In older MacOS versions, below API would create access ref object of the app running the code and store it into SectrustedApplicationRef mySelf object.
SecTrustedApplicationRef mySelf = NULL;
SecTrustedApplicationCreateFromPath(NULL, &mySelf);
Then I can store mySelf in an array - allTrustedApps, and create SecAccessRef object
SecAccessRef accessRef = NULL;
status = SecAccessCreate((CFStringRef)accessLabel, (__bridge CFArrayRef)allTrustedApps, &accessRef);
Finally, I would then add this access ref object into kSecAttrAccess field of the query dictionary before feeding it into SecItemAdd.
However, on MacOS 10.15+ SecTrustedApplicationCreateFromPath is deprecated.
As I was playing around with ACL, and when I tried to add a kSecClassGenericPassword object into login keychain using SecItemAdd, without 'KSecAttrAccess' in the write query dictionary. (nothing but kSecAttrAccount and kSecAttrService) - I've noticed that the final object in the login keychain still has ACL containing the hosting app that ran the keychain add op.
Is this by design?
Thanks, Peter