From f9bd65a1b592e0cb5707530fba4cbb7d0ad34fec Mon Sep 17 00:00:00 2001 From: Riley Testut Date: Fri, 26 May 2023 17:00:00 -0500 Subject: [PATCH] [AltStoreCore] Adds Permissions.plist with definitions for most known permissions Simpler to update over time as a separate plist rather than in source code. --- AltStore.xcodeproj/project.pbxproj | 4 + AltStoreCore/Protocols/ALTAppPermission.swift | 80 +- AltStoreCore/Resources/Permissions.plist | 845 ++++++++++++++++++ 3 files changed, 909 insertions(+), 20 deletions(-) create mode 100644 AltStoreCore/Resources/Permissions.plist diff --git a/AltStore.xcodeproj/project.pbxproj b/AltStore.xcodeproj/project.pbxproj index 4eedae8f..890d25a2 100644 --- a/AltStore.xcodeproj/project.pbxproj +++ b/AltStore.xcodeproj/project.pbxproj @@ -351,6 +351,7 @@ D52EF2BE2A0594550096C377 /* AppDetailCollectionViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = D52EF2BD2A0594550096C377 /* AppDetailCollectionViewController.swift */; }; D533E8B72727841800A9B5DD /* libAppleArchive.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = D533E8B62727841800A9B5DD /* libAppleArchive.tbd */; settings = {ATTRIBUTES = (Weak, ); }; }; D533E8BE2727BBF800A9B5DD /* libcurl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = D533E8BD2727BBF800A9B5DD /* libcurl.a */; }; + D53D84022A2158FC00543C3B /* Permissions.plist in Resources */ = {isa = PBXBuildFile; fileRef = D53D84012A2158FC00543C3B /* Permissions.plist */; }; D54058B92A1D6269008CCC58 /* AppPermissionProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = D54058B82A1D6269008CCC58 /* AppPermissionProtocol.swift */; }; D54058BB2A1D8FE3008CCC58 /* UIColor+AltStore.swift in Sources */ = {isa = PBXBuildFile; fileRef = D54058BA2A1D8FE3008CCC58 /* UIColor+AltStore.swift */; }; D540E93828EE1BDE000F1B0F /* ErrorDetailsViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = D540E93728EE1BDE000F1B0F /* ErrorDetailsViewController.swift */; }; @@ -917,6 +918,7 @@ D533E8B82727B61400A9B5DD /* fragmentzip.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = fragmentzip.h; sourceTree = ""; }; D533E8BB2727BBEE00A9B5DD /* libfragmentzip.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libfragmentzip.a; path = Dependencies/fragmentzip/libfragmentzip.a; sourceTree = SOURCE_ROOT; }; D533E8BD2727BBF800A9B5DD /* libcurl.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libcurl.a; path = Dependencies/libcurl/libcurl.a; sourceTree = SOURCE_ROOT; }; + D53D84012A2158FC00543C3B /* Permissions.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Permissions.plist; sourceTree = ""; }; D54058B82A1D6269008CCC58 /* AppPermissionProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppPermissionProtocol.swift; sourceTree = ""; }; D54058BA2A1D8FE3008CCC58 /* UIColor+AltStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIColor+AltStore.swift"; sourceTree = ""; }; D540E93728EE1BDE000F1B0F /* ErrorDetailsViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ErrorDetailsViewController.swift; sourceTree = ""; }; @@ -1665,6 +1667,7 @@ isa = PBXGroup; children = ( BFCB9206250AB2120057B44E /* Colors.xcassets */, + D53D84012A2158FC00543C3B /* Permissions.plist */, ); path = Resources; sourceTree = ""; @@ -2402,6 +2405,7 @@ buildActionMask = 2147483647; files = ( BFCB9207250AB2120057B44E /* Colors.xcassets in Resources */, + D53D84022A2158FC00543C3B /* Permissions.plist in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; diff --git a/AltStoreCore/Protocols/ALTAppPermission.swift b/AltStoreCore/Protocols/ALTAppPermission.swift index b436694d..d2f12842 100644 --- a/AltStoreCore/Protocols/ALTAppPermission.swift +++ b/AltStoreCore/Protocols/ALTAppPermission.swift @@ -8,9 +8,9 @@ import AltSign -public extension ALTAppPermissionType +extension ALTAppPermissionType { - var localizedName: String? { + public var localizedName: String? { switch self { case .unknown: return NSLocalizedString("Permission", comment: "") @@ -19,25 +19,78 @@ public extension ALTAppPermissionType default: return nil } } + + fileprivate var knownPermissionsKey: String? { + switch self + { + case .unknown: return nil + case .entitlement: return "entitlements" + case .privacy: return "privacy" + default: return nil + } + } } public protocol ALTAppPermission: RawRepresentable, Hashable { var type: ALTAppPermissionType { get } - var symbolName: String? { get } - - var localizedName: String? { get } var synthesizedName: String? { get } // Kupo! + // Default implementations + var localizedName: String? { get } var localizedDescription: String? { get } + var symbolName: String? { get } - // Convenience properties with default implementations. + // Convenience properties (also with default implementations). // Would normally just be in extension, except that crashes Swift 5.8 compiler ¯\_(ツ)_/¯ var isKnown: Bool { get } var effectiveSymbolName: String { get } var localizedDisplayName: String { get } } +private struct KnownPermission: Decodable +{ + var localizedName: String + var localizedDescription: String + var rawValue: String + var symbolName: String + + private enum CodingKeys: String, CodingKey + { + case localizedName = "name" + case localizedDescription = "description" + case rawValue = "key" + case symbolName = "symbol" + } +} + +private let knownPermissions: [String: [String: KnownPermission]] = { + guard let fileURL = Bundle(for: DatabaseManager.self).url(forResource: "Permissions", withExtension: "plist"), + let data = try? Data(contentsOf: fileURL), + let propertyList = try? PropertyListDecoder().decode([String: [String: KnownPermission]].self, from: data) + else { + fatalError("Could not decode Permissions.plist.") + } + + return propertyList +}() + +public extension ALTAppPermission +{ + private var knownPermission: KnownPermission? { + guard let key = self.type.knownPermissionsKey, + let permissions = knownPermissions[key] + else { return nil } + + let knownPermission = permissions[self.rawValue] + return knownPermission + } + + var localizedName: String? { self.knownPermission?.localizedName } + var localizedDescription: String? { self.knownPermission?.localizedDescription } + var symbolName: String? { self.knownPermission?.symbolName } +} + public extension ALTAppPermission { var isKnown: Bool { @@ -50,10 +103,7 @@ public extension ALTAppPermission var localizedDisplayName: String { return self.localizedName ?? self.synthesizedName ?? self.rawValue } -} - -public extension ALTAppPermission -{ + func isEqual(_ permission: any ALTAppPermission) -> Bool { guard let permission = permission as? Self else { return false } @@ -69,13 +119,8 @@ public extension ALTAppPermission public struct UnknownAppPermission: ALTAppPermission { public var type: ALTAppPermissionType { .unknown } - public var symbolName: String? { nil } - - public var localizedName: String? { nil } public var synthesizedName: String? { nil } - public var localizedDescription: String? { nil } - public var rawValue: String public init(rawValue: String) @@ -87,9 +132,6 @@ public struct UnknownAppPermission: ALTAppPermission extension ALTEntitlement: ALTAppPermission { public var type: ALTAppPermissionType { .entitlement } - public var symbolName: String? { nil } - - public var localizedName: String? { nil } public var synthesizedName: String? { // Attempt to convert last component of entitlement to human-readable string. @@ -108,8 +150,6 @@ extension ALTEntitlement: ALTAppPermission let synthesizedName = words.joined(separator: " ") return synthesizedName } - - public var localizedDescription: String? { nil } } extension ALTAppPrivacyPermission: ALTAppPermission diff --git a/AltStoreCore/Resources/Permissions.plist b/AltStoreCore/Resources/Permissions.plist new file mode 100644 index 00000000..57615446 --- /dev/null +++ b/AltStoreCore/Resources/Permissions.plist @@ -0,0 +1,845 @@ + + + + + entitlements + + autofill credential provider + + name + AutoFill Credential Provider + description + Allows app to provide user names and passwords for AutoFill + key + com.apple.developer.authentication-services.autofill-credential-provider + symbol + wallet.pass + + applesignin + + name + Sign in with Apple + description + Allows sign in with Apple. + key + com.apple.developer.applesignin + symbol + apple.logo + + parent-application-identifiers + + name + Parent Application Identifiers + description + Allows app to use App Clips + key + com.apple.developer.parent-application-identifiers + symbol + appclip + + associated-appclip-app-identifiers + + name + Associated App Clip Identifiers + description + Allows app to use App Clips with other apps. + key + com.apple.developer.associated-appclip-app-identifiers + symbol + appclip + + on-demand-install-capable + + name + On-Demand Install Capable + description + App can install App Clips + key + com.apple.developer.on-demand-install-capable + symbol + appclip + + carplay-audio + + name + CarPlay Audio + description + Allows the app to provide audio content for CarPlay. + key + com.apple.developer.carplay-audio + symbol + car + + carplay-charging + + name + CarPlay Charging + description + Allows charging capabilities for CarPlay. + key + com.apple.developer.carplay-charging + symbol + car + + carplay-communication + + name + CarPlay Communication + description + Allows the app to make and receive phone calls, messages, and other communications through CarPlay. + key + com.apple.developer.carplay-communication + symbol + car + + carplay-maps + + name + CarPlay Maps + description + Allows the app to provide maps and navigation services for CarPlay. + key + com.apple.developer.carplay-maps + symbol + car + + carplay-parking + + name + CarPlay Parking + description + Allows the app to provide parking-related services for CarPlay. + key + com.apple.developer.carplay-parking + symbol + car + + carplay-quick-ordering + + name + CarPlay Quick Ordering + description + Allows the app to provide quick ordering capabilities for CarPlay. + key + com.apple.developer.carplay-quick-ordering + symbol + car + + carplay-messaging + + name + CarPlay Messaging + description + Allows the app to send and receive messages through CarPlay. + key + com.apple.developer.carplay-messaging + symbol + car + + automated-device-enrollment.add-devices + + name + Automated Device Enrollment + description + Grants access to add a device to Automated Device Enrollment. + key + com.apple.developer.automated-device-enrollment.add-devices + symbol + macbook.and.iphone + + ClassKit-environment + + name + ClassKit + description + Grants access to the ClassKit development or production environment for an education app that works with the Schoolwork app. + key + com.apple.developer.ClassKit-environment + symbol + books.vertical + + automatic-assessment-configuration + + name + Automatic Assessment Configuration + description + Allows app to create an assessment session. + key + com.apple.developer.automatic-assessment-configuration + symbol + books.vertical + + mail-client + + name + Mail Client + description + Allows app to act as a user's default email client. + key + com.apple.developer.mail-client + symbol + envelope + + exposure-notification + + name + Exposure Notification + description + App may use exposure notification. + key + com.apple.developer.exposure-notification + symbol + microbe.fill + + family-controls + + name + Family Controls + description + App can request or revoke authorization to provide parental controls. + key + com.apple.developer.family-controls + symbol + figure.and.child.holdinghands + + fileprovider.testing-mode + + name + Testing Mode + description + App can enter testing mode. + key + com.apple.developer.fileprovider.testing-mode + symbol + testtube.2 + + com.apple.developer.game-center + + name + Game Center + description + App may see and compare achievements on a leaderboard, invite friends, and start multiplayer games. + key + com.apple.developer.game-center + symbol + gamecontroller + + group-session + + name + Group Activities + description + Allows the app to schedule and participate in group activities. + key + com.apple.developer.group-session + symbol + person.3 + + com.apple.developer.healthkit + + name + Health + description + Allows the app to access your Health data. + key + com.apple.developer.healthkit + symbol + heart.text.square + + healthkit.background-delivery + + name + Health - Background Updates + description + App may receive health updates while running in the background. + key + com.apple.developer.healthkit.background-delivery + symbol + heart.text.square + + com.apple.developer.healthkit.recalibrate-estimates + + name + Health - Recalibrate + description + App may recalibrate Health data. + key + com.apple.developer.healthkit.recalibrate-estimates + symbol + heart.text.square + + homekit + + name + HomeKit - Matter + description + Allows app to provide the setup of a Matter device. + key + com.apple.developer.homekit + symbol + house + + com.apple.security.hypervisor + + name + Hypervisor + description + Allows app to create and manage virtual machines. + key + com.apple.security.hypervisor + symbol + externaldrive.connected.to.line.below + + com.apple.vm.device-access + + name + Device Access + description + App can capture USB devices and uses them in the guest-operating system. + key + com.apple.vm.device-access + symbol + mediastick + + com.apple.vm.networking + + name + Networking + description + App can manage virtual network interfaces without escalating privileges to the root user. + key + com.apple.vm.networking + symbol + network + + com.apple.security.virtualization + + name + Virtualization + description + App can use the Virtualization framework. + key + com.apple.security.virtualization + symbol + server.rack + + com.apple.developer.icloud-container-development-container-identifiers + + name + iCloud Container Development Container Identifiers + description + App can use iCloud containers for testing environments. + key + com.apple.developer.icloud-container-development-container-identifiers + symbol + icloud + + com.apple.developer.icloud-container-environment + + name + iCloud Container Environment + description + App can set up iCloud testing environment. + key + com.apple.developer.icloud-container-environment + symbol + icloud + + com.apple.developer.icloud-container-identifiers + + name + iCloud Container Identifiers + description + App can set up iCloud identifiers used for testing environments. + key + com.apple.developer.icloud-container-identifiers + symbol + icloud + + com.apple.developer.icloud-services + + name + iCloud Services Entitlement + description + Grants access to iCloud services. + key + com.apple.developer.icloud-services + symbol + icloud + + com.apple.developer.ubiquity-kvstore-identifier + + name + iCloud Key-Value Store Entitlement + description + The container identifier to use for iCloud key-value storage. + key + com.apple.developer.ubiquity-kvstore-identifier + symbol + icloud + + com.apple.developer.location.push + + name + Location Sharing Push Notifications + description + Enables location-sharing app to query someone’s location in response to a push notification. + key + com.apple.developer.location.push + symbol + location + + com.apple.developer.media-device-discovery-extension + + name + Media Device Discovery Extension + description + App extension that adds a third-party media receiver to a system device-picker UI. + key + com.apple.developer.media-device-discovery-extension + symbol + display.2 + + com.apple.developer.avfoundation.multitasking-camera-access + + name + Multitasking Camera Access + description + App may continue using the camera at the same time as another foreground app. + key + com.apple.developer.avfoundation.multitasking-camera-access + symbol + camera.on.rectangle + + com.apple.developer.kernel.increased-memory-limit + + name + Increased Memory Limit + description + Allows app to perform better with a higher memory limit on supported devices. + key + com.apple.developer.kernel.increased-memory-limit + symbol + memorychip + + com.apple.developer.kernel.extended-virtual-addressing + + name + Extended Virtual Addressing + description + App may access an extended address space. + key + com.apple.developer.kernel.extended-virtual-addressing + symbol + memorychip + + com.apple.developer.networking.networkextension + + name + Network Extensions + description + App can customize networking features. + key + com.apple.developer.networking.networkextension + symbol + network + + com.apple.developer.networking.vpn.api + + name + Personal VPN + description + App can create and control a custom system VPN configuration. + key + com.apple.developer.networking.vpn.api + symbol + network + + com.apple.developer.associated-domains + + name + Associated Domains + description + The associated domains for specific services, such as shared web credentials, universal links, and App Clips. + key + com.apple.developer.associated-domains + symbol + network + + com.apple.developer.networking.multicast + + name + Multicast + description + App can send or receive IP multicast traffic. + key + com.apple.developer.networking.multicast + symbol + network + + com.apple.developer.associated-domains.applinks.read-write + + name + Applinks + description + Grants app read/write access to Applinks + key + com.apple.developer.associated-domains.applinks.read-write + symbol + network + + com.apple.developer.networking.manage-thread-network-credentials + + name + ThreadNetwork + description + Grants access to the ThreadNetwork API. + key + com.apple.developer.networking.manage-thread-network-credentials + symbol + network + + aps-environment + + name + Push Notifications + description + App can send push notifications. + key + aps-environment + symbol + platter.filled.top.and.arrow.up.iphone + + com.apple.developer.usernotifications.filtering + + name + Notification Filtering + description + App can receive notifications without displaying them to the user. + key + com.apple.developer.usernotifications.filtering + symbol + platter.filled.top.and.arrow.up.iphone + + com.apple.developer.device-information.user-assigned-device-name + + name + Device Name + description + Grants access to the user-assigned device name instead of a generic device name. + key + com.apple.developer.device-information.user-assigned-device-name + symbol + ipad.and.iphone + + com.apple.developer.severe-vehicular-crash-event + + name + Crash Detection + description + Grants access to Crash Detection events. + key + com.apple.developer.severe-vehicular-crash-event + symbol + car.side.and.exclamationmark + + com.apple.security.application-groups + + name + App Groups + description + Allows app to share files with other apps and app extensions in same App Group. + key + com.apple.security.application-groups + symbol + rectangle.3.group + + keychain-access-groups + + name + Keychain + description + Allows app to read and write secure data to the system's keychain. + key + keychain-access-groups + symbol + key.horizontal + + com.apple.developer.default-data-protection + + name + Data Protection + description + App can set the level of data protection for sensitive user data when accessed on a device. + key + com.apple.developer.default-data-protection + symbol + lock.doc + + com.apple.developer.devicecheck.appattest-environment + + name + App Attest Environment + description + Allows app to use the App Attest service to validate itself. + key + com.apple.developer.devicecheck.appattest-environment + symbol + app.badge.checkmark + + com.apple.security.smartcard + + name + Smart Card Access + description + Grants access to smart card slots and smart cards. + key + com.apple.security.smartcard + symbol + greetingcard + + com.apple.developer.sensorkit.reader.allow + + name + Sensor Data + description + Grants access to sensor data that's required by your app's preapproved research study. + key + com.apple.developer.sensorkit.reader.allow + symbol + sensor + + com.apple.developer.siri + + name + Siri + description + Allows app to handle Siri requests. + key + com.apple.developer.siri + symbol + mic + + com.apple.developer.storekit.external-link.account + + name + External Website Account Linking + description + App can link to an external website for account creation or management. + key + com.apple.developer.storekit.external-link.account + symbol + link.badge.plus + + com.apple.developer.storekit.external-purchase + + name + External Purchases + description + App can offer external purchases. + key + com.apple.developer.storekit.external-purchase + symbol + dollarsign.circle + + com.apple.developer.storekit.external-purchase-link + + name + External Purchase Website Link + description + App can include a link that directs users to a website to make an external purchase. + key + com.apple.developer.storekit.external-purchase-link + symbol + link.badge.plus + + com.apple.developer.video-subscriber-single-sign-on + + name + Subscriber Single Sign-On + description + Allows app to use single sign on + key + com.apple.developer.video-subscriber-single-sign-on + symbol + rectangle.and.pencil.and.ellipsis + + com.apple.smoot.subscriptionservice + + name + Subscription + description + Allows app to check for subscription + key + com.apple.smoot.subscriptionservice + symbol + person.crop.circle.badge.checkmark + + com.apple.developer.pass-type-identifiers + + name + Pass Type + description + Allows app to check for passes in Apple Wallet + key + com.apple.developer.pass-type-identifiers + symbol + wallet.pass + + com.apple.developer.in-app-payments + + name + In-App Payments + description + Allows app to use Apple Pay + key + com.apple.developer.in-app-payments + symbol + dollarsign.circle + + com.apple.developer.in-app-identity-presentment + + name + In-App Identity Presentment + description + Allows app to verify user for Apple Pay + key + com.apple.developer.in-app-identity-presentment + symbol + dollarsign.circle + + com.apple.developer.in-app-identity-presentment.merchant-identifiers + + name + In-App Identity Presentment (Merchant Identifiers) + description + Allows app to verify merchant for Apple Pay + key + com.apple.developer.in-app-identity-presentment.merchant-identifiers + symbol + dollarsign.circle + + com.apple.developer.weatherkit + + name + Weather Data + description + Allows app to use WeatherKit + key + com.apple.developer.weatherkit + symbol + cloud.sun + + com.apple.developer.web-browser + + name + Default Web Browser + description + Allows app to be used as the user's default web browser. + key + com.apple.developer.web-browser + symbol + globe.europe.africa + + com.apple.developer.web-browser.public-key-credential + + name + Public Key Credential + description + Allows app to access passkeys + key + com.apple.developer.web-browser.public-key-credential + symbol + key.viewfinder + + com.apple.developer.networking.wifi-info + + name + Wi-Fi Information Access + description + Allows app to access information about the connected Wi-Fi network. + key + com.apple.developer.networking.wifi-info + symbol + wifi + + com.apple.external-accessory.wireless-configuration + + name + Wireless Accessory Configuration + description + App may configure MFi Wi-Fi accessories. + key + com.apple.external-accessory.wireless-configuration + symbol + wifi + + com.apple.developer.networking.multipath + + name + Multipath Support + description + App may use Multipath protocols to seamlessly transition between Wi-Fi and cellular networks. + key + com.apple.developer.networking.multipath + symbol + antenna.radiowaves.left.and.right + + com.apple.developer.networking.HotspotConfiguration + + name + Hotspot Configuration + description + App can use the hotspot manager to configure Wi-Fi networks. + key + com.apple.developer.networking.HotspotConfiguration + symbol + personalhotspot + + com.apple.developer.nfc.readersession.formats + + name + NFC Tag Reader Session Formats + description + The Near Field Communication data formats an app can read. + key + com.apple.developer.nfc.readersession.formats + symbol + iphone.gen1.radiowaves.left.and.right.circle + + get-task-allow + + name + Debuggable + description + Allows developers to attach a debugger to this app. This permission is required for JIT to work. + key + get-task-allow + symbol + hammer + + inter-app-audio + + name + Inter-App Audio + description + Allows sharing real-time audio between apps. + key + inter-app-audio + symbol + hifispeaker.2 + + com.apple.developer.healthkit.access + + name + Sensitive Health Data + description + Allows the app to access your sensitive Health data. + key + com.apple.developer.healthkit.access + symbol + heart.text.square + + + +