What APIs is the `security` cli using?

in particular the execute-with-privileges subcommand, which uses fingerprint scanning GUI to authenticate and i'm curious whether those could be used if I build a cli.

Details

security is a standard binary that ships with OSX and:

security(1)               BSD General Commands Manual              security(1)

NAME
     security -- Command line interface to keychains and Security framework

SYNOPSIS
     security [-hilqv] [-p prompt] [command] [command_options] [command_args]

Any pointers or reference to documentation would help!

Thanks you!


AuthorizationExecuteWithPrivileges

security uses the deprecated AuthorizationExecuteWithPrivileges function to implement execute-with-privileges:

status = AuthorizationExecuteWithPrivileges(auth_ref,argv[0], 0, (argc > 1) ? &argv[1] : NULL, &communications_pipe);

The function needs an AuthorizationRef, which is the part that confirms who the user is. See the AuthorizationServices framework. Note that AuthorizationServices are not available to sandboxed applications on macOS.

Open Source

security is open source and available on https://opensource.apple.com

macOS 10.15.3's Security-59306.80.4 bundle contains the source code:

  • Security-59306.80.4/SecurityTool/macOS