summaryrefslogtreecommitdiffstats
path: root/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist
diff options
context:
space:
mode:
Diffstat (limited to 'src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist')
-rw-r--r--src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist35
1 files changed, 35 insertions, 0 deletions
diff --git a/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist b/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist
new file mode 100644
index 00000000..b1ce780b
--- /dev/null
+++ b/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <!-- <key>com.apple.security.cs.allow-jit</key> <true/> -->
+ <!--
+ The following two entitlements are required for using AppleHV on Catalina.
+ The first entitlement allows us to have unsigned executable memory in the guests
+ address space like the BIOS code (and essentially all the guests address space which
+ is mapped as RWX).
+ The second entitlement is required in order to map guest memory as RWX into the
+ guests address space.
+ These entitlements are not required starting with BigSur+ where Apple has clearly
+ changed something in their entitlement scheme without properly documenting it.
+ -->
+ <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/>
+ <key>com.apple.security.cs.disable-executable-page-protection</key> <true/>
+ <!-- For audio input -->
+ <key>com.apple.security.device.audio-input</key> <true/>
+ <!-- For emulated webcam -->
+ <key>com.apple.security.device.camera</key> <true/>
+ <!-- For HID input monitoring -->
+ <key>com.apple.security.device.usb</key> <true/>
+ <!-- For vmnet based bridging and host-only networking -->
+ <key>com.apple.vm.networking</key> <true/>
+ <!-- For USB capturing -->
+ <key>com.apple.vm.device-access</key> <true/>
+ <!--
+ The following are required for using AppleHV (need the second one for running Catalina)
+ but are actually stored in the provisioning profile because these are special entitlements.
+ -->
+ <!--<key>com.apple.security.hypervisor</key> <true/>-->
+ <!--<key>com.apple.vm.hypervisor</key> <true/>-->
+</dict>
+</plist>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-07 00:53:00 +0000