diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
| commit | 2aa4a82499d4becd2284cdb482213d541b8804dd (patch) | |
| tree | b80bf8bf13c3766139fbacc530efd0dd9d54394c /security/mac/hardenedruntime/developer.entitlements.xml | |
| parent | Initial commit. (diff) | |
| download | firefox-2aa4a82499d4becd2284cdb482213d541b8804dd.tar.xz firefox-2aa4a82499d4becd2284cdb482213d541b8804dd.zip | |
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/mac/hardenedruntime/developer.entitlements.xml')
| -rw-r--r-- | security/mac/hardenedruntime/developer.entitlements.xml | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/security/mac/hardenedruntime/developer.entitlements.xml b/security/mac/hardenedruntime/developer.entitlements.xml new file mode 100644 index 0000000000..83ccacedc8 --- /dev/null +++ b/security/mac/hardenedruntime/developer.entitlements.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<!-- + Entitlements to apply to the .app bundle and all executable files + contained within it during codesigning of developer builds. These + entitlements configure hardened runtime and allow debugging of the + application. The com.apple.security.get-task-allow entitlement must be + set to true to allow debuggers to attach to application processes but + this prohibits notarization with the notary service. Aside from allowing + debugging, these entitlements enable hardened runtime protections to the + extent possible for Firefox. +--> +<plist version="1.0"> + <dict> + <!-- Firefox does not use MAP_JIT for executable mappings --> + <key>com.apple.security.cs.allow-jit</key><false/> + + <!-- Firefox needs to create executable pages (without MAP_JIT) --> + <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> + + <!-- Code paged in from disk should match the signature at page-in time --> + <key>com.apple.security.cs.disable-executable-page-protection</key><false/> + + <!-- Allow loading third party libraries. Needed for Flash and CDMs --> + <key>com.apple.security.cs.disable-library-validation</key><true/> + + <!-- Allow dyld environment variables. Needed because Firefox uses + dyld variables to load libaries from within the .app bundle. --> + <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/> + + <!-- Allow debuggers to attach to running executables --> + <key>com.apple.security.get-task-allow</key><true/> + + <!-- Firefox needs to access the microphone on sites the user allows --> + <key>com.apple.security.device.audio-input</key><true/> + + <!-- Firefox needs to access the camera on sites the user allows --> + <key>com.apple.security.device.camera</key><true/> + + <!-- Firefox needs to access the location on sites the user allows --> + <key>com.apple.security.personal-information.location</key><true/> + + <!-- For SmartCardServices(7) --> + <key>com.apple.security.smartcard</key><true/> + </dict> +</plist> |