Adding iOS entitlements to AIR apps

Entitlements allow applications to access special resources and capabilities on iOS. A typical AIR application needs only the application-identifier and get-task-allow entitlements keys. The packager configures the entitlements file and the application developer does not need to bother about entitlements at all. However, with the advent of native extensions, developers wanting to access  resources beyond what the runtime provides might need to set up proper entitlements for them. Unfortunately, we were not able to add this facility in AIR 3.0. This is a drawback we are working to remove. In the mean time, here is how you can add custom entitlements for your application:

  1. Create  and package your application as you always do. Assume the output file is called MySampleApp.ipa. This file does not have the required entitlements.
  2. Create an entitlement property-list file containing entitlement definitions (key-value pairs). Lets call it MyEntitlements.plist.
  3. Unzip the application:
    unzip MySampleApp.ipa
  4. If the name of your application is MySampleApp you will now have a directory called Payload/ in your working directory.
  5. Sign the application using the native code signing utility:
    codesign -f -s <your code signing identity> --resource-rules ./Payload/ --entitlements ./MyEntitlements.plist ./Payload/

    This will add the entitlements you have provided and replace the existing signature with the new one.

  6. Now zip the Payload folder back into the ipa:
    zip -qr MySampleApp.ipa Payload

Your application now has all the entitlements you provided. Note, the codesign utility is available on Mac only so this workaround will only work on that platform.

Update: AIR 3.1 adds allows developers to specify custom entitlements for their applications. Read about it on this post.

4 Responses to Adding iOS entitlements to AIR apps

  1. Prajwal says:

    What is your code signing identity here. Is it the same Bundle identifier or the common name from the key chain access

  2. Hi,

    Would it work for Mac Applications as well?