OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_MAC_KEYCHAIN_REAUTHORIZE_H_ |
| 6 #define CHROME_BROWSER_MAC_KEYCHAIN_REAUTHORIZE_H_ |
| 7 #pragma once |
| 8 |
| 9 namespace chrome { |
| 10 namespace browser { |
| 11 namespace mac { |
| 12 |
| 13 // Reauthorizes all Keychain items that can be found in a standard Keychain |
| 14 // search, as long as they are accessible and can be decrypted. This operates |
| 15 // by scanning the requirement strings for each application in each ACL in |
| 16 // each accessible Keychain item. If any requirement string matches a list of |
| 17 // strings to perform reauthorization for, the matching application in the ACL |
| 18 // will be replaced with this application, using this application's designated |
| 19 // requirement as the requirement string. Keychain items that are reauthorized |
| 20 // are made effective by deleting the original item and storing the new one |
| 21 // with its revised access policy in the Keychain. This circuitous method is |
| 22 // used because applications don't generally have permission to modify access |
| 23 // control policies on existing Keychain items (even when they are able to |
| 24 // decrypt those items), but any application can remove a Keychain item. |
| 25 void KeychainReauthorize(); |
| 26 |
| 27 } // namespace mac |
| 28 } // namespace browser |
| 29 } // namespace chrome |
| 30 |
| 31 #endif // CHROME_BROWSER_MAC_KEYCHAIN_REAUTHORIZE_H_ |
OLD | NEW |