Add HealthKit capability mapping#44
Closed
jsilets wants to merge 61 commits into
Closed
Conversation
Beginning of eventual transition to all-Swift AltSign for cross-platform compatibility with Windows.
Primarily used by AltDaemon to memory map provisioning profiles so it can remain under system daemon memory limit.
Adds null-pointer checks to prevent dereferencing null pointer if profile is in unexpected format.
Fixes “/var/“ vs “/private/var/“ mismatched URLs by first resolving symbolic links.
On iOS 14, app entitlements are checked on installation. This makes it difficult to distribute a single IPA for both < iOS 13.5 with psychic paper and >= iOS 13.5 where the entitlements should be ignored.
Option to disable private entitlement copying
…into swift_rewrite
Allows apps to once again use JIT on iOS 14.2 and later.
As of January 28, 2021, Apple began signing provisioning profiles with a new WWDR intermediate certificate. This broke all apps installed with AltStore after that date, but updating our local certificate to match Apple’s fixes the issue.
Allows AltSign to be linked as static library without additional resources.
Some Apple IDs (especially paid developer accounts) are still using the legacy WWDR certificate, so we now choose the correct one to use at runtime.
iOS 15 requires a new code signature that embeds the raw entitlements directly into the binary, which coexists with the previous property list-based entitlements format.
Thrown when Apple's authentication servers don't accept the provided anisette data, such as when the anisette data's date is from the "future".
Previously, unzipping progress was tracked by number of files unzipped. Now, we track progress by number of _bytes_ unzipped, which handles large files much better.
Convenience function to convert NSOperatingSystemVersion to displayable string.
We can’t call alt_setUserInfoValueProviderForDomain: from AltSign, so instead we just manually replicate the logic for returning correct NSLocalizedDescription value.
Also adds ALTUnderlyingAppleAPIErrorDomain to represent errors passed on directly from AppleAPI responses.
…’t exist -22406 is thrown when the password is incorrect, but -20101 is thrown when the provided email is incorrect.
…ewRequest] Marking init as nullable conflicted with NSObject’s nonnull definition, so we now use a separate factory method instead for creating new requests to avoid warnings.
…fier, team-identifier, or get-task-allow Apps signed with development profiles must have all these entitlements.
Now resigns app with the exact keychain-access-groups the original app was signed with, except updated with new team identifier.
Fixes various codesigning issues with certain apps.
Recursive wildcard paths are no longer supported with Xcode 16, so we point to the public header directory instead.
Author
|
Replaced by #45 using the clean |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Map the standard HealthKit entitlement to Apple Developer Portal's HealthKit App ID feature.
AltStore and AltServer already derive required App ID features from an app's signed entitlements. AltSign currently recognizes App Groups and Inter-App Audio, but not HealthKit, so
com.apple.developer.healthkitis ignored and the regenerated provisioning profile does not authorize HealthKit.This adds the bidirectional mapping:
com.apple.developer.healthkitHK421J6T7POnly the base Boolean entitlement is mapped. Secondary HealthKit entitlements such as
com.apple.developer.healthkit.accessandcom.apple.developer.healthkit.background-deliveryare intentionally not mapped to the App ID feature because their original values are not valid feature values. AltSign's existing signer continues to preserve only entitlements present in both the original app and regenerated profile.Related to altstoreio/AltStore#1518.
Verification
xcodebuild -workspace AltStore.xcworkspace -scheme AltStore -destination generic/platform=iOS CODE_SIGNING_ALLOWED=NO buildsucceeds with this AltSign commit.ALTCapabilities.msucceeds.git diff --checksucceeds.AltTestsscheme was attempted on an iPhone 17 Pro simulator. Its build fails in the unchanged test target because theNukemodule search path cannot be resolved, before tests execute.An on-device provisioning check is still pending to confirm the regenerated profile and resigned executable both contain the HealthKit entitlement.