[MacCatalyst] Added Default Entitlements for MacCatalyst projects (#18669)

Added default entitlements for MacCatalyst templates. For Debug, the com.apple.security.get-task-allow entitlement that allows for using developer tools when developing MAUI Blazor apps. For release, com.apple.security.app-sandbox is required to publish MacCatalyst apps to the Mac App Store. Also added unit test to check for entitlements when project is created. Fixes #18344 --------- Co-authored-by: GitHub Actions Autoformatter <github-actions-autoformatter@xamarin.com> Co-authored-by: Rolf Bjarne Kvinge <rolf@xamarin.com>
2023-08-28 09:14:25 -07:00 · 2023-08-28 09:14:25 -07:00 · 1b016fa072
--- a/dotnet/targets/Xamarin.Shared.Sdk.DefaultItems.targets
+++ b/dotnet/targets/Xamarin.Shared.Sdk.DefaultItems.targets
@ -23,6 +23,19 @@
    <None Include="@(ObjcBindingCoreSource)" />
  </ItemGroup>

+  <PropertyGroup Condition="'$(_PlatformName)' == 'MacCatalyst'">
+    <EnableDefaultMacCatalystReleaseEntitlements Condition="'$(EnableDefaultMacCatalystReleaseEntitlements)' == ''">True</EnableDefaultMacCatalystReleaseEntitlements>
+    <EnableDefaultMacCatalystDebugEntitlements Condition="'$(EnableDefaultMacCatalystDebugEntitlements)' == ''">True</EnableDefaultMacCatalystDebugEntitlements>
+  </PropertyGroup>
+
+  <ItemGroup Condition="'$(EnableDefaultMacCatalystDebugEntitlements)' == 'True' and '$(Configuration)' == 'Debug'">
+    <CustomEntitlements Include="com.apple.security.get-task-allow" Type="boolean" Value="true" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(EnableDefaultMacCatalystReleaseEntitlements)' == 'True' and '$(Configuration)' == 'Release'">
+    <CustomEntitlements Include="com.apple.security.app-sandbox" Type="boolean" Value="true" />
+  </ItemGroup>
+
  <!-- Architecture -->
  <!-- If the old-style variables are set, use those -->
  <PropertyGroup Condition=" '$(TargetArchitectures)' == '' ">
--- a/tests/dotnet/UnitTests/ProjectTest.cs
+++ b/tests/dotnet/UnitTests/ProjectTest.cs
@ -1273,6 +1273,32 @@ namespace Xamarin.Tests {
 			}
 		}

+		[TestCase (ApplePlatform.MacCatalyst, "maccatalyst-x64", "Release")]
+		[TestCase (ApplePlatform.MacCatalyst, "maccatalyst-x64", "Debug")]
+		public void CheckForMacCatalystDefaultEntitlements (ApplePlatform platform, string runtimeIdentifiers, string configuration)
+		{
+			var project = "Entitlements";
+			Configuration.IgnoreIfIgnoredPlatform (platform);
+			Configuration.AssertRuntimeIdentifiersAvailable (platform, runtimeIdentifiers);
+
+			var project_path = GetProjectPath (project, runtimeIdentifiers: runtimeIdentifiers, platform: platform, out var appPath, configuration: configuration);
+			Clean (project_path);
+
+			var properties = GetDefaultProperties (runtimeIdentifiers);
+			properties ["Configuration"] = configuration;
+			DotNet.AssertBuild (project_path, properties);
+
+			var executable = GetNativeExecutable (platform, appPath);
+			var foundEntitlements = TryGetEntitlements (executable, out var entitlements);
+			Assert.IsTrue (foundEntitlements, "Issues found with Entitlements.");
+			if (configuration == "Release") {
+				Assert.IsTrue (entitlements!.Get<PBoolean> ("com.apple.security.app-sandbox")?.Value, "com.apple.security.app-sandbox enlistment was not found in Release configuration.");
+				Assert.IsNull (entitlements.Get<PBoolean> ("com.apple.security.get-task-allow")?.Value, "com.apple.security.get-task-allow enlistment was found in Release configuration.");
+			} else if (configuration == "Debug") {
+				Assert.IsTrue (entitlements!.Get<PBoolean> ("com.apple.security.get-task-allow")?.Value, "com.apple.security.get-task-allow enlistment was not found in Debug configuration.");
+			}
+		}
+
 		// [TestCase (ApplePlatform.MacCatalyst, null, "Release")]
 		[TestCase (ApplePlatform.MacOSX, null, "Release")]
 		public void NoWarnCodesign (ApplePlatform platform, string runtimeIdentifiers, string configuration)