From 200d8dbad069987efded8a8da276b186fe87c903 Mon Sep 17 00:00:00 2001
From: muji <muji@tmpfs.org>
Date: Sun, 15 Dec 2024 13:22:29 +0800
Subject: [PATCH] Support custom password options attributes.

---
 security-framework/src/passwords.rs         |  8 ++++++++
 security-framework/src/passwords_options.rs | 10 +++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/security-framework/src/passwords.rs b/security-framework/src/passwords.rs
index 85867b12..dab4d080 100644
--- a/security-framework/src/passwords.rs
+++ b/security-framework/src/passwords.rs
@@ -27,6 +27,14 @@ pub fn set_generic_password(service: &str, account: &str, password: &[u8]) -> Re
     set_password_internal(&mut options, password)
 }
 
+/// Set a generic password using the given password options.
+/// Creates or updates a keychain entry.
+pub fn set_generic_password_options(
+    password: &[u8],
+    mut options: PasswordOptions) -> Result<()> {
+    set_password_internal(&mut options, password)
+}
+
 /// Get the generic password for the given service and account.  If no matching
 /// keychain entry exists, fails with error code `errSecItemNotFound`.
 pub fn get_generic_password(service: &str, account: &str) -> Result<Vec<u8>> {
diff --git a/security-framework/src/passwords_options.rs b/security-framework/src/passwords_options.rs
index 7d85d01c..647c2a23 100644
--- a/security-framework/src/passwords_options.rs
+++ b/security-framework/src/passwords_options.rs
@@ -1,7 +1,7 @@
 //! Support for password options, to be used with the passwords module
 
 use core_foundation::{string::CFString, base::{CFType, TCFType, CFOptionFlags}, number::CFNumber};
-use security_framework_sys::{keychain::{SecProtocolType, SecAuthenticationType}, access_control::*};
+use security_framework_sys::{access_control::*, item::kSecAttrAccessGroup, keychain::{SecAuthenticationType, SecProtocolType}};
 use security_framework_sys::item::{
     kSecAttrAccessControl, kSecAttrAccount, kSecAttrAuthenticationType, kSecAttrPath, kSecAttrPort, kSecAttrProtocol,
     kSecAttrSecurityDomain, kSecAttrServer, kSecAttrService, kSecClass, kSecClassGenericPassword,
@@ -127,4 +127,12 @@ impl PasswordOptions {
                 .into_CFType(),
         ));
     }
+
+    /// Add access group to the password
+    pub fn set_access_group(&mut self, group: &str) {
+        self.query.push((
+            unsafe { CFString::wrap_under_get_rule(kSecAttrAccessGroup) },
+            CFString::from(group).into_CFType(),
+        ));
+    }
 }