def entitlements(self) -> dict: from binary.binary import Binary try: exe_path = self.executable_path() return Binary.get_entitlements(exe_path) except NotImplementedError: return dict()
def _entitlements_can_be_parsed(app_bundle: Bundle) -> bool: """ Check whether an application's entitlements can be parsed by libsecinit. We only check part of the process, namely the parsing of entitlements via xpc_create_from_plist. :param app_bundle: Bundle for which to check whether the entitlements can be parsed :type app_bundle: Bundle :return: True, iff the entitlements of the main executable can be parsed, else false. """ # No entitlements, no problem # If the app contains no entitlements, entitlement validation cannot fail. if not app_bundle.has_entitlements(): return True exe_path = app_bundle.executable_path() raw_entitlements = Binary.get_entitlements(exe_path, raw=True) # Call the local xpc_vuln_checker program that does the actual checking. exit_code, _ = tool_named("xpc_vuln_checker")(input=raw_entitlements) return exit_code != 1