I'm working on an out-sourced application for a company and when a version of it built using ids and provisioning profiles from my Apple account it runs without problems.
However when it is built and run using the company's ids and provisioning profiles I am seeing an issue with it.
What is happening is when a notification service extension uses a call extension then the OS logs:
doQueryCallExtensionStatusWithDispatchGroup() COMPLETED WITH ERROR: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.CallKit.CallDirectory was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo=
NSDebugDescription=The connection to service named com.apple.CallKit.CallDirectory was invalidated: failed at lookup with error 159 - Sandbox restriction.
I noticed that in the company's provising profile for the notification service extension the app identier prefix is different from the team identifer. In my own provisioning profile the app identifier prefix and team identifer are the same. Could it be the case that this difference in identifiers within the provisioning profile is leading to the sandbox error message?
Attached is the notification service extension provisioning profle provided to me by the company (converted to a .plist for readability)
The issue here is actually this entitlement:
com.apple.developer.usernotifications.filtering
Because that entitlement can "hide" notifications, it's sandbox profile is actually more restrictive than the standard NSE sandbox. That's what's preventing access to CXCallDirectoryManager, not the App ID properties. I suspect it worked in development configuration because you didn't use the entitlement, so you never saw the issue.
-Kevin Elliott DTS Engineer, CoreOS/Hardware