Don't build using restricted entitlements by default.

MessagesBridge.xcodeproj/project.pbxproj

@@ -238,7 +238,7 @@
 		CD83E161219BE91500F4CCEA /* libagentHook.dylib */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; includeInIndex = 0; path = libagentHook.dylib; sourceTree = BUILT_PRODUCTS_DIR; };
 		CD83E165219BE91600F4CCEA /* agentHook.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = agentHook.m; sourceTree = "<group>"; };
 		CD83E1B5219BF78E00F4CCEA /* hookAgent.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = hookAgent.sh; sourceTree = "<group>"; };
-		CD936A2F289B31740093A1AC /* kordophoned-Entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "kordophoned-Entitlements.plist"; sourceTree = "<group>"; };
+		CD936A2F289B31740093A1AC /* kordophoned-RestrictedEntitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "kordophoned-RestrictedEntitlements.plist"; sourceTree = "<group>"; };
 		CD936A30289B353F0093A1AC /* MBIMErrorResponse.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MBIMErrorResponse.h; sourceTree = "<group>"; };
 		CD936A31289B353F0093A1AC /* MBIMErrorResponse.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MBIMErrorResponse.m; sourceTree = "<group>"; };
 		CDDCF78B283F398C0087ABDF /* MBIMDeleteConversationOperation.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MBIMDeleteConversationOperation.h; sourceTree = "<group>"; };
@@ -580,7 +580,7 @@
 				1A0C446D219A4BCD00F2AC00 /* Bridge */,
 				CDF62334219A895D00690038 /* main.m */,
 				1AAB32B221F835BD004A2A72 /* KPServer.pch */,
-				CD936A2F289B31740093A1AC /* kordophoned-Entitlements.plist */,
+				CD936A2F289B31740093A1AC /* kordophoned-RestrictedEntitlements.plist */,
 			);
 			path = kordophone;
 			sourceTree = "<group>";
@@ -1132,7 +1132,6 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_ENABLE_MODULES = NO;
-				CODE_SIGN_ENTITLEMENTS = "kordophone/kordophoned-Entitlements.plist";
 				CODE_SIGN_IDENTITY = "-";
 				CODE_SIGN_STYLE = Automatic;
 				GCC_PREFIX_HEADER = kordophone/KPServer.pch;
@@ -1149,7 +1148,6 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_ENABLE_MODULES = NO;
-				CODE_SIGN_ENTITLEMENTS = "kordophone/kordophoned-Entitlements.plist";
 				CODE_SIGN_IDENTITY = "-";
 				CODE_SIGN_STYLE = Automatic;
 				GCC_PREFIX_HEADER = kordophone/KPServer.pch;

README.md

@@ -7,6 +7,9 @@ sudo defaults write /Library/Preferences/com.apple.security.coderequirements Ent
 
 Maybe a better thing to do is to DYLD_PRELOAD `imagent` and swizzle `IMDAuditTokenTaskHasEntitlement` to always return YES. 
 
+Included in the project is "kordophoned-RestrictedEntitlements.plist", which contains all necessary restricted entitlements. 
+On production macOS builds, the kernel will kill kordophoned immediately if it's signed using restricted entitlements, so agent hook is a
+better option when running on prod machines. By default, the project is configured to ignore kordophoned-RestrictedEntitlements.plist when building. 
 
 ## Building/linking 
 If you get dyld errors running from the command line, use `install_name_tool` to update the @rpath (where @rpath points to where linked Frameworks like GCDWebServer is).