Glossary
Entitlement
A signed key/value pair embedded in a macOS Mach-O binary that grants its process access to gated kernel and framework APIs.
An entitlement is a key-value pair embedded in a macOS Mach-O binary's code signature that declares a capability the binary should have. The kernel and the framework layer both check entitlements when deciding whether to grant a privileged operation.
A typical entitlement plist embedded in a debugger binary looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.debugger</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>
Entitlements come in three classes by who can sign them:
- Public — anyone with a Developer ID can claim them (
com.apple.security.cs.debugger,com.apple.security.cs.allow-jit, etc.). Documented in Apple's Hardened Runtime guide. - Restricted — granted on a case-by-case basis after application to Apple (
com.apple.developer.endpoint-security.client,com.apple.developer.system-extension.install). - Apple-private — only Apple-signed binaries can carry them (
com.apple.system-task-ports,com.apple.private.tcc.allow, hundreds of others).
AMFI is responsible for verifying that an entitlement was actually signed by a trusted authority. A binary cannot grant itself an entitlement by editing its plist — the signature would no longer validate.
For syscall work, the most relevant entitlement is com.apple.security.cs.debugger, which is the path Xcode uses to take a task port on a debug-allowed target.