Network Extensions provisioning profile contains item "relay"

By creating a provisioning profile on the dashboard or let Xcode (14.3.1) do an automatic signing to obtain that profile, the Network Extensions contains now additional "relay" item, which is not available, when capabilities are added in the Xcode (tried on Xcode Beta 15.2 as well)

The relay is visible though in the web inspector, when provisioning profile is created via developer dashboard

That said, the provisioning profile file (.mobileprovision) has this:

and in the raw XML:

if I would try to manually modify XML entitlements in the Xcode by adding relay, the Signing and Capabilities page of the Xcode project does not reflect this change and eventually removes this additional code line, if I try to select a proper item, for instance DNS Proxy

Is it a new Bug introduced recently? Is it that just Xcode "forgot" to get this update (in Beta as well). The problem is that old profiles stopped working as they do not contain relay

Up vote post of victorkachalov Down vote post of victorkachalov
712 views
Posted by
victorkachalov
Reply
Add a Comment

Replies

I’m currently researching what the relay item is for. However, this bit doesn’t make sense:

The problem is that old profiles stopped working as they do not contain relay

The provisioning profile is an allowlist. It allows you to claim any of the entitlements (or, in this case, entries in that array) that are listed in the profile. However, there’s no requirement for you to claim all of them. Indeed, in the case of an NE provider, that’s nonsensical. A provider should only claim the value that matchs its behaviour. For example, a DNS proxy should only claim dns-proxy.

So, it’s fine to ignore additional values here. Just claim the value that’s appropriate for your provider.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

I’m currently researching what the relay item is for.

D’oh! It is, of course, for the new relay support in this year’s OS release. Specifically, it allows your app to save a relay configuration using NERelayManager. See WWDC 2023 Session 10002 Ready, set, relay: Protect app traffic with network relays for the details.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment