gecko-dev/security/mac/hardenedruntime/developer.entitlements.xml
Haik Aftandilian 3ad0ca9116 Bug 1570581 - Starting with Firefox 68.0.1, Adobe Acrobat Extension for Firefox fails to send apple events to target application (Acrobat) r=handyman
Relax our Hardened Runtime settings to allow the com.apple.security.automation.apple-events entitlement so that native messaging webextension helper apps (which are launched by and are child processes of Firefox) can use Apple Events to signal other processes. This will apply to Firefox and all child processes.

Differential Revision: https://phabricator.services.mozilla.com/D42929

--HG--
extra : moz-landing-system : lando
2019-08-21 18:42:55 +00:00

51 lines
2.5 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
Entitlements to apply to the .app bundle and all executable files
contained within it during codesigning of developer builds. These
entitlements configure hardened runtime and allow debugging of the
application. The com.apple.security.get-task-allow entitlement must be
set to true to allow debuggers to attach to application processes but
this prohibits notarization with the notary service. Aside from allowing
debugging, these entitlements enable hardened runtime protections to the
extent possible for Firefox. Supporting binaries within the bundle could
use more restrictive entitlements, but they are launched by the main
Firefox process and therefore inherit the parent process entitlements.
-->
<plist version="1.0">
<dict>
<!-- Firefox does not use MAP_JIT for executable mappings -->
<key>com.apple.security.cs.allow-jit</key><false/>
<!-- Firefox needs to create executable pages (without MAP_JIT) -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<!-- Code paged in from disk should match the signature at page-in time -->
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
<!-- Allow loading third party libraries. Needed for Flash and CDMs -->
<key>com.apple.security.cs.disable-library-validation</key><true/>
<!-- Allow dyld environment variables. Needed because Firefox uses
dyld variables to load libaries from within the .app bundle. -->
<key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
<!-- Allow debuggers to attach to running executables -->
<key>com.apple.security.get-task-allow</key><true/>
<!-- Firefox needs to access the microphone on sites the user allows -->
<key>com.apple.security.device.audio-input</key><true/>
<!-- Firefox needs to access the camera on sites the user allows -->
<key>com.apple.security.device.camera</key><true/>
<!-- Firefox needs to access the location on sites the user allows -->
<key>com.apple.security.personal-information.location</key><true/>
<!-- Allow Firefox to send Apple events to other applications. Needed
for native messaging webextension helper applications launched by
Firefox which rely on Apple Events to signal other processes. -->
<key>com.apple.security.automation.apple-events</key><true/>
</dict>
</plist>