I have a local development builds of an audio software application, and I'm having problems setting up entitlements so that I can receive audio input (com.apple.security.device.audio-input
and/or com.apple.security.device.microphone
). This works correctly for "official" builds produced via an IBS pipeline, but never locally.
Based on everything I can see, my local builds are correctly configured - my build is signed and codesign
shows the correct entitlements. The app requests other permissions for e.g. disk access. The application appears and is checked in "Security and Privacy" under "Microphone". However: my audio input is silent, and I am not asked for permissions when opening an input device (this is not a code issue: for example, the identical commit hash built on another system, and run on my system work fine). For now, I'm only concerned with my local builds being usable - these are not official / app store builds, or intended for use on other systems than my dev system.
This is not a question about "how to do entitlements", or about this entitlement specifically, but more generally - how to I debug this issue:
Are there other a priori ways to check my entitlements beyond codesign --display --entitlements
? Where else should I check that, for a given application / binary, entitlements are set up correctly?
When the application attempts to open an a audio input, and access is denied (presumably) because of entitlements, is this failure logged (syslog etc)?
Are there Apple API's that can provide more detailed error information when an operation fails because of entitlements? Can I log the details of an entitlement failure myself?
I have many builds of the application on my system - debug builds, release builds, branches, old versions etc., but only ever see a single application in e.g. Security and Privacy UI. How can I verify that what I see in the UI is correct for e.g. the particular app package / identifier I'm working with?
Any other debugging tips or workflows would be appreciated.
One note: the build system for this project is Cmake/make/command-line-based rather than Xcode based - all entitlements/signing stuff is being done via Cmake and command line tools (again: this has worked before, and works for some builds), so I would prefer solutions that matched this workflow - Apple's documentation is good, but is usually of the form "do this in Xcode", which is unhelpful here.
question from:
https://stackoverflow.com/questions/65858107/best-practices-for-debugging-osx-entitlement-or-sandbox-problems 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…