diff options
Diffstat (limited to 'src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist')
-rw-r--r-- | src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist b/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist new file mode 100644 index 00000000..3587afb0 --- /dev/null +++ b/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <!-- <key>com.apple.security.cs.allow-jit</key> <true/> --> + <!-- <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> --> + <!-- + The following two are required here even though they apply only to the VM + process. The issue is that TCC is looking up the primary bundle for these entitlements + and crashes the VM process if the entitlements are not here even though they are used + in the VM process only. This is not documented anywhere by Apple. + From Console.app when these are missing: + + tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: + kTCCServiceMicrophone requires entitlement com.apple.security.device.audio-input but it is missing for + RESP:{ + ID: org.virtualbox.app.VirtualBox, + PID[17253], + auid: 501, + euid: 501, + responsible path: '/Applications/VirtualBox.app/Contents/MacOS/VirtualBox', + binary path: '/Applications/VirtualBox.app/Contents/MacOS/VirtualBox' + }, + REQ:{ + ID: org.virtualbox.app.VirtualBoxVM, + PID[17331], + auid: 501, + euid: 501, + binary path: '/Applications/VirtualBox.app/Contents/Resources/VirtualBoxVM.app/Contents/MacOS/VirtualBoxVM' + } + --> + <!-- For audio input --> + <key>com.apple.security.device.audio-input</key> <true/> + <!-- For emulated webcam --> + <key>com.apple.security.device.camera</key> <true/> +</dict> +</plist> |