Entitlements for signed and notarized apps

To allow some features of LiveCode to work correctly in signed and notarized apps you need to include the relevant entitlements in an entitlements file. The permissions are then incorporated into the code signature when you build the app.

The entitlement keys are documented here.

Create an entitlements file

Create a new "entitlements.plist" file in the same folder as the app bundle is stored and add any entitlements your app requires.

This example adds the entitlement required for AppleScript to run.

<dict>
	<key>com.apple.security.automation.apple-events</key>
	<true/>
</dict>

Include the entitlements file when you sign your app

sudo codesign --verbose --deep --force --sign "<your_certificate_here>" --options runtime --entitlements <path_to_entitlements.plist_file> <path_to_standalone_app_bundle>

The LiveCode entitlements

The "entitlements.plist" file that we use when we sign LiveCode builds is the following:

<dict>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
 	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
 	<true/>
 	<key>com.apple.security.cs.allow-dyld-environment-variables</key>
 	<true/>
 	<key>com.apple.security.cs.disable-library-validation</key>
 	<true/>
 	<key>com.apple.security.cs.disable-executable-page-protection</key>
 	<true/>
 	<key>com.apple.security.device.audio-input</key>
 	<true/>
 	<key>com.apple.security.device.camera</key>
 	<true/>
 	<key>com.apple.security.personal-information.location</key>
 	<true/>
 	<key>com.apple.security.personal-information.addressbook</key>
 	<true/>
 	<key>com.apple.security.personal-information.photos-library</key>
 	<true/>
 	<key>com.apple.security.automation.apple-events</key>
 	<true/>
 </dict> 

An option is to sign your app using all the entitlements that LiveCode uses. This will ensure that no features will break because the proper entitlement was not used.

0 Comments

Add your comment

E-Mail me when someone replies to this comment