macOS: App doesn't recognise/find NSPhotoLibraryUsageDescription in Info.plist

[tipa]

Steps to Reproduce

1. Add call to await PHPhotoLibrary.RequestAuthorizationAsync(PHAccessLevel.ReadWrite) to .NET6 macOS app
2. Add NSPhotoLibraryUsageDescription to Info.plist
3. launch app

Expected Behavior

no crash

Actual Behavior

app crashes:
This app has crashed because it attempted to access privacy-sensitive data without a usage description. The app's Info.plist must contain an com.apple.security.personal-information.photos-library key with a string value explaining to the user how the app uses this data.

Comment

This worked worked previously when using Xamarin.MacOS (instead of .NET 6 macOS)

Environment

Version information

Visual Studio Community 2022 for Mac Preview
Version 17.3 Preview (17.3 build 2089)
Installation UUID: 71eca455-cb6f-426b-9b4d-b6c14394522c

Runtime
.NET 6.0.5 (64-bit)
Architecture: Arm64

Roslyn (Language Service)
4.3.0-3.22312.2+52adfb8b2dc71ed4278debcf13960f2116868608

NuGet
Version: 6.2.1.2

.NET SDK (Arm64)
SDK: /usr/local/share/dotnet/sdk/6.0.400-preview.22330.6/Sdks
SDK Versions:
	6.0.400-preview.22330.6
	6.0.302
	6.0.301
	6.0.300
	6.0.203
	6.0.202
	6.0.201
	6.0.100-rc.1.21463.6
	5.0.402 (x64 – Unsupported)
	5.0.401 (x64 – Unsupported)
	5.0.400 (x64 – Unsupported)
	5.0.302 (x64 – Unsupported)
	5.0.301 (x64 – Unsupported)
	5.0.203 (x64 – Unsupported)
	5.0.202 (x64 – Unsupported)
	5.0.201 (x64 – Unsupported)
	3.1.414 (x64 – Unsupported)
	3.1.413 (x64 – Unsupported)
	3.1.412 (x64 – Unsupported)
	3.1.411 (x64 – Unsupported)
	3.1.410 (x64 – Unsupported)
	3.1.409 (x64 – Unsupported)
	3.1.408 (x64 – Unsupported)
	3.1.407 (x64 – Unsupported)
MSBuild SDKs: /Applications/Visual Studio (Preview).app/Contents/MonoBundle/MSBuild/Current/bin/Sdks

.NET SDK (x64)
SDK Versions:
	6.0.400-preview.22330.6
	6.0.302
	6.0.301
	6.0.300
	6.0.203
	6.0.202
	6.0.201
	6.0.200
	5.0.408
	5.0.407
	5.0.406
	5.0.405
	3.1.421
	3.1.420
	3.1.419
	3.1.418
	3.1.417
	3.1.416

.NET Runtime (Arm64)
Runtime: /usr/local/share/dotnet/dotnet
Runtime Versions:
	6.0.7
	6.0.6
	6.0.5
	6.0.4
	6.0.3
	6.0.0-rc.1.21451.13
	5.0.11 (x64 – Unsupported)
	5.0.10 (x64 – Unsupported)
	5.0.9 (x64 – Unsupported)
	5.0.8 (x64 – Unsupported)
	5.0.7 (x64 – Unsupported)
	5.0.6 (x64 – Unsupported)
	5.0.5 (x64 – Unsupported)
	5.0.4 (x64 – Unsupported)
	3.1.20 (x64 – Unsupported)
	3.1.19 (x64 – Unsupported)
	3.1.18 (x64 – Unsupported)
	3.1.17 (x64 – Unsupported)
	3.1.16 (x64 – Unsupported)
	3.1.15 (x64 – Unsupported)
	3.1.14 (x64 – Unsupported)
	3.1.13 (x64 – Unsupported)

.NET Runtime (x64)
Runtime: /usr/local/share/dotnet/x64/dotnet
Runtime Versions:
	6.0.7
	6.0.6
	6.0.5
	6.0.4
	6.0.3
	6.0.2
	5.0.17
	5.0.16
	5.0.15
	5.0.14
	3.1.27
	3.1.26
	3.1.25
	3.1.24
	3.1.23
	3.1.22

Xamarin.Profiler
Version: 1.8.0.19
Location: /Applications/Xamarin Profiler.app/Contents/MacOS/Xamarin Profiler

Updater
Version: 11

Apple Developer Tools
Xcode 13.4.1 (20504)
Build 13F100

Xamarin.Mac
Version: 8.12.0.2 (Visual Studio Community)
Hash: 87f98a75e
Branch: d17-3
Build date: 2022-07-25 20:18:54-0400

Xamarin.iOS
Version: 15.12.0.2 (Visual Studio Community)
Hash: 87f98a75e
Branch: d17-3
Build date: 2022-07-25 20:18:55-0400

Xamarin Designer
Version: 17.3.0.208
Hash: 0de472ea0
Branch: remotes/origin/d17-3
Build date: 2022-07-28 19:17:21 UTC

Xamarin.Android
Not Installed

Microsoft Build of OpenJDK
Java SDK: Not Found

Eclipse Temurin JDK
Java SDK: Not Found

Android SDK Manager
Version: 17.3.0.23
Hash: 965bf40
Branch: remotes/origin/d17-3
Build date: 2022-07-28 19:17:26 UTC

Android Device Manager
Version: 0.0.0.1169
Hash: fafb1d5
Branch: fafb1d5
Build date: 2022-07-28 19:17:26 UTC

Build Information
Release ID: 1703002089
Git revision: 7084b0b25b06c8e379d0bc5dabb954adca235373
Build date: 2022-07-28 19:14:50+00
Build branch: release-17.3
Build lane: release-17.3

Operating System
Mac OS X 12.5.0
Darwin 21.6.0 Darwin Kernel Version 21.6.0
    Sat Jun 18 17:05:47 PDT 2022
    root:xnu-8020.140.41~1/RELEASE_ARM64_T8101 arm64

Build Logs

buildlog.txt

Example Project (If Possible)

test.zip

[chamons]

So when I crash in the app, I can find the following in Console:

This app has crashed because it has a hardened runtime and attempted to access privacy-sensitive data without an entitlement indicating its intent to access this data.  The app must have the 'com.apple.security.personal-information.photos-library' entitlement.

It is complaining about the missing entitlement, not the description string.

And now we get to talk about a fun new development from Apple - macOS APIs that require code signing even if the documentation doesn't state it.

For a number of privacy focused APIs, such as Photos, it seems your application must be both code signed AND hardened or tccd (Apple's entitlement daemon) will kill you on first access.

For performance reasons we don't code sign debug macOS build by default, but for cases like this (and app extensions for another) you must be code signed.

When I add this to your test project:

    <EnableCodeSigning>true</EnableCodeSigning>
    <CodesignEntitlements>Entitlements.plist</CodesignEntitlements>

and this to your Entitlements file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.app-sandbox</key>
	<true/>
	<key>com.apple.security.assets.pictures.read-only</key>
	<true/>
	<key>com.apple.security.files.user-selected.read-only</key>
	<true/>
</dict>
</plist>

The photo aspect starts working for me, but it breaks debugging in VSfM :( - I will file that shortly.

Try adding those @tipa and report back.

[ghost]

Hi @tipa. We have added the "need-info" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.

[chamons]

Filed the debugging issue in https://developercommunity.visualstudio.com/t/Unable-to-debug-NET6-macOS-Application-o/10111088?space=41&entry=problem

[tipa]

Thanks! I also had to add this to get it working, otherwise the app wouldn't launch.

<CodeSignProvision>Automatic</CodeSignProvision>

I only get a warning now when running dotnet run --framework net6.0-macos but I guess I can just ignore it?

/usr/local/share/dotnet/packs/Microsoft.macOS.Sdk/12.3.442/tools/msbuild/macOS/Xamarin.Shared.targets(2053,3): warning : Code signing has been requested multiple times for 'bin/Debug/net6.0-macos/publish/../myapp.app/Contents/MonoBundle/createdump', with different metadata. The metadata 'CodesignEntitlements' has different values for each item (once it's 'obj/Debug/net6.0-macos/osx-x64/Entitlements.xcent', another time it's 'obj/Debug/net6.0-macos/osx-arm64/Entitlements.xcent'). [/Users/tp/GitHub/myapp.csproj]

Hope the VS bug will be resolved shortly so that I can finally start working with .NET6 MacOS

[chamons]

So this warning:

/usr/local/share/dotnet/packs/Microsoft.macOS.Sdk/12.3.442/tools/msbuild/macOS/Xamarin.Shared.targets(2053,3): warning : Code signing has been requested multiple times for 'bin/Debug/net6.0-macos/publish/../myapp.app/Contents/MonoBundle/createdump', with different metadata. The metadata 'CodesignEntitlements' has different values for each item (once it's 'obj/Debug/net6.0-macos/osx-x64/Entitlements.xcent', another time it's 'obj/Debug/net6.0-macos/osx-arm64/Entitlements.xcent'). [/Users/tp/GitHub/myapp.csproj]

Is saying the build is slower than it could be, because we're not handling codesigning correctly and double signing part of the build.

Could you file a new issue and attach a binary build log? It's something we should fix in the future, but should be harmless for you.

[tipa]

Filed the debugging issue in https://developercommunity.visualstudio.com/t/Unable-to-debug-NET6-macOS-Application-o/10111088?space=41&entry=problem

@chamons is it possible to ping the VS team internally to give this issue some priority? There hasn't been any progress at all so far. At the moment it's pretty much impossible to develop a .NET 6 macOS app that needs to be signed with Entitlements.

[chamons]

I'll give them a poke, sorry for the trouble.