Implement Keychain reauthorization

chrome/browser/mac/keychain_reauthorize.h

Index: chrome/browser/mac/keychain_reauthorize.h
===================================================================
--- chrome/browser/mac/keychain_reauthorize.h	(revision 0)
+++ chrome/browser/mac/keychain_reauthorize.h	(revision 0)
@@ -0,0 +1,31 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_MAC_KEYCHAIN_REAUTHORIZE_H_
+#define CHROME_BROWSER_MAC_KEYCHAIN_REAUTHORIZE_H_
+#pragma once
+
+namespace chrome {
+namespace browser {
+namespace mac {
+
+// Reauthorizes all Keychain items that can be found in a standard Keychain
+// search, as long as they are accessible and can be decrypted. This operates
+// by scanning the requirement strings for each application in each ACL in
+// each accessible Keychain item. If any requirement string matches a list of
+// strings to perform reauthorization for, the matching application in the ACL
+// will be replaced with this application, using this application's designated
+// requirement as the requirement string. Keychain items that are reauthorized
+// are made effective by deleting the original item and storing the new one
+// with its revised access policy in the Keychain. This circuitous method is
+// used because applications don't generally have permission to modify access
+// control policies on existing Keychain items (even when they are able to
+// decrypt those items), but any application can remove a Keychain item.
+void KeychainReauthorize();
+
+}  // namespace mac
+}  // namespace browser
+}  // namespace chrome
+
+#endif  // CHROME_BROWSER_MAC_KEYCHAIN_REAUTHORIZE_H_