]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/lib/SecACL.h
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / SecACL.h
1 /*
2 * Copyright (c) 2002-2011 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecACL
26 The functions provided in SecACL are for managing entries in the access control list.
27 */
28
29 #ifndef _SECURITY_SECACL_H_
30 #define _SECURITY_SECACL_H_
31
32 #include <Security/SecBase.h>
33 #include <Security/cssmtype.h>
34 #include <Security/cssmapple.h>
35 #include <Security/SecAccess.h>
36 #include <CoreFoundation/CoreFoundation.h>
37
38
39 #if defined(__cplusplus)
40 extern "C" {
41 #endif
42
43 CF_ASSUME_NONNULL_BEGIN
44 CF_IMPLICIT_BRIDGING_ENABLED
45
46 typedef CF_OPTIONS(uint16, SecKeychainPromptSelector)
47 {
48 kSecKeychainPromptRequirePassphase = 0x0001, /* require re-entering of passphrase */
49 /* the following bits are ignored by 10.4 and earlier */
50 kSecKeychainPromptUnsigned = 0x0010, /* prompt for unsigned clients */
51 kSecKeychainPromptUnsignedAct = 0x0020, /* UNSIGNED bit overrides system default */
52 kSecKeychainPromptInvalid = 0x0040, /* prompt for invalid signed clients */
53 kSecKeychainPromptInvalidAct = 0x0080,
54 };
55
56
57 /*!
58 @function SecACLGetTypeID
59 @abstract Returns the type identifier of SecACL instances.
60 @result The CFTypeID of SecACL instances.
61 */
62 CFTypeID SecACLGetTypeID(void)
63 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA);
64
65 /*!
66 @function SecACLCreateFromSimpleContents
67 @abstract Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item's access.
68 @param access An access reference.
69 @param applicationList An array of SecTrustedApplication instances that will be allowed access without prompting.
70 @param description The human readable name that will be used to refer to this item when the user is prompted.
71 @param promptSelector A pointer to a CSSM prompt selector.
72 @param newAcl A pointer to an access control list entry. On return, this points to the reference of the new access control list entry.
73 @result A result code. See "Security Error Codes" (SecBase.h).
74 @discussion This function is deprecated in 10.7 and later;
75 use SecACLCreateWithSimpleContents instead.
76 */
77 OSStatus SecACLCreateFromSimpleContents(SecAccessRef access,
78 CFArrayRef __nullable applicationList,
79 CFStringRef description,
80 const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector,
81 SecACLRef * __nonnull CF_RETURNS_RETAINED newAcl)
82 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
83
84 /*!
85 @function SecACLCreateWithSimpleContents
86 @abstract Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item's access.
87 @param access An access reference.
88 @param applicationList An array of SecTrustedApplication instances that will be allowed access without prompting.
89 @param description The human readable name that will be used to refer to this item when the user is prompted.
90 @param promptSelector A SecKeychainPromptSelector selector.
91 @param newAcl A pointer to an access control list entry. On return, this points to the reference of the new access control list entry.
92 @result A result code. See "Security Error Codes" (SecBase.h).
93 */
94 OSStatus SecACLCreateWithSimpleContents(SecAccessRef access,
95 CFArrayRef __nullable applicationList,
96 CFStringRef description,
97 SecKeychainPromptSelector promptSelector,
98 SecACLRef * __nonnull CF_RETURNS_RETAINED newAcl)
99 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
100
101 /*!
102 @function SecACLRemove
103 @abstract Removes the access control list entry specified.
104 @param aclRef The reference to the access control list entry to remove.
105 @result A result code. See "Security Error Codes" (SecBase.h).
106 */
107 OSStatus SecACLRemove(SecACLRef aclRef)
108 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA);
109
110 /*!
111 @function SecACLCopySimpleContents
112 @abstract Returns the application list, description, and CSSM prompt selector for a given access control list entry.
113 @param acl An access control list entry reference.
114 @param applicationList On return, An array of SecTrustedApplication instances that will be allowed access without prompting, for the given access control list entry. The caller needs to call CFRelease on this array when it's no longer needed.
115 @param description On return, the human readable name that will be used to refer to this item when the user is prompted, for the given access control list entry. The caller needs to call CFRelease on this string when it's no longer needed.
116 @param promptSelector A pointer to a CSSM prompt selector. On return, this points to the CSSM prompt selector for the given access control list entry.
117 @result A result code. See "Security Error Codes" (SecBase.h).
118 @discussion This function is deprecated in 10.7 and later;
119 use SecACLCopyContents instead.
120 */
121 OSStatus SecACLCopySimpleContents(SecACLRef acl,
122 CFArrayRef * __nonnull CF_RETURNS_RETAINED applicationList,
123 CFStringRef * __nonnull CF_RETURNS_RETAINED description,
124 CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
125 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
126
127 /*!
128 @function SecACLCopyContents
129 @abstract Returns the application list, description, and prompt selector for a given access control list entry.
130 @param acl An access control list entry reference.
131 @param applicationList On return, An array of SecTrustedApplication instances that will be allowed access without prompting, for the given access control list entry. The caller needs to call CFRelease on this array when it's no longer needed.
132 @param description On return, the human readable name that will be used to refer to this item when the user is prompted, for the given access control list entry. The caller needs to call CFRelease on this string when it's no longer needed.
133 @param promptSelector A pointer to a SecKeychainPromptSelector. On return, this points to the SecKeychainPromptSelector for the given access control list entry.
134 @result A result code. See "Security Error Codes" (SecBase.h).
135 */
136 OSStatus SecACLCopyContents(SecACLRef acl,
137 CFArrayRef * __nonnull CF_RETURNS_RETAINED applicationList,
138 CFStringRef * __nonnull CF_RETURNS_RETAINED description,
139 SecKeychainPromptSelector *promptSelector)
140 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
141 /*!
142 @function SecACLSetSimpleContents
143 @abstract Sets the application list, description, and CSSM prompt selector for a given access control list entry.
144 @param acl A reference to the access control list entry to edit.
145 @param applicationList An application list reference.
146 @param description The human readable name that will be used to refer to this item when the user is prompted.
147 @param promptSelector A pointer to a CSSM prompt selector.
148 @result A result code. See "Security Error Codes" (SecBase.h).
149 @discussion This function is deprecated in 10.7 and later;
150 use SecACLSetContents instead.
151 */
152 OSStatus SecACLSetSimpleContents(SecACLRef acl,
153 CFArrayRef __nullable applicationList,
154 CFStringRef description,
155 const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
156 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
157
158 /*!
159 @function SecACLSetContents
160 @abstract Sets the application list, description, and prompt selector for a given access control list entry.
161 @param acl A reference to the access control list entry to edit.
162 @param applicationList An application list reference.
163 @param description The human readable name that will be used to refer to this item when the user is prompted.
164 @param promptSelector A SecKeychainPromptSelector selector.
165 @result A result code. See "Security Error Codes" (SecBase.h).
166 */
167 OSStatus SecACLSetContents(SecACLRef acl,
168 CFArrayRef __nullable applicationList,
169 CFStringRef description,
170 SecKeychainPromptSelector promptSelector)
171 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
172
173 /*!
174 @function SecACLGetAuthorizations
175 @abstract Retrieve the CSSM authorization tags of a given access control list entry.
176 @param acl An access control list entry reference.
177 @param tags On return, this points to the first item in an array of CSSM authorization tags.
178 @param tagCount On return, this points to the number of tags in the CSSM authorization tag array.
179 @result A result code. See "Security Error Codes" (SecBase.h).
180 @discussion This function is deprecated in 10.7 and later;
181 use SecACLCopyAuthorizations instead.
182 */
183 OSStatus SecACLGetAuthorizations(SecACLRef acl,
184 CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 *tagCount)
185 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
186
187 /*!
188 @function SecACLCopyAuthorizations
189 @abstract Retrieve the authorization tags of a given access control list entry.
190 @param acl An access control list entry reference.
191 @result On return, a CFArrayRef of the authorizations for this ACL.
192 */
193 CFArrayRef SecACLCopyAuthorizations(SecACLRef acl)
194 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
195
196 /*!
197 @function SecACLSetAuthorizations
198 @abstract Sets the CSSM authorization tags of a given access control list entry.
199 @param acl An access control list entry reference.
200 @param tags A pointer to the first item in an array of CSSM authorization tags.
201 @param tagCount The number of tags in the CSSM authorization tag array.
202 @result A result code. See "Security Error Codes" (SecBase.h).
203 @discussion This function is deprecated in 10.7 and later;
204 use SecACLUpdateAuthorizations instead.
205 */
206 OSStatus SecACLSetAuthorizations(SecACLRef acl,
207 CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount)
208 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
209
210
211 /*!
212 @function SecACLUpdateAuthorizations
213 @abstract Sets the authorization tags of a given access control list entry.
214 @param acl An access control list entry reference.
215 @param authorizations A pointer to an array of authorization tags.
216 @result A result code. See "Security Error Codes" (SecBase.h).
217 */
218 OSStatus SecACLUpdateAuthorizations(SecACLRef acl, CFArrayRef authorizations)
219 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
220
221 CF_IMPLICIT_BRIDGING_DISABLED
222 CF_ASSUME_NONNULL_END
223
224 #if defined(__cplusplus)
225 }
226 #endif
227
228 #endif /* !_SECURITY_SECACL_H_ */