def entitlements(self) -> dict:
from binary.binary import Binary
try:
exe_path = self.executable_path()
return Binary.get_entitlements(exe_path)
except NotImplementedError:
return dict()
def _entitlements_can_be_parsed(app_bundle: Bundle) -> bool:
"""
Check whether an application's entitlements can be parsed by libsecinit.
We only check part of the process, namely the parsing of entitlements via xpc_create_from_plist.
:param app_bundle: Bundle for which to check whether the entitlements can be parsed
:type app_bundle: Bundle
:return: True, iff the entitlements of the main executable can be parsed, else false.
"""
# No entitlements, no problem
# If the app contains no entitlements, entitlement validation cannot fail.
if not app_bundle.has_entitlements():
return True
exe_path = app_bundle.executable_path()
raw_entitlements = Binary.get_entitlements(exe_path, raw=True)
# Call the local xpc_vuln_checker program that does the actual checking.
exit_code, _ = tool_named("xpc_vuln_checker")(input=raw_entitlements)
return exit_code != 1