Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item’s access object.
- macOS 10.0–10.7Deprecated
The access object to which to add the information.
An array of trusted application objects (that is,
Secinstances) identifying applications that are allowed access to the keychain item without user confirmation. Use the
Trusted Application Ref
Secfunction to create trusted application objects. If you set this parameter to
Trusted Application Create From Path
NULL, then any application can use this item. If you pass an empty array, then there are no trusted applications. Call the
CFReleasefunction to release this object when you are finished using it.
The human readable name to be used to refer to this item when the user is prompted.
A pointer to a prompt selector. If you set the CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE bit, the user is prompted for the keychain password each time a non-trusted application attempts to access this item, even if the keychain is already unlocked.
On return, points to an access control list object, which is a reference to the new access control list entry.
A result code. See Security Framework Result Codes.
The ACL object returned by this function is a reference to an access control list (ACL) entry. The ACL entry includes a list of trusted applications (see
Sec), the name of the keychain item as it appears in user prompts, the prompt selector flag, and a list of one or more operations to which this ACL entry applies. By default, a new ACL entry applies to all operations (the CSSM authorization tag is set to
CSSM). Use the
Sec function to set the list of operations for an ACL object.
The system allows exactly one owner ACL entry in each access object. The
Sec function fails if you attempt to add a second owner ACL. To change owner access controls, use the
Sec function to find the owner ACL (that is, the only ACL with a CSSM authorization tag of
CSSM) and the
Sec function to change it as needed.
This function is deprecated in macOS 10.7 and later; use