1 files changed, 37 insertions, 0 deletions

diff --git a/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist b/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist
new file mode 100644
index 00000000..3587afb0
--- /dev/null
+++ b/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <!-- <key>com.apple.security.cs.allow-jit</key>                          <true/> -->
+    <!-- <key>com.apple.security.cs.allow-unsigned-executable-memory</key>   <true/> -->
+    <!--
+      The following two are required here even though they apply only to the VM
+      process. The issue is that TCC is looking up the primary bundle for these entitlements
+      and crashes the VM process if the entitlements are not here even though they are used
+      in the VM process only. This is not documented anywhere by Apple.
+      From Console.app when these are missing:
+
+        tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service:
+            kTCCServiceMicrophone requires entitlement com.apple.security.device.audio-input but it is missing for
+                RESP:{
+                    ID: org.virtualbox.app.VirtualBox,
+                    PID[17253],
+                    auid: 501,
+                    euid: 501,
+                    responsible path: '/Applications/VirtualBox.app/Contents/MacOS/VirtualBox',
+                    binary path: '/Applications/VirtualBox.app/Contents/MacOS/VirtualBox'
+                },
+                REQ:{
+                    ID: org.virtualbox.app.VirtualBoxVM,
+                    PID[17331],
+                    auid: 501,
+                    euid: 501,
+                    binary path: '/Applications/VirtualBox.app/Contents/Resources/VirtualBoxVM.app/Contents/MacOS/VirtualBoxVM'
+                }
+    -->
+    <!-- For audio input -->
+    <key>com.apple.security.device.audio-input</key>                    <true/>
+    <!-- For emulated webcam -->
+    <key>com.apple.security.device.camera</key>                         <true/>
+</dict>
+</plist>