blob: 83ccacedc892e900254e0111b8895197cdbac970 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
Entitlements to apply to the .app bundle and all executable files
contained within it during codesigning of developer builds. These
entitlements configure hardened runtime and allow debugging of the
application. The com.apple.security.get-task-allow entitlement must be
set to true to allow debuggers to attach to application processes but
this prohibits notarization with the notary service. Aside from allowing
debugging, these entitlements enable hardened runtime protections to the
extent possible for Firefox.
-->
<plist version="1.0">
<dict>
<!-- Firefox does not use MAP_JIT for executable mappings -->
<key>com.apple.security.cs.allow-jit</key><false/>
<!-- Firefox needs to create executable pages (without MAP_JIT) -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<!-- Code paged in from disk should match the signature at page-in time -->
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
<!-- Allow loading third party libraries. Needed for Flash and CDMs -->
<key>com.apple.security.cs.disable-library-validation</key><true/>
<!-- Allow dyld environment variables. Needed because Firefox uses
dyld variables to load libaries from within the .app bundle. -->
<key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
<!-- Allow debuggers to attach to running executables -->
<key>com.apple.security.get-task-allow</key><true/>
<!-- Firefox needs to access the microphone on sites the user allows -->
<key>com.apple.security.device.audio-input</key><true/>
<!-- Firefox needs to access the camera on sites the user allows -->
<key>com.apple.security.device.camera</key><true/>
<!-- Firefox needs to access the location on sites the user allows -->
<key>com.apple.security.personal-information.location</key><true/>
<!-- For SmartCardServices(7) -->
<key>com.apple.security.smartcard</key><true/>
</dict>
</plist>
|
