We have an app company.app and it is loading dynamic library from a thirdparty vendor - let's call it vendor.dylib.
company.app is signed by our organisation's developer ID certificate. We have notarized company.app with hardened runtime enabled.
vendor.dylib is signed and notarised by vendor's certificate.
Now, when company.app tries to load the dylib using dlopen, we get an error "not valid for use in process using Library Validation: mapping process and mapped file (non-platform) have different Team IDs"
I read about disabling library validation entitlement https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation?language=objc and https://forums.developer.apple.com/thread/126895
I added this in the info.plist file
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
After building the app and notarising it, i can still see the value com.apple.security.cs.disable-library-validation set to true in the final app's Info.plist.
Yet, i get the same error "not valid for use....... mapped file have different Team IDs". It's as if 'disabling library validation entitlement' didn't take effect.
Any pointers how to go about this?
Note : I cannot opt for a solution where we take vendor.dylib and sign it with our certificate because even though it does seem to solve the loading problem, the vendor's code itself is doing some checksum verification which breaks if vendor.dylib is re-signed with our cert.