Giters

microsoft / onnxruntime

ONNX Runtime: cross-platform, high performance ML inferencing and training accelerator

Home Page:https://onnxruntime.ai

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Mobile] [iOS] Declare NSPrivacyAccessedAPICategorySystemBootTime API Usage in onnxruntime-objc

dthaibao opened this issue · comments

commented

Describe the issue

When adding onnxruntime-objc to an iOS app and submitting to the Apple App Store, Apple has flagged the usage of the NSPrivacyAccessedAPICategorySystemBootTime API. According to App Store review guidelines, any usage of sensitive APIs requires a declaration of the reason for the API's usage.

One way of deal with this issue is declare onnxruntime-objc at the dynamic library. However, I cannot do that because onnxruntime-objc depends on static libraries.

To reproduce

  1. Declare the library onnxruntime-objc in Podfile
    pod 'onnxruntime-objc', '1.17.3'
  2. Run pod install
  3. Submit your app to TestFlight in AppleStoreConnect for beta review
  4. Apple send an email warning that the usage of NSPrivacyAccessedAPICategorySystemBootTime is not declared in privacy app manifest with the message:
ITMS-91053: Missing API declaration - Your app's code in the
XXX file references one or more APIs that require reasons, including the following API categories:
NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app's privacy manifest to provide approved reasons for these APls used by your app's code. For more details about this policy, including a list of required reason APIs and approved reasons for
usage, visit:
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

Urgency

This is urgent, since the library must include the reason before May 1, 2024.

Platform

iOS

OS Version

any iOS version

ONNX Runtime Installation

Released Package

Compiler Version (if 'Built from Source')

No response

Package Name (if 'Released Package')

onnxruntime-objc/onnxruntime-c

ONNX Runtime Version or Commit ID

1.17.3

ONNX Runtime API

Objective-C/Swift

Architecture

ARM64

Execution Provider

Default CPU

Execution Provider Library Version

No response

commented

This is coming indirectly from the protobuf library that CoreML uses to define the model format.

Have added changes to patch the protobuf headers in the version of protobuf we're using to avoid the issue. More details in the PR.

Will be in the next release in a few weeks. Unfortunately that's the soonest we can fix it.

Short-term alternative would be to build the onnxruntime-c pod locally with those changes. On a mac, if you checkout the onnxruntime repo you can run this script to do that

python3 tools/ci_build/github/apple/build_apple_framework.py --build_dir build/iOS_framework_full tools/ci_build/github/apple/default_full_ios_framework_build_settings.json

commented

Sorry - one correction. That script will build an xcframework. To build the cocoapods locally you'd need to run
python3 tools/ci_build/github/apple/build_and_assemble_apple_pods.py --variant Full --build-settings-file tools/ci_build/github/apple/default_full_apple_framework_build_settings.json

usage: build_and_assemble_apple_pods.py [-h] [--build-dir BUILD_DIR] [--staging-dir STAGING_DIR] [--pod-version POD_VERSION] [--variant {Full,Mobile,Training}] [--test]
                                        [--include-ops-by-config INCLUDE_OPS_BY_CONFIG] --build-settings-file BUILD_SETTINGS_FILE [-b BUILD_APPLE_FRAMEWORK_EXTRA_ARGS]

Builds an iOS framework and uses it to assemble iOS pod package files.

optional arguments:
  -h, --help            show this help message and exit
  --build-dir BUILD_DIR
                        The build directory. This will contain the iOS framework build output. (default: /Users/me/src/github/ort/build/apple_framework)
  --staging-dir STAGING_DIR
                        The staging directory. This will contain the iOS pod package files. The pod package files do not have dependencies on files in the build directory. (default:
                        /Users/me/src/github/ort/build/apple_pod_staging)
  --pod-version POD_VERSION
                        The version string of the pod. The same version is used for all pods. (default: 1.19.0-local)
  --variant {Full,Mobile,Training}
                        Pod package variant. (default: Mobile)
  --test                Run tests on the framework and pod package files. (default: False)

iOS framework build arguments:
  See the corresponding arguments in build_apple_framework.py for details.

  --include-ops-by-config INCLUDE_OPS_BY_CONFIG
  --build-settings-file BUILD_SETTINGS_FILE
                        The positional argument of build_apple_framework.py. (default: None)
  -b BUILD_APPLE_FRAMEWORK_EXTRA_ARGS, --build-apple-framework-arg BUILD_APPLE_FRAMEWORK_EXTRA_ARGS
                        Pass an argument through to build_apple_framework.py. This may be specified multiple times. (default: [])
commented

thanks @skottmckay for a quick response