Sunday, June 7, 2009

An incomplete list of entitlement keys


KeyTypeUsed byChecked byNotes
com.apple.springboard.debugapplicationsbooleangdb
gdbserver
SpringBoard:
_SBXXCancelWatchdogAssertionForProcess
_SBXXRenewWatchdogAssertionForProcess
_SBXXAddWatchdogAssertionForProcess
_SBXXLaunchApplicationForDebugging

com.apple.springboard.launchapplicationsbooleaniapd
Cydia.app
Preferences.app
Web.app
SpringBoard:
_SBXXLaunchApplicationWithIdentifier

com.apple.springboard.opensensitiveurlbooleanCoreLocation.framework
dataaccessd
ManagedConfiguration.framework
AppStore.app
MobileAddressBook.app
MobileMail.app
MobileMusicPlayer.app
MobileSafari.app
MobileStore.app
Preferences.app
locationd
SpringBoard:
_SBXXOpenSensitiveURL

com.apple.springboard.wipedevice
boolean
dataaccessd
Preferences.app
SpringBoard:
_SBXXDataReset

com.apple.springboard.setnowplayinginformation
boolean
YouTube.framework
MobileMail.app
MobileSafari.app
YouTube.app
?

com.apple.springboard.activateawayviewplugins
boolean

SpringBoard:
_SBXXEnableLockScreenBundle

com.apple.remotenotification.server.preferences
boolean
Preferences.app
SpringBoard:
_SBRNSetBundleIdentifierTypes

get-task-allowbooleangdb
gdbserver
?The only documented entitlement key, means "Can be debugged".
task_for_pid-allowbooleanReportCrash
ps
gdb
gdbserver
kernel
keychain-access-groupsarray of stringsToo many
?Everyone uses it has the value (apple).
application-identifierstringToo many
?The content may not be the same as the bundle ID. For example, the application-identifier for AppStore apps will be (10 random characters).(bundle ID)
allow-obliterate-devicebooleanSpringBoard
?
seatbelt-profiles
array of strings
MobileMail.app
MobileSafari.app
Web.app
kernel?

modify-anchor-certificates
boolean
Preferences.app
?



The entitlement of a task can be obtained using the undocumented SecTask*** functions. Because of this, a library can define a set of entitlement keys other applications using it must follow.

No comments:

Post a Comment