(How entitlements are verified) |
No edit summary |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
Entitlements are used to grant specific privileges to a program. For example, an entitlement is required to be able to use some of [[CoreTelephony.framework]]'s calling APIs. | Entitlements are used to grant specific privileges to a program. For example, an entitlement is required to be able to use some of [[CoreTelephony.framework]]'s calling APIs. | ||
They are verified using the [https://opensource.apple.com/source/libsecurity_codesigning/libsecurity_codesigning-55037.6/lib/SecTask.h SecTaskCopyValueForEntitlement] from Security.framework. | They are verified using the [https://opensource.apple.com/source/libsecurity_codesigning/libsecurity_codesigning-55037.6/lib/SecTask.h SecTaskCopyValueForEntitlement] function from [[Security.framework]]. | ||
= How to dump from binaries = | |||
Using [[ldid]] you can extract a property list containing the entitlements of a binary. To do so, you can do: | Using [[ldid]] you can extract a property list containing the entitlements of a binary. To do so, you can do: | ||
Line 11: | Line 11: | ||
ldid -e /System/Library/CoreServices/SpringBoard.app/SpringBoard | ldid -e /System/Library/CoreServices/SpringBoard.app/SpringBoard | ||
= Known entitlements = | |||
''This section could contain a table of binaries with their respective entitlements, their types (boolean or array), iOS versions where they exist, "Used by" and "Checked by".'' | ''This section could contain a table of binaries with their respective entitlements, their types (boolean or array), iOS versions where they exist, "Used by" and "Checked by".'' | ||
= | = External Links = | ||
* [http://networkpx.blogspot.com/2009/06/incomplete-list-of-entitlement-keys.html KennyTM's incomplete list] | * [http://networkpx.blogspot.com/2009/06/incomplete-list-of-entitlement-keys.html KennyTM's incomplete list] | ||
* Apple's documentation: [https://developer.apple.com/library/mac/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AboutEntitlements.html About Entitlements] + [https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/AddingCapabilities/AddingCapabilities.html Adding Capabilities] | * Apple's documentation: [https://developer.apple.com/library/mac/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AboutEntitlements.html About Entitlements] + [https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/AddingCapabilities/AddingCapabilities.html Adding Capabilities] | ||
* [http://newosxbook.com/ent.jl OS X/iOS Entitlement Database] |
Latest revision as of 14:43, 18 May 2017
Entitlements are used to grant specific privileges to a program. For example, an entitlement is required to be able to use some of CoreTelephony.framework's calling APIs.
They are verified using the SecTaskCopyValueForEntitlement function from Security.framework.
How to dump from binaries
Using ldid you can extract a property list containing the entitlements of a binary. To do so, you can do:
ldid -e binary
For example, to dump SpringBoard's entitlements you would do:
ldid -e /System/Library/CoreServices/SpringBoard.app/SpringBoard
Known entitlements
This section could contain a table of binaries with their respective entitlements, their types (boolean or array), iOS versions where they exist, "Used by" and "Checked by".
External Links
- KennyTM's incomplete list
- Apple's documentation: About Entitlements + Adding Capabilities
- OS X/iOS Entitlement Database