X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_keychain/lib/Access.h diff --git a/OSX/libsecurity_keychain/lib/Access.h b/OSX/libsecurity_keychain/lib/Access.h index ec562dd8..e3d22db1 100644 --- a/OSX/libsecurity_keychain/lib/Access.h +++ b/OSX/libsecurity_keychain/lib/Access.h @@ -99,6 +99,8 @@ public: void setAccess(AclBearer &target, bool update = false); void setAccess(AclBearer &target, Maker &maker); + void editAccess(AclBearer &target, bool update, const AccessCredentials *cred); + template void findAclsForRight(AclAuthorization right, Container &cont) { @@ -107,6 +109,20 @@ public: if (it->second->authorizes(right)) cont.push_back(it->second); } + + // findAclsForRight may return ACLs that have an empty authorization list (and thus "authorize everything") + // or CSSM_ACL_AUTHORIZATION_ANY, but sometimes you need positive confirmation of a right. + template + void findSpecificAclsForRight(AclAuthorization right, Container &cont) + { + cont.clear(); + for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) + if (it->second->authorizesSpecifically(right)) + cont.push_back(it->second); + } + + // Remove all acl entries that refer to this right. + void removeAclsForRight(AclAuthorization right); std::string promptDescription() const; // from any one of the ACLs contained @@ -121,8 +137,7 @@ protected: const AclAuthorizationSet &freeRights = AclAuthorizationSet()); void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner, uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); - - void editAccess(AclBearer &target, bool update, const AccessCredentials *cred); + private: static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle;