Java native binary integration with macOS/Catalyst app? No request for voice recognition permissions when native.

Code Signing Entitlements
pde5i OP
Created Jun ’22
Replies 3
Boosts 0
Views 1.5k
Participants 2

How to integrate native Java backend with macOS catalyst app UI?

  • My UI is SwiftUI/macCatalyst, using entitlements for voice recognition and microphone.
  • My back-end is from a large legacy Java code base rendered to native x86_64 binary.
  • For now they interface via stdio streams established by the native java command launching the UI app.
  • This works fine when the Java code runs on a JDK.
  • When native backend launches the UI app, the UI app fails to secure permissions (but otherwise works fine)
  • Same result when the backend is bundled with the app as if a command-line tool

Solution constraints:

  • Unlike the sample app/docs that integrate a command-line tool into an app, this binary cannot be built using XCode's Clang
  • I'd like to continue using macCatalyst, knowing this can't be deployed to iOS proper, only to macOS.
  • I can make the UI launch the backend, but don't want to do this without some assurance it would fix things :)
  • I'd rather not work through the calling conventions/wrappers to staticly link these binaries now.

Assuming the parent process needs the app entitlements, I tried:

  • To embed the java binary into the SwiftUI app?:
    • Following instructions for embedding a command-line app did not configure the backend binary with the entitlements?
  • Deploy the java binary standalone as an app with the proper entitlements?
    • Similar to above: unable to figure out how

Pointers to docs welcome. I've seen

Ideally I'd like to know how to deliver an app whose binary is entirely build using Java native (including proper entitle/sign/credential/notorize/sandbox...)

Thanks!

Answered by DTS Engineer in 719964022

But I don't know enough about Apple code signing and validation to know if I can sign and deploy (on the app store?) an app with an embedded java native binary, since it wasn't built with Apple's Clang.

Neither macOS nor the App Store require that programs be build with Clang. Java apps can be distributed independently (with Developer ID signing) and on the App Store.

Having said that, packaging and signing Java apps in a way that passes notarisation and Gatekeeper (for independent distribution) or the App Store ingestion process (for App Store distribution) can be a challenge. I have posted a bunch of general info about that here on DevForums (URLs below) but I don’t have any Java-specific advice. For that front, I recommend that you consult the support resources provided by your Java runtime vendor.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  3
Boosts  0
Views  1.5k
Participants  2
DTS Engineer OP
Apple
Jun ’22

I can make the UI launch the backend, but don't want to do this without some assurance it would fix things :)

That’s pretty easy to test, right? Create a test app with an embedded command-line tool, per Embedding a Command-Line Tool in a Sandboxed App, have the app run the command-line tool as a child process, and then trigger a TCC request in the command-line tool. My experience is that TCC is able to follow the link between such an embedded tool and its container app, but I always encourage folks to test these things for themselves.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
pde5i OP
Jul ’22

Thank you for the suggestion.

If the UI launches the back-end, the TCC request would actually come from the UI, so that doesn't present the TCC issue.

But I don't know enough about Apple code signing and validation to know if I can sign and deploy (on the app store?) an app with an embedded java native binary, since it wasn't built with Apple's Clang. Currently our deployment constraints permit a JDK (notwithstanding the enhanced risk) because we validate the java, but it would be a lot less hassle if we could deploy the native binary in the app. So homework there.

For this app, it's easier to just rewrite the back-end in swift. But we have a lot of backend Java, I'd hoped to redeploy in a similar manner.

0
DTS Engineer OP
Apple
Jul ’22
Accepted Answer

But I don't know enough about Apple code signing and validation to know if I can sign and deploy (on the app store?) an app with an embedded java native binary, since it wasn't built with Apple's Clang.

Neither macOS nor the App Store require that programs be build with Clang. Java apps can be distributed independently (with Developer ID signing) and on the App Store.

Having said that, packaging and signing Java apps in a way that passes notarisation and Gatekeeper (for independent distribution) or the App Store ingestion process (for App Store distribution) can be a challenge. I have posted a bunch of general info about that here on DevForums (URLs below) but I don’t have any Java-specific advice. For that front, I recommend that you consult the support resources provided by your Java runtime vendor.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Java native binary integration with macOS/Catalyst app? No request for voice recognition permissions when native.
First post date Last post date
 
 
Q