apple_bundle/entitlements/
networking.rs

1use serde::{Deserialize, Serialize};
2
3/// Networking
4#[derive(Serialize, Deserialize, Clone, Default, Debug, PartialEq, Eq)]
5pub struct Networking {
6    /// The APIs an app can use to customize networking features.
7    ///
8    /// To add this entitlement to an iOS app or a Mac App Store app, enable the Network
9    /// Extensions capability in Xcode.
10    ///
11    /// To add this entitlement to a macOS app distributed outside of the Mac App Store,
12    /// perform the following steps: 1. In the Certificates, Identifiers and Profiles
13    /// section of the developer site, enable the Network Extension capability for
14    /// your Developer ID–signed app. Generate a new provisioning profile and download it.
15    /// 2. On your Mac, drag the downloaded provisioning profile to Xcode to install it.
16    /// 3. In your Xcode project, enable manual signing and select the provisioning
17    /// profile downloaded earlier and its associated certificate. 4. Update the
18    /// project’s entitlements.plist to include the
19    /// com.apple.developer.networking.networkextension key and the values of the
20    /// entitlement.
21    ///
22    /// ## Availability
23    /// * iOS 9.0+
24    /// * macOS 10.11+
25    ///
26    /// ## Framework
27    /// * Network Extension
28    #[serde(
29        rename = "com.apple.developer.networking.networkextension",
30        skip_serializing_if = "Option::is_none",
31        serialize_with = "crate::serialize_vec_enum_option"
32    )]
33    pub network_extensions: Option<Vec<NetworkExtensions>>,
34    /// The API an app can use to create and control a custom system VPN configuration.
35    ///
36    /// With the Personal VPN Entitlement enabled, your app can use the NEVPNManager class
37    /// to manage a Personal VPN configuration.
38    ///
39    /// To add this entitlement to your app, enable the Personal VPN capability in Xcode.
40    /// When the entitlement is enabled, Xcode sets the value to allow-vpn.
41    ///
42    /// ## Availability
43    /// * iOS 8.0+
44    /// * macOS 10.10+
45    ///
46    /// ## Framework
47    /// * Network Extension
48    #[serde(
49        rename = "com.apple.developer.networking.vpn.api",
50        skip_serializing_if = "Option::is_none",
51        serialize_with = "crate::serialize_vec_enum_option"
52    )]
53    pub personal_vpn: Option<Vec<PersonalVPN>>,
54    /// The associated domains for specific services, such as shared web credentials,
55    /// universal links, and App Clips.
56    ///
57    /// This key specifies a list of domains for each service enabled. Add an associated
58    /// domain to the list in the following format:
59    /// ```swift
60    /// <service>:<fully qualified domain>
61    /// ```
62    ///
63    /// ### Services include:
64    /// * webcredentials
65    ///
66    /// Use this service for shared web credentials.
67    /// * applinks
68    ///
69    /// Use this service for universal links.
70    /// * activitycontinuation
71    ///
72    /// Use this service for Handoff.
73    /// * appclips
74    ///
75    /// Use this service for an App Clip.
76    ///
77    /// ### Note
78    /// In macOS 11 and later and iOS 14 and later, apps request
79    /// apple-app-site-association files from an Apple-managed content delivery
80    /// network (CDN) dedicated to associated domains, instead of directly from your
81    /// web server. If the CDN has an old version of the file, or doesn’t already have
82    /// a copy of the file, it connects to your web server to obtain the latest
83    /// version.
84    ///
85    /// While developing your app, if you use a private web server that’s unreachable from
86    /// the public internet, you can use the alternate mode feature to bypass the CDN
87    /// and connect directly to your private domain. Add a query string to your
88    /// associated domains entitlement as follows:
89    ///
90    /// ```swift
91    /// <service>:<fully qualified domain>?mode=<alternate mode>
92    /// ```
93    ///
94    /// Where alternate mode is one of the following:
95    /// * developer
96    ///
97    /// Specifies that only devices in developer mode can access the domain. In this mode,
98    /// you can use any valid SSL certificate on your web server, including a
99    /// certificate the system doesn’t trust. Make sure you don’t expose your users to
100    /// security issues, such as man-in-the-middle attacks. As an added precaution,
101    /// only apps signed with a development profile can use developer mode, and users
102    /// must opt in on any device they use.
103    /// * managed
104    ///
105    /// Specifies that only devices managed with a mobile device management (MDM) profile
106    /// can access the domain. This mode requires consent from the MDM administrator.
107    /// * developer+managed
108    ///
109    /// Specifies that only devices that are in both developer and managed modes at the
110    /// same time can access the domain.
111    ///
112    /// To add this entitlement to your app, enable the Associated Domains capability in
113    /// Xcode.
114    ///
115    /// ## Availability
116    /// * iOS 9.0+
117    /// * macOS 10.15+
118    /// * tvOS 9.0+
119    /// * watchOS 6.0+
120    ///
121    /// ## Framework
122    /// * Security
123    #[serde(
124        rename = "com.apple.developer.associated-domains",
125        serialize_with = "crate::serialize_option",
126        skip_serializing_if = "Option::is_none"
127    )]
128    pub associated_domains: Option<Vec<String>>,
129    /// A Boolean value that indicates whether an app can send or receive IP multicast
130    /// traffic.
131    ///
132    /// Your app must have this entitlement to send or receive IP multicast or broadcast
133    /// on iOS. It also allows your app to browse and advertise arbitrary Bonjour
134    /// service types.
135    ///
136    /// This entitlement requires permission from Apple before you can use it in your app.
137    /// Request permission from the Multicast Networking Entitlement Request page.
138    ///
139    /// ## Availability
140    /// * iOS 14.0+
141    /// * macOS 11.0+
142    /// * tvOS 14.0+
143    ///
144    /// ## Framework
145    /// * Network
146    #[serde(
147        rename = "com.apple.developer.networking.multicast",
148        serialize_with = "crate::serialize_option",
149        skip_serializing_if = "Option::is_none"
150    )]
151    pub networking_multicast: Option<bool>,
152    /// ## Availability
153    /// * macOS 10.15+
154    ///
155    /// ## Framework
156    /// * Security
157    #[serde(
158        rename = "com.apple.developer.associated-domains.applinks.read-write",
159        serialize_with = "crate::serialize_option",
160        skip_serializing_if = "Option::is_none"
161    )]
162    pub associated_domains_applinks_read_write: Option<bool>,
163}
164
165/// Network Extensions
166#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq)]
167pub enum NetworkExtensions {
168    /// The APIs you use to proxy DNS queries.
169    #[serde(rename = "dns-proxy")]
170    DnsProxy,
171    /// The APIs you use to proxy TCP and UDP connections.
172    #[serde(rename = "app-proxy-provider")]
173    AppProxyProvider,
174    /// The filter APIs you use to allow or deny network connections created by other apps
175    /// on the system.
176    #[serde(rename = "content-filter-provider")]
177    ContentFilterProvider,
178    /// The APIs you use to tunnel IP packets to a remote network using any custom
179    /// tunneling protocol.
180    #[serde(rename = "packet-tunnel-provider")]
181    PacketTunnelProvider,
182    /// The APIs you use to proxy DNS queries, when signed with a Developer ID profile.
183    #[serde(rename = "dns-proxy-systemextension")]
184    DnsProxySystemextension,
185    /// The APIs you use to proxy TCP and UDP connections, when signed with a Developer ID
186    /// profile.
187    #[serde(rename = "app-proxy-provider-systemextension")]
188    AppProxyProviderSystemextension,
189    /// The filter APIs you use to allow or deny network connections created by other apps
190    /// on the system, when signed with a Developer ID profile.
191    #[serde(rename = "content-filter-provider-systemextension")]
192    ContentFilterProviderSystemExtensions,
193    /// The APIs you use to tunnel IP packets to a remote network using any custom
194    /// tunneling protocol, when signed with a Developer ID profile.
195    #[serde(rename = "packet-tunnel-provider-systemextension")]
196    PacketTunnelProviderSystemExtension,
197    /// The APIs you use to create and manage a system-wide DNS configuration.
198    #[serde(rename = "dns-settings")]
199    DnsSettings,
200    /// The APIs you use for providing functionality similar to Apple Push Notification
201    /// Service when access to the wider internet is unavailable.
202    #[serde(rename = "app-push-provider")]
203    AppPushProvider,
204}
205
206/// Personal VPN
207#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq)]
208pub enum PersonalVPN {
209    #[serde(rename = "allow-vpn")]
210    AllowVpn,
211}