Function

SecACLGetAuthorizations

Retrieves the CSSM authorization tags of a given access control list entry.

Declaration

OSStatus SecACLGetAuthorizations(SecACLRef acl, CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 *tagCount);

Parameters

acl

An ACL object that identifies the access control list entry from which you wish to retrieve the authorization tags.

tags

A pointer to an array of CSSM authorization tags. You must allocate this array before calling the function. On return, this array contains the authorization tags of the specified ACL entry.

tagCount

On entry, points to the number of elements in the array you passed in the tags parameter. On return, points to the number of tags actually returned or, in the case of an overflow, the number of tags required.

Return Value

Discussion

An ACL object includes a list of trusted applications (see SecTrustedApplicationCreateFromPath), the name of the keychain item as it appears in user prompts, the prompt selector flag, and a list of one or more operations to which this ACL object applies. Use this function to retrieve the list of operations for an ACL object. Use the SecACLCopySimpleContents function to retrieve the other information.

The SecACLGetAuthorizations function returns an error if there are more tags to return than the number of elements you allocated in the tags array. A 20-element array should suffice for most purposes; however, you can test for the errSecBufferTooSmall error and increase the size of the array before calling the function again if necessary. Alternatively, you can call the function with a tag count of 0, read the value returned in the tagCount parameter, and then call the function again using that value.

Special Considerations

This function is deprecated in macOS 10.7 and later; use SecACLCopyAuthorizations instead.

See Also

Legacy Access Control Operations

SecACLCreateFromSimpleContents

Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item’s access object.

Deprecated
SecACLCopySimpleContents

Returns the application list, description, and CSSM prompt selector for a given access control list entry.

Deprecated
SecACLSetSimpleContents

Sets the application list, description, and prompt selector for a given access control list entry.

Deprecated
SecACLSetAuthorizations

Sets the CSSM authorization tags for a given access control list entry.

Deprecated
SecAccessCopySelectedACLList

Retrieves selected access control lists from a given access object.

Deprecated
SecAccessCreateFromOwnerAndACL

Creates a new access object using the owner and access control list you provide.

Deprecated
SecAccessGetOwnerAndACL

Retrieves the owner and the access control list of a given access object.

Deprecated