adding access groups to entitlement database

Used for discussing the various tools in the book as well as encouraging members to share tools

adding access groups to entitlement database

Postby backendbilly » Thu Feb 16, 2017 4:44 pm

I think it would make sense to add access groups from keychain-access-groups to the entitlement database. The reason is that access groups can also be thought of as an extension to keychain-access-groups entitlement. For example, binaries with "keychain-access-group" entitlement may contain access group "apple". In this case access group "apple" is exclusive only to native iOS binaries. As an example, this would come in handy when needing to know which iOS binaries have access to specific keychain items with a particular access group.

Example:

Code: Select all
~ root# grep -rs "com.apple.safari.credit-cards" /
Binary file /Applications/MobileSafari.app/MobileSafari matches
Binary file /Applications/Preferences.app/Preferences matches
Binary file /Applications/SafariViewService.app/SafariViewService matches
Binary file /Applications/Web.app/Web matches
Binary file /Applications/WebApp1.app/WebApp1 matches
Binary file /Applications/WebSheet.app/WebSheet matches
...
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Return to Tools

Who is online

Users browsing this forum: No registered users and 2 guests