYPE_PROCESS, CSSM_LIST_ELEMENT_WORDID }; CFIndex numAcls = 0; if (NULL != acls) { numAcls = CFArrayGetCount(acls); } #ifndef NDEBUG CFStringRef debugStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("SecAccessCreateWithOwnerAndACL: processing %d acls"), (int)numAcls); CFShow(debugStr); CFRelease(debugStr); #endif CSSM_ACL_AUTHORIZATION_TAG rights[numAcls]; memset(rights, 0, sizeof(rights)); for (CFIndex iCnt = 0; iCnt < numAcls; iCnt++) { CFStringRef aclStr = (CFStringRef)CFArrayGetValueAtIndex(acls, iCnt); #ifndef NDEBUG debugStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("SecAccessCreateWithOwnerAndACL: acls[%d] = %@"), (int)iCnt, aclStr); CFShow(debugStr); CFRelease(debugStr); #endif CSSM_ACL_AUTHORIZATION_TAG aTag = GetACLAuthorizationTagFromString(aclStr); #ifndef NDEBUG debugStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("SecAccessCreateWithOwnerAndACL: rights[%d] = %d"), (int)iCnt, aTag); CFShow(debugStr); CFRelease(debugStr); #endif rights[iCnt] = aTag; } for (CFIndex iCnt = 0; iCnt < numAcls; iCnt++) { #ifndef NDEBUG debugStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("SecAccessCreateWithOwnerAndACL: rights[%d] = %d"), (int)iCnt, rights[iCnt]); CFShow(debugStr); CFRelease(debugStr); #endif } CSSM_ACL_OWNER_PROTOTYPE owner = { // TypedSubject { CSSM_LIST_TYPE_UNKNOWN, &subject1, &subject2 }, // Delegate false }; // ACL entries (any number, just one here) CSSM_ACL_ENTRY_INFO acl_rights[] = { { // prototype { // TypedSubject { CSSM_LIST_TYPE_UNKNOWN, &subject1, &subject2 }, false, // Delegate // rights for this entry { (uint32)(sizeof(rights) / sizeof(rights[0])), rights }, // rest is defaulted } } }; OSStatus err = SecAccessCreateFromOwnerAndACL(&owner, sizeof(acl_rights) / sizeof(acl_rights[0]), acl_rights, &result); if (errSecSuccess != err) { result = NULL; if (NULL != error) { *error = CFErrorCreate(kCFAllocatorDefault, CFSTR("FIX ME"), err, NULL); } } return result; }