Function

SecACLCreateWithSimpleContents

Creates a new ACL entry with the given characteristics, and adds it to an access instance.

Declaration

OSStatus SecACLCreateWithSimpleContents(SecAccessRef access, CFArrayRef applicationList, CFStringRef description, SecKeychainPromptSelector promptSelector, SecACLRef  _Nullable *newAcl);

Parameters

access

The access instance to which to add the information.

applicationList

An array of SecTrustedApplicationRef instances identifying apps that are allowed access to the keychain item without user confirmation.

Set this parameter to nil to indicate that any app can use this item. Pass an empty array to indicate that there are no trusted apps.

description

The human readable name to be used to refer to this item when the user is prompted.

promptSelector

A set of prompt selector flags. See SecKeychainPromptSelector for possible values.

newAcl

A pointer the method uses to return the new SecACLRef instance.

Return Value

Discussion

The ACL entry returned by this method includes a list of trusted apps, the name of the keychain item as it appears in user prompts, the prompt selector flag, and a list of one or more operations to which this ACL entry applies. By default, a new ACL entry applies to all operations. Use the SecACLUpdateAuthorizations method to set the list of operations for an ACL entry.

The system requires exactly one owner ACL entry in each access instance. The SecACLCreateWithSimpleContents method fails if you attempt to add a second owner entry. To change owner access controls, use the SecAccessCopyMatchingACLList function to find the owner entry (the only one with an authorization tag of kSecACLAuthorizationChangeACL) and the SecACLSetContents method to change it as needed.

See Also

Access Control List Entries

SecACLRemove

Removes the specified ACL entry from the access instance that contains it.

ACL Authorization Keys

The operations an access control list entry applies to.

SecKeychainPromptSelector

Bits that define when a keychain should require a passphrase.

SecACLRef

An opaque type that represents information about an ACL entry.

SecACLGetTypeID

Returns the unique identifier of the opaque type to which an ACL entry belongs.