Entitlements are set by the developer in Xcode at build time, and are used to control access to
iCloud, Push Notifications, and the Application Sandbox.
You can see the entitlements of an app using the codesign utility. Here's safari showing it is
iCloud enabled for bookmark syncing via the iCloud key-value store:
$codesign -d --entitlements - /Applications/Safari.app
Executable=/Applications/Safari.app/Contents/MacOS/Safari
??qq?<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.private.accounts.allaccounts</key>
<true/>
<key>com.apple.developer.ubiquity-kvstore-identifier</key>
<string>com.apple.Safari.SyncedTabs</string>
<key>com.apple.private.tcc.allow</key>
<array>
<string>kTCCServiceAddressBook</string>
</array>
</dict>
</plist>
Here's a nasty bit of shell foo to get a list of apps:
find /Applications/ -name "*.app" -type d -exec codesign -d --entitlements - {} \; 2>&1 | grep com.apple.developer.ubiquity --before-context=3 --after-context=4
Similarly apps that use
Apple push notifications will have a 'com.apple.private.aps-connection-initiate' entitlement:
$ codesign -d --entitlements - /Applications/iTunes.app/
Executable=/Applications/iTunes.app/Contents/MacOS/iTunes
??qq<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.private.aps-connection-initiate</key>
<true/>
</dict>
</plist>
And you should also be able to see the push notification TCP connection being held open. This is created once and used by all the apps consuming push notifications:
$ sudo lsof -iTCP
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
[snip]
applepush 279 root 7u IPv4 0xa27f1934fb5654ef 0t0 TCP hostname.myorg.com:52236->nk11p01st-courier023-bz.push.apple.com:5223 (ESTABLISHED)
No comments:
Post a Comment