Entitlements

RSS for tag

Entitlements allow specific capabilities or security permissions for your apps.

Entitlements Documentation

Posts under Entitlements tag

160 results found
Sort by:
Post not yet marked as solved
1.3k Views

Disable library validation entitlements makes app fail GateKeeper

Hello! I need to load dylib signed by another developer (using dlopen). For that, I added following entitlement to hardened runtime: com.apple.security.cs.disable-library-validation However, after adding this entitlement, the app fails to start, generating a crash report indicating codesigning fail. This happens even without any code for loading the library in the app. I tried it in a blank project, and it worked just fine. The app also has Endpoint security entitlement (in provisioning profile), so I am suspecting that might be the cause, however, I was not able to find anything about this in the documentation. Thank you for any help.
Asked
by Bambam1.
Last updated
.
Post not yet marked as solved
98 Views

Sandbox restriction message caused by differing Application Identifier Prefix and Team Identifier in an extension?

I'm working on an out-sourced application for a company and when a version of it built using ids and provisioning profiles from my Apple account it runs without problems. However when it is built and run using the company's ids and provisioning profiles I am seeing an issue with it. What is happening is when a notification service extension uses a call extension then the OS logs: doQueryCallExtensionStatusWithDispatchGroup() COMPLETED WITH ERROR: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.CallKit.CallDirectory was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo= NSDebugDescription=The connection to service named com.apple.CallKit.CallDirectory was invalidated: failed at lookup with error 159 - Sandbox restriction. I noticed that in the company's provising profile for the notification service extension the app identier prefix is different from the team identifer. In my own provisioning profile the app identifier prefix and team identifer are the same. Could it be the case that this difference in identifiers within the provisioning profile is leading to the sandbox error message? Attached is the notification service extension provisioning profle provided to me by the company (converted to a .plist for readability)
Asked
by mungbeans.
Last updated
.
Post not yet marked as solved
302 Views

Provisioning profile doesn't include the com.apple.developer.carplay-audio entitlement.

Hi, We have an app that already supports Apple CarPlay, but the current app version only supports com.apple.developer.playable-content which is now depricated, I already create a new provisioning profile with the (Carplay Audio Carplay Framework) but when i download the new provisioning profile, xcode says "Provisioning profile doesn't include the com.apple.developer.carplay-audio entitlement. And i can confirm that the profile doesnt include it with the command line "security cms -D -i App.mobileprovision | xmllint --xpath "/plist/dict/key[text()='Entitlements']/following-sibling::dict[position()=1] but in the developer portal it says the provisioning profile includes carplay Framework... Do i miss some steps? (Btw my entitlements file includes both carplay-audio and playable-content keys)
Asked
by barisy.
Last updated
.
Post marked as solved
625 Views

Missing Push Notification Entitlement after building in command line

Firstly, I'm building my app through the command line- unfortunately this is necessary since I'm using Azure DevOps to do the build. Since the app has an extension I created two provisioning profiles (the app's has Push Notifications capability) and build and sign the ipa via a plist file (multi-provisioning-profiles.plist) as follows: xcodebuild -sdk iphoneos -configuration Release -project myapp.xcodeproj -scheme MyApp archive -archivePath myapp.xcarchive CODE_SIGNING_ALLOWED=NO xcodebuild -sdk iphoneos -configuration $(Configuration) -project myapp.xcodeproj build -exportArchive -archivePath myapp.xcarchive -exportOptionsPlist multi-provisioning-profiles.plist -exportPath /ipa The ipa then successfully uploads and a short while later I get the error email (ITMS-90078: Missing Push Notification Entitlement) from Apple regarding push notification entitlements. Any idea what I might be missing here? For completeness, here's the multi-provisioning-profiles.plist file also: <dict> <key>provisioningProfiles</key> <dict> <key>[My app key]</key> <string>[UUID of app's prov profile]</string> <key>[My extension key]</key> <string>[UUID of extension's prov profile]</string> </dict> <key>signingCertificate</key> <string>iOS Distribution</string> <key>signingStyle</key> <string>manual</string> <key>method</key> <string>app-store</string> <key>teamID</key> <string><[My team ID]</string> </dict> </plist>
Asked Last updated
.
Post not yet marked as solved
91 Views

eSIM Entitlement, Carrier Partner Team ID

Hello, I want to apply for eSIM Entitlement and one of the fields to fill out is “Carrier Partner Team ID”. Can you please help me out to get this ID? My Carrier Partner is Tele2, but they don’t know the ID. Thank you!
Asked
by Gansik.
Last updated
.
Post marked as Apple Recommended
866 Views

Next Steps for Default Browser Entitlement?

We’ve been waiting on a response for default browser entitlements since August 12th when we responded back to “default-browser-requests@apple.com” with the requested data (team id, team, bundle id) & a TestFlight like with the proper changes. Now with iOS 14 out, our users are now expecting for defaulting capability like other major browsers. What can we do to continue the process? We just want to deliver the best service to our users. Best,
Asked Last updated
.
Post not yet marked as solved
271 Views

Anyway to start working while waiting approval from Apple

I'm working on new virtual camera by using IOUSBHostControllerInterface, when I run my code, it asks for the approval of com.apple.usb.hostcontrollerinterface entitlement from Apple, I disabled SIP of the system and it won't let me go further. I submitted the FB9203842 by middle of last month and no response from Apple yet, submitted DTS and that won't speed up the approval process. Is there any way I could continue working on it while waiting for Apple's approval? I believe the entitlement approval is only for distribute the product, not developing the product. Thanks Steven
Asked
by stang.
Last updated
.
Post not yet marked as solved
100 Views

how to merge two entitlements

We need your help to merge two special entitlements into a single entitlement or provide a provisioning profile with both of these special entitlements so that our app can have them. The entitlements: Name: ApplePay In-App Provisioning Distribution  com.apple.developer.payment-pass-provisioning and  Name: Apple Pay Pass Suppression iOS (Dist) com.apple.developer.passkit.pass-presentation-suppression how can we achieve this?
Asked
by pjrocha.
Last updated
.
Post marked as solved
103 Views

Copying a .plist file to LaunchAgents folder in the User Library with app sandbox enabled

After an extensive research, I haven’t found a canonical answer to what seems a fairly common task — placing a launch agent to the LaunchAgents folder. I would like to copy a propriety list file to ~/Library/LaunchAgents/com.mycompany.MyAgent.plist from my sandboxed app. Can this be achieved with app sandbox enabled? Which entitlement should I use (if any)? Will it pass the Mac App Store app review if I enable it? Is there a best practice that I’m missing? I know we’re not supposed to access a path outside of the app sandbox without the user’s consent, but I have a justified and legitimate case to copy a file with a particular com.mycompany.MyAgent.plist name to a very specific folder. ——— Note: I don’t need to manually start the launch agent. macOS will see my .plist file and load it automatically the next time it restarts. (Launch agents are regular user processes so none of this requires any special privileges.) Of course, if I try to copy the .plist file, it’s placed in a folder relative to my app’s container rather than the user’s real home folder. If I disable the sandbox, I get the desired result. Any help is greatly appreciated and good ideas are welcome. Thank you.
Asked
by rakic.
Last updated
.
Post not yet marked as solved
119 Views

Permission to bulk operate on other apps

I would like to create an application that let's a user bulk operate on apps. Some features: Bulk operations: - delete - organize by color (some like organizing their screens by color) - organize by type (education, reading, games, etc.) - organize apps which users want to hide - organize last access time - bulk "offload apps" (removing the app, saving the data) I am struggling to find, however, any notion of enabling permissions for this in an apple app. The permission I am looking for is akin to a user allowing an app to delete (duplicate) photos/videos off of their device. The area I think it would be is here: https://developer.apple.com/documentation/bundleresources/entitlements If this functionality exists, can I please be directed to the documentation for this? Many thanks! Best, Daniel Connelly
Asked
by danc2050.
Last updated
.
Post not yet marked as solved
745 Views

About using com.apple.developer.kernel.increased-memory-limit entitlement.

Is the com.apple.developer.kernel.increased-memory-limit entitlement working as of iOS 15 Beta 3. As of right now if I try to add this entitlement on Beta 3 or below, the Automatic Signing fails. How much extra memory would be provided for an Application or its extension with this entitlement?
Asked
by nmik2020.
Last updated
.
Post not yet marked as solved
88 Views

Multicast networking entitlement using University developer program

How we can apply for the Multicast networking entitlement for out developer program? We're currently enrolled in "iOS Developer University Program", and we don't have access to the link https://developer.apple.com/contact/request/networking-multicast (it says that our Apple ID doesn't have access the right to access to that page).
Asked Last updated
.
Post not yet marked as solved
54 Views

Cannot add background modes capability in xcode 12

When I click the plus icon to add "background modes" capability, the dialog just disappears and shows nothing change to the UI. when this happens below logs show up in the console from xcode process: Item () was removed because there is not enough space. minWidth=389.000000 Making presenter E7B87DB6-71D5-4799-8CA6-9F211CC34B0F observe change any idea what's going on and what can i do to add it? looks like a bug of xcode?
Asked
by normanzb.
Last updated
.
Post not yet marked as solved
373 Views

Can I write to an App Group from an iOS Thumbnail Extension or QuickLook Extension?

Is it possible to write to an App Group's Container folder or UserDefaults from an iOS Thumbnail Extension or QuickLook Extension? It doesn't work. It does work for a Widget extension. I've added the App Group to the Entitlements of each extension. For writing a file to App Group Container I get Error Domain=NSCocoaErrorDomain Code=513 "Du hast nicht die Zugriffsrechte, um die Datei „quicklook 01 current.log“ im Ordner „DocumentInvestigation“ zu sichern." UserInfo={NSFilePath=/private/var/mobile/Containers/Shared/AppGroup/<redacted: the container UUID>/DocumentInvestigation/quicklook 01 current.log, NSUnderlyingError=0x28090bb10 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}} For setting App Group UserDefaults [User Defaults] Couldn't write values for keys ( &#9;&#9;example ) in CFPrefsPlistSource<0x2839cc700> (Domain: <redacted: the-group-identifier>, User: kCFPreferencesCurrentUser, ByHost: No, Container: (null), Contents Need Refresh: No): setting preferences outside an application's container requires user-preference-write or file-write-data sandbox access The use case is, that we are investigating an issue and would like to log to a file which we then can have customers send us.
Asked
by hannesoid.
Last updated
.