Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

cspence002

macrumors newbie
Original poster
Aug 19, 2022
18
2
Running this displays a list of Finder entitlements that I think may have been overwritten by a third-party application.
Code:
codesign -d --entitlements - /System/Library/CoreServices/Finder.app
returns:

Code:
Executable=/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
[Dict]
    [Key] com.apple.dock.add-item
    [Value]
        [Bool] true
    [Key] com.apple.wifi.set_power
    [Value]
        [Bool] true
    [Key] com.apple.coreduetd.allow
    [Value]
        [Bool] true
    [Key] com.apple.coreduetd.context
    [Value]
        [Bool] true
    [Key] com.apple.amp.devices.client
    [Value]
        [Bool] true
    [Key] com.apple.private.contactsui
    [Value]
        [Bool] true
    [Key] com.apple.private.dmd.policy
    [Value]
        [Bool] true
    [Key] com.apple.private.iaaccounts
    [Value]
        [Bool] true
    [Key] com.apple.private.ind.client
    [Value]
        [Bool] true
    [Key] com.apple.private.screen-time
    [Value]
        [Bool] true
    [Key] com.apple.wifi.priority.id
    [Value]
        [String] finder
    [Key] com.apple.fileprovider.acl-read
    [Value]
        [Bool] true
    [Key] com.apple.authkit.client.private
    [Value]
        [Bool] true
    [Key] com.apple.fileprovider.enumerate
    [Value]
        [Bool] true
    [Key] com.apple.fileprovider.fetch-url
    [Value]
        [Bool] true
    [Key] com.apple.wifi.priority.internal
    [Value]
        [Bool] true
    [Key] com.apple.private.airdrop.settings
    [Value]
        [Bool] true
    [Key] com.apple.private.airdrop.discovery
    [Value]
        [Bool] true
    [Key] com.apple.private.persona.adopt.any
    [Value]
        [Bool] true
    [Key] com.apple.private.applemediaservices
    [Value]
        [Bool] true
    [Key] com.apple.private.personas.propagate
    [Value]
        [Bool] true
    [Key] com.apple.usermanagerd.persona.fetch
    [Value]
        [Bool] true
    [Key] com.apple.fileprovider.extension-host
    [Value]
        [Bool] true
    [Key] com.apple.private.apfs.get-graft-info
    [Value]
        [Bool] true
    [Key] com.apple.private.backupd.session
    [Value]
        [String] Finder
    [Key] com.apple.private.accounts.allaccounts
    [Value]
        [Bool] true
    [Key] com.apple.private.canmodifysharepoints
    [Value]
        [Bool] true
    [Key] com.apple.spotlight.entitledattributes
    [Value]
        [Bool] true
    [Key] com.apple.private.pluginkit.persona
    [Value]
        [String] System
    [Key] com.apple.private.corespotlight.internal
    [Value]
        [Bool] true
    [Key] com.apple.private.sociallayer.highlights
    [Value]
        [Bool] true
    [Key] com.apple.accounts.appleaccount.fullaccess
    [Value]
        [Bool] true
    [Key] com.apple.private.librarian.container-proxy
    [Value]
        [Bool] true
    [Key] com.apple.private.spotlight.search.internal
    [Value]
        [Bool] true
    [Key] com.apple.private.security.storage.mobilesync
    [Value]
        [Bool] true
    [Key] com.apple.shortcuts.contextual-actions-client
    [Value]
        [Bool] true
    [Key] com.apple.private.system-extension.app-manager
    [Value]
        [Bool] true
    [Key] com.apple.launchservices.changeurlschemehandler
    [Value]
        [Bool] true
    [Key] com.apple.private.corespotlight.search.internal
    [Value]
        [Bool] true
    [Key] com.apple.private.syspolicy.gatekeeper-override
    [Value]
        [Bool] true
    [Key] com.apple.private.MobileContainerManager.allowed
    [Value]
        [Bool] true
    [Key] com.apple.private.admin.writeconfig.enable-sharing
    [Value]
        [Bool] true
    [Key] com.apple.private.foundation.filecoordination-debug
    [Value]
        [Bool] true
    [Key] com.apple.private.syspolicy.gatekeeper-block-bypass
    [Value]
        [Bool] true
    [Key] com.apple.security.personal-information.addressbook
    [Value]
        [Bool] true
    [Key] com.apple.private.librarian.can-get-application-info
    [Value]
        [Bool] true
    [Key] com.apple.private.MobileContainerManager.otherIdLookup
    [Value]
        [Bool] true
    [Key] com.apple.private.clouddocs.can-infer-session-from-url
    [Value]
        [Bool] true
    [Key] com.apple.private.interstellar.data-access
    [Value]
        [String] collaborations
    [Key] com.apple.private.coreservices.canmanagebackgroundtasks
    [Value]
        [Bool] true
    [Key] com.apple.private.launchservices.changeurlschemehandler
    [Value]
        [Bool] true
    [Key] com.apple.private.tcc.manager.access.read
    [Value]
        [Array]
            [String] kTCCServiceAll
    [Key] com.apple.private.launchservices.changedefaulthandlers
    [Value]
        [Array]
            [String] *
    [Key] com.apple.imdpersistence.IMDPersistenceAgent-Syndication
    [Value]
        [Bool] true
    [Key] com.apple.application-identifier
    [Value]
        [String] RD13622867.com.apple.finder
    [Key] com.apple.private.MobileContainerManager.unrestrictedPersona
    [Value]
        [Bool] true
    [Key] com.apple.private.coreservices.useractivityd.sharedpasteboard
    [Value]
        [Bool] true
    [Key] com.apple.developer.ubiquity-kvstore-identifier
    [Value]
        [String] com.apple.finder
    [Key] com.apple.private.appleaccount.app-hidden-from-icloud-settings
    [Value]
        [Bool] true
    [Key] com.apple.private.tcc.manager.access.delete
    [Value]
        [Array]
            [String] kTCCServiceUbiquity
    [Key] com.apple.private.tcc.manager.access.modify
    [Value]
        [Array]
            [String] kTCCServiceUbiquity
    [Key] com.apple.private.coreservices.canaccessanysharedfilelist
    [Value]
        [String] read-write
    [Key] com.apple.private.tcc.manager.check-by-audit-token
    [Value]
        [Array]
            [String] kTCCServiceUbiquity
    [Key] com.apple.private.AuthorizationServices
    [Value]
        [Array]
            [String] com.apple.security.assessment.update
    [Key] com.apple.security.temporary-exception.iokit-user-client-class
    [Value]
        [String] IO80211APIUserClient
    [Key] com.apple.security.temporary-exception.shared-preference.read-only
    [Value]
        [Array]
            [String] com.apple.SocialLayer
    [Key] keychain-access-groups
    [Value]
        [Array]
            [String] com.apple.sharing.appleidauthentication
            [String] com.apple.sharing.safaripasswordsharing
    [Key] com.apple.security.temporary-exception.mach-lookup.global-name
    [Value]
        [Array]
            [String] com.apple.AppleMediaServicesUIDynamicService
            [String] com.apple.imdpersistence.IMDPersistenceAgent
    [Key] com.apple.private.tcc.allow
    [Value]
        [Array]
            [String] kTCCServiceScreenCapture
            [String] kTCCServiceSystemPolicyAllFiles
            [String] kTCCServiceAddressBook
            [String] kTCCServiceCalendar
            [String] kTCCServiceReminders
            [String] kTCCServicePostEvent
            [String] kTCCServiceAppleEvents
            [String] kTCCServiceSystemPolicyRemovableVolumes
Does anyone know how to reset the default entitlements for the Finder application? Alternatively, what are the default entitlements for the Finder application running the latest Ventura (13.1)?
 
Running this displays a list of Finder entitlements that I think may have been overwritten by a third-party application.
Does anyone know how to reset the default entitlements for the Finder application? Alternatively, what are the default entitlements for the Finder application running the latest Ventura (13.1)?
If the entitlements were changed, the signing would break, and Finder is located on the Sealed System Volume so unless you've taken some extraordinary measures, there's no way the entitlements could possibly be changed. In any case, yours match the ones on this computer I'm using. Also, 13.2 is current Ventura, not 13.1.
 
If the entitlements were changed, the signing would break, and Finder is located on the Sealed System Volume so unless you've taken some extraordinary measures, there's no way the entitlements could possibly be changed. In any case, yours match the ones on this computer I'm using. Also, 13.2 is current Ventura, not 13.1.
Thanks good to know.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.