Hello,
I need to add the com.ibridge.control entitlement to a command-line utility for use by multiple people within my organization. This utility will not be distributed outside of the organization.
Originally the utility was failing to capture a USB interface for sending data to a downstream USB device. I checked dmesg and noticed that I was missing an entitlement:
So I figured out how to codesign the utility with a .plist/.xml file describing the entitlement:
But then the utility failed to run, and system logs had this:
(utility name redacted)
After some digging, it seems that I need to "whitelist" the entitlement in question, because it is a "restricted entitlement". I'm an admin on our developer account, but I can't seem to create a provisioning profile that presents me with the "Additional Entitlements" dialog, as described here.
I'm also not sure what to do when I have that provisioning profile.
I'm on a 2018 MacBook Pro running High Sierra.
Thanks,
Kevin
I need to add the com.ibridge.control entitlement to a command-line utility for use by multiple people within my organization. This utility will not be distributed outside of the organization.
Originally the utility was failing to capture a USB interface for sending data to a downstream USB device. I checked dmesg and noticed that I was missing an entitlement:
Code Block text $ sudo dmesg | tail -n 5 001185.217215 [utility-name]@: IOUSBUserClientLegacy::start: missing entitlement com.apple.ibridge.control 001185.217298 [utility-name]@: IOUSBUserClientLegacy::start: missing entitlement com.apple.ibridge.control 001185.217374 [utility-name]@: IOUSBUserClientLegacy::start: missing entitlement com.apple.ibridge.control 001185.217448 [utility-name]@: IOUSBUserClientLegacy::start: missing entitlement com.apple.ibridge.control
So I figured out how to codesign the utility with a .plist/.xml file describing the entitlement:
Code Block xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.ibridge.control</key> <true/> </dict> </plist> </pre>
But then the utility failed to run, and system logs had this:
Code Block text AMFI: code signature validation failed. AMFI: bailing out because of restricted entitlements. mac_vnode_check_signature: [redacted, executable]: code signature validation failed fatally: When validating [redacted, executable]: Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: proc 20444: load code signature error 4 for file "[redacted]"
(utility name redacted)
After some digging, it seems that I need to "whitelist" the entitlement in question, because it is a "restricted entitlement". I'm an admin on our developer account, but I can't seem to create a provisioning profile that presents me with the "Additional Entitlements" dialog, as described here.
I'm also not sure what to do when I have that provisioning profile.
I'm on a 2018 MacBook Pro running High Sierra.
Thanks,
Kevin
