Function

SecACLCopySimpleContents

Returns the application list, description, and CSSM prompt selector for a given access control list entry.

Declaration

OSStatus SecACLCopySimpleContents(SecACLRef acl, CFArrayRef  _Nullable *applicationList, CFStringRef  _Nullable *description, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector);

Parameters

acl

An ACL object that identifies the access control list entry from which you want information.

applicationList

On return, points to an array of SecTrustedApplicationRef instances identifying applications that are allowed access to the keychain item without user confirmation. If this parameter returns NULL, then any application can use this item. If this parameter returns a valid pointer but the array is empty, then there are no trusted applications. Call the CFRelease function to release this object when you are finished using it.

description

On return, the name of the keychain item that appears in the dialog box when the user is prompted for permission to use the item. Note that this name is not necessarily the same as the one displayed for the item by the Keychain Access application. Call the CFRelease function to release this object when you are finished using it.

promptSelector

On return, points to the prompt selector flag for the given access control list entry. If the CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE bit is set, the user is prompted for the keychain password each time a non-trusted application attempts to access this item, even if the keychain is already unlocked.

Return Value

Discussion

An access control list entry applies to a specific use or set of uses for a specific keychain item. The ACL object includes a list of trusted applications (see SecTrustedApplicationCreateFromPath), the name of the keychain item as it appears in user prompts, the prompt selector flag, and a list of one or more operations to which this ACL object applies. Use the SecACLGetAuthorizations function to get the list of operations for an ACL object.

Special Considerations

This function is deprecated in macOS 10.7 and later; use SecACLCopyContents instead.

See Also

Legacy Access Control Operations

SecACLCreateFromSimpleContents

Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item’s access object.

Deprecated
SecACLSetSimpleContents

Sets the application list, description, and prompt selector for a given access control list entry.

Deprecated
SecACLGetAuthorizations

Retrieves the CSSM authorization tags of a given access control list entry.

Deprecated
SecACLSetAuthorizations

Sets the CSSM authorization tags for a given access control list entry.

Deprecated
SecAccessCopySelectedACLList

Retrieves selected access control lists from a given access object.

Deprecated
SecAccessCreateFromOwnerAndACL

Creates a new access object using the owner and access control list you provide.

Deprecated
SecAccessGetOwnerAndACL

Retrieves the owner and the access control list of a given access object.

Deprecated