Fix(Security): Re-define AuthorizationExecuteWithPrivileges

crates/objc2/src/topics/about_generated/CHANGELOG.md

@@ -31,6 +31,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
   - `UserNotificationsUI` / `objc2-user-notifications-ui`.
 * Added fallback for `MTLCopyAllDevices` on non-macOS platforms.
 
+### Fixed
+* **BREAKING**: Fixed the type of `AuthorizationExecuteWithPrivileges`'s
+  `arguments` parameter by changing it from `NonNull<NonNull<c_char>>` to
+  `NonNull<AuthorizationString>`, i.e. `NonNull<*const c_char>`. See #711
+  for more details.
+
 
 ## 0.3.0 - 2025-01-22
 

framework-crates/objc2-security/src/authorization.rs

@@ -0,0 +1,44 @@
+#[cfg(feature = "libc")]
+use core::ffi::c_char;
+#[cfg(feature = "libc")]
+use core::ptr::NonNull;
+
+#[cfg(feature = "libc")]
+use crate::{AuthorizationFlags, AuthorizationRef, AuthorizationString, OSStatus};
+
+// Manual re-definition: see #711.
+extern "C-unwind" {
+    /// Run an executable tool with enhanced privileges after passing
+    /// suitable authorization procedures.
+    ///
+    ///
+    /// Parameter `authorization`: An authorization reference that is used to authorize
+    /// access to the enhanced privileges. It is also passed to the tool for
+    /// further access control.
+    ///
+    /// Parameter `pathToTool`: Full pathname to the tool that should be executed
+    /// with enhanced privileges.
+    ///
+    /// Parameter `options`: Option bits (reserved). Must be zero.
+    ///
+    /// Parameter `arguments`: An argv-style vector of strings to be passed to the tool.
+    ///
+    /// Parameter `communicationsPipe`: Assigned a UNIX stdio FILE pointer for
+    /// a bidirectional pipe to communicate with the tool. The tool will have
+    /// this pipe as its standard I/O channels (stdin/stdout). If NULL, do not
+    /// establish a communications pipe.
+    ///
+    ///
+    /// This function has been deprecated and should no longer be used.
+    /// Use a launchd-launched helper tool and/or the Service Mangement framework
+    /// for this functionality.
+    #[cfg(feature = "libc")]
+    #[deprecated]
+    pub fn AuthorizationExecuteWithPrivileges(
+        authorization: AuthorizationRef,
+        path_to_tool: NonNull<c_char>,
+        options: AuthorizationFlags,
+        arguments: NonNull<AuthorizationString>,
+        communications_pipe: *mut *mut libc::FILE,
+    ) -> OSStatus;
+}

framework-crates/objc2-security/src/lib.rs

@@ -19,6 +19,10 @@ mod generated;
 #[allow(unused_imports, unreachable_pub)]
 pub use self::generated::*;
 
+// Manual fixes.
+mod authorization;
+pub use authorization::*;
+
 #[cfg(all(feature = "cssmtype", feature = "cssmconfig", feature = "objc2"))]
 use objc2::encode::{Encode, Encoding, RefEncode};
 

framework-crates/objc2-security/translation-config.toml

@@ -140,3 +140,6 @@ enum.anonymous.constants.callerSecuritySession.use-value = true
 # CSSM_WORDID_VENDOR_START from i32 to CSSM_WORDID_KEYCHAIN_PROMPT which is
 # u32). So let's just emit all constants directly for now.
 enum.anonymous.use-value = true
+
+# Manually re-defined: see #711.
+fn.AuthorizationExecuteWithPrivileges.skipped = true