Menu
Can an iOS app discover, inspect, or otherwise read its own entitlements at runtime?
Ideally, I could read the whole (processed) contents of my .entitlements file as a plist. Getting just the app identifier prefix would be an acceptable second-best.
Goals here include: allowing the app to be signed with various app identifier prefixes, without needing to make a matching change in code; and to act differently in the presence or absence of shared keychain access groups. This is library code, so the less I impose on the client app's configuration, the better.
867
An app stores its entitlements as key-value pairs embedded in the code signature of its binary executable. You configure entitlements for your app by declaring capabilities for a target in Xcode. Xcode records capabilities that you add in a property list file with the . entitlements extension.
Check the Entitlements In Your Build Log and App You'll find the name of the provisioning profile Xcode used to sign your app in the invocation of the codesign tool's command-line parameters. This command prints a plist that contains all of the entitlements built into the app.
Entitlements are special app capabilities and security permissions granted to applications that are correctly configured to use them. In iOS, apps run in a sandbox, which provides a set of rules that limit access between the application and certain system resources or user data.
In short, no. The entitlements file is only used at compile-time and is not copied into the app bundle.
Clarification: During development, the entitlements are written into the embedded.mobileprovision file in the app bundle. When your app is released as an IPA on the App Store, it will not contain a embedded.mobileprovision.
115
As others mentioned in comments, the signed executable of your app contains an embedded entitlements plist, which suggests it should be possible.
You will need to use some non-ios-public (but documented) APIs. Try the following code:
// Declare the private SecTask functions in your header file void* (SecTaskCopyValueForEntitlement)(void* task, CFStringRef entitlement, CFErrorRef _Nullable *error); void* (SecTaskCreateFromSelf)(CFAllocatorRef allocator); // And call it in your code like this: CFErrorRef err = nil; NSArray* groups = SecTaskCopyValueForEntitlement(SecTaskCreateFromSelf(NULL), CFSTR("com.apple.security.application-groups"), &err); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
