iPhone + Provisioning Profile + app-info.plist + entitlements.plist = iPhoneApp ? How ? What exactly does entitlemets.plist do?

To execute my application in iPhone first of all I have to add provisioning profile in to my iPhone. Good. But I don't understand the rea开发者_JAVA技巧son behind adding a entitlements.plist in iphone application in xCode under resources.

• What does that entitlements.plist file do actually ?
• Why that .plist file have only single Boolean in it ? (get-task-allow)
• Can't we add that Boolean variable to application-info.plist ?

I mean, I can't find the reason behind storing a single Boolean variable in separate plist file. Instead application-info.plist already contains many many application settings. Can't we just add this Boolean variable to application-info.plist.

Ok, any way. I know - it won't be possible. Because we have to follow - what apple says. But, here main intention behind all these was

• "what is the basic need of entitlements.plist ?" or
• "what is the functionality of entitlements.plist ?"
• "How provisioning profile, entitlements.plist, application-info.plist & iPhone application compile all together & make verification on iPhone & execute it on iPhone ? "

Entitlements is actually a security measure of iPhoneOS. Quoted from the iPhone Development Guide:

Entitlements. These files define properties that provide your application access to iPhone OS features (such as push notifications) and secure data (such as the user’s keychain).

Publicly, the only entitlement key you could use is get-task-allow, which eventually enables the ptrace() function to be used for the app, thus enabling debugging.

But there are a lot of entitlements used privately, e.g.

• task_for_pid-allow, to allow controlling other processes (via the task_for_pid() function)
• run-unsigned-code, to allow running code from this app without signature.
• com.apple.springboard.launchapplications, com.apple.springboard.wipedevice, etc.

The plist will be attached to and signed alongside the binary of the app — unlike Info.plist which is not signed. If the chain of trust is not broken, this acts as an entitlement of rights to some (dangerous) actions.