Oracle introduced their Mobile Security Suite last year and over the past few months we’ve had a chance to work with this exciting new product. One key piece of this product is the containerization tool, which containerizes and signs app to enable the secure tunnel, authentication through the secure container, encryption, etc.
Recently we had an issue when we tried to containerize an iOS app developed with the new Swift language. After we containerized and signed the app, we saw this error when running the app on the device itself:
Error: /private/var/mobile/Containers/Bundle/Application/1291513D-A7C0-46FF-91B6-39F41B8C3A82/Directory.app/Frameworks/libswiftCore.dylib not valid: 0xe8008018: The identity used to sign the executable is no longer valid.
It turns out what was happening is the c14n tool is not signing the Swift libs. After some trial and error, we found a solution by updating the c14n script to include the new Swift libs.
To fix the issue, add the following lines to the c14n script (ios-c14n) in the /opt/Oracle/omss/bin directory, starting around line 1414:
output “”
output “==> Code sign the library ${APP_TMPDIR}/Payload/${APP_BUNDLE}/libswiftCore.dylib”
/usr/bin/codesign -vv –verbose=4 –force –sign “${C14N_CERT_NAME}” “${APP_TMPDIR}/Payload/${APP_BUNDLE}/Frameworks/libswiftCore.dylib” &> “${TMPOUT}”
check_status “codesign libswiftCore.dylib”
output_from_file “${TMPOUT}”
output “”
output “==> Code sign the library ${APP_TMPDIR}/Payload/${APP_BUNDLE}/libswiftCoreImage.dylib”
/usr/bin/codesign -vv –verbose=4 –force –sign “${C14N_CERT_NAME}” “${APP_TMPDIR}/Payload/${APP_BUNDLE}/Frameworks/libswiftCoreImage.dylib” &> “${TMPOUT}”
check_status “codesign libswiftCoreImage.dylib”
output_from_file “${TMPOUT}”
output “”
output “==> Code sign the library ${APP_TMPDIR}/Payload/${APP_BUNDLE}/libswiftDispatch.dylib”
/usr/bin/codesign -vv –verbose=4 –force –sign “${C14N_CERT_NAME}” “${APP_TMPDIR}/Payload/${APP_BUNDLE}/Frameworks/libswiftDispatch.dylib” &> “${TMPOUT}”
check_status “codesign libswiftDispatch.dylib”
output_from_file “${TMPOUT}”
output “”
output “==> Code sign the library ${APP_TMPDIR}/Payload/${APP_BUNDLE}/libswiftObjectiveC.dylib”
/usr/bin/codesign -vv –verbose=4 –force –sign “${C14N_CERT_NAME}” “${APP_TMPDIR}/Payload/${APP_BUNDLE}/Frameworks/libswiftObjectiveC.dylib” &> “${TMPOUT}”
check_status “codesign libswiftObjectiveC.dylib”
output_from_file “${TMPOUT}”
output “”
output “==> Code sign the library ${APP_TMPDIR}/Payload/${APP_BUNDLE}/libswiftUIKit.dylib”
/usr/bin/codesign -vv –verbose=4 –force –sign “${C14N_CERT_NAME}” “${APP_TMPDIR}/Payload/${APP_BUNDLE}/Frameworks/libswiftUIKit.dylib” &> “${TMPOUT}”
check_status “codesign libswiftUIKit.dylib”
output_from_file “${TMPOUT}”
output “”
output “==> Code sign the library ${APP_TMPDIR}/Payload/${APP_BUNDLE}/libswiftCoreGraphics.dylib”
/usr/bin/codesign -vv –verbose=4 –force –sign “${C14N_CERT_NAME}” “${APP_TMPDIR}/Payload/${APP_BUNDLE}/Frameworks/libswiftCoreGraphics.dylib” &> “${TMPOUT}”
check_status “codesign libswiftCoreGraphics.dylib”
output_from_file “${TMPOUT}”
output “”
output “==> Code sign the library ${APP_TMPDIR}/Payload/${APP_BUNDLE}/libswiftDarwin.dylib”
/usr/bin/codesign -vv –verbose=4 –force –sign “${C14N_CERT_NAME}” “${APP_TMPDIR}/Payload/${APP_BUNDLE}/Frameworks/libswiftDarwin.dylib” &> “${TMPOUT}”
check_status “codesign libswiftDarwin.dylib”
output_from_file “${TMPOUT}”
output “”
output “==> Code sign the library ${APP_TMPDIR}/Payload/${APP_BUNDLE}/libswiftFoundation.dylib”
/usr/bin/codesign -vv –verbose=4 –force –sign “${C14N_CERT_NAME}” “${APP_TMPDIR}/Payload/${APP_BUNDLE}/Frameworks/libswiftFoundation.dylib” &> “${TMPOUT}”
check_status “codesign libswiftFoundation.dylib”
output_from_file “${TMPOUT}”
output “”
output “==> Code sign the library ${APP_TMPDIR}/Payload/${APP_BUNDLE}/libswiftSecurity.dylib”
/usr/bin/codesign -vv –verbose=4 –force –sign “${C14N_CERT_NAME}” “${APP_TMPDIR}/Payload/${APP_BUNDLE}/Frameworks/libswiftSecurity.dylib” &> “${TMPOUT}”
check_status “codesign libswiftSecurity.dylib”
output_from_file “${TMPOUT}”
I’m told that technically Swift apps are not yet supported by OMSS, so I would advise checking with Oracle before deploying any production app containerized in this way. At the very least, this solution will let you evaluate and test the OMSS product until Oracle announces official support.
Want to test drive OMSS? Check out the IDMWORKS OMSS Demo today.
Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.