diff options
Diffstat (limited to 'src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist')
-rw-r--r-- | src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist b/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist new file mode 100644 index 00000000..b1ce780b --- /dev/null +++ b/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <!-- <key>com.apple.security.cs.allow-jit</key> <true/> --> + <!-- + The following two entitlements are required for using AppleHV on Catalina. + The first entitlement allows us to have unsigned executable memory in the guests + address space like the BIOS code (and essentially all the guests address space which + is mapped as RWX). + The second entitlement is required in order to map guest memory as RWX into the + guests address space. + These entitlements are not required starting with BigSur+ where Apple has clearly + changed something in their entitlement scheme without properly documenting it. + --> + <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> + <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> + <!-- For audio input --> + <key>com.apple.security.device.audio-input</key> <true/> + <!-- For emulated webcam --> + <key>com.apple.security.device.camera</key> <true/> + <!-- For HID input monitoring --> + <key>com.apple.security.device.usb</key> <true/> + <!-- For vmnet based bridging and host-only networking --> + <key>com.apple.vm.networking</key> <true/> + <!-- For USB capturing --> + <key>com.apple.vm.device-access</key> <true/> + <!-- + The following are required for using AppleHV (need the second one for running Catalina) + but are actually stored in the provisioning profile because these are special entitlements. + --> + <!--<key>com.apple.security.hypervisor</key> <true/>--> + <!--<key>com.apple.vm.hypervisor</key> <true/>--> +</dict> +</plist> |