gecko-dev/security/mac/hardenedruntime/production.entitlements.xml
Haik Aftandilian b13e5d4ca0 Bug 1576733 - Part 2 - Remove the Hardened Runtime AppleEvent entitlement r=spohl
Revert bug 1570581 by removing the AppleEvent entitlement from our hardened runtime configuration for both production and development.

Now that native messaging helpers are started 'disclaimed' with a new attribution chain, the entitlement is not needed.

Differential Revision: https://phabricator.services.mozilla.com/D48029

--HG--
extra : moz-landing-system : lando
2019-11-06 04:45:03 +00:00

46 lines
2.1 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
Entitlements to apply to the .app bundle and all executable files
contained within it during codesigning of production channel builds that
will be notarized. These entitlements enable hardened runtime protections
to the extent possible for Firefox.
-->
<plist version="1.0">
<dict>
<!-- Firefox does not use MAP_JIT for executable mappings -->
<key>com.apple.security.cs.allow-jit</key><false/>
<!-- Firefox needs to create executable pages (without MAP_JIT) -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<!-- Code paged in from disk should match the signature at page in-time -->
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
<!-- Allow loading third party libraries. Needed for Flash and CDMs -->
<key>com.apple.security.cs.disable-library-validation</key><true/>
<!-- Allow dyld environment variables. Needed because Firefox uses
dyld variables to load libaries from within the .app bundle. -->
<key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
<!-- Don't allow debugging of the executable. Debuggers will be prevented
from attaching to running executables. Notarization does not permit
access to get-task-allow (as documented by Apple) so this must be
disabled on notarized builds. -->
<key>com.apple.security.get-task-allow</key><false/>
<!-- Firefox needs to access the microphone on sites the user allows -->
<key>com.apple.security.device.audio-input</key><true/>
<!-- Firefox needs to access the camera on sites the user allows -->
<key>com.apple.security.device.camera</key><true/>
<!-- Firefox needs to access the location on sites the user allows -->
<key>com.apple.security.personal-information.location</key><true/>
<!-- For SmartCardServices(7) -->
<key>com.apple.security.smartcard</key><true/>
</dict>
</plist>