darlinghq/darling-openjdk
1
0
Fork 0
mirror of https://github.com/darlinghq/darling-openjdk.git synced 2024-11-23 04:19:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

8244951: Missing entitlements for hardened runtime

Browse Source 
Reviewed-by: tbell
This commit is contained in:
Erik Joelsson 2020-05-15 06:14:17 -07:00
parent 7c547d72d2
commit 88730990d7
4 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
make/common/NativeCompilation.gmk
View File

@ -266,6 +266,19 @@ else
endif
endif
################################################################################
# GetEntitlementsFile
# Find entitlements file for executable when signing on macosx. If no
# specialized file is found, returns the default file.
# $1 Executable to find entitlements file for.
ENTITLEMENTS_DIR := $(TOPDIR)/make/data/macosxsigning
DEFAULT_ENTITLEMENTS_FILE := $(ENTITLEMENTS_DIR)/default.plist
GetEntitlementsFile = \
$(foreach f, $(ENTITLEMENTS_DIR)/$(strip $(notdir $1)).plist, \
$(if $(wildcard $f), $f, $(DEFAULT_ENTITLEMENTS_FILE)) \
)
################################################################################
# Create the recipe needed to compile a single native source file.
#
@ -1183,7 +1196,7 @@ define SetupNativeCompilationBody
# silently fail otherwise.
ifneq ($(CODESIGN), )
$(CODESIGN) -s "$(MACOSX_CODESIGN_IDENTITY)" --timestamp --options runtime \
--entitlements $(TOPDIR)/make/data/macosxsigning/entitlements.plist $$@
--entitlements $$(call GetEntitlementsFile, $$@) $$@
endif
endif

0
make/data/macosxsigning/entitlements.plist → make/data/macosxsigning/default.plist
View File

18
make/data/macosxsigning/java.plist Normal file
View File

@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.debugger</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
</dict>
</plist>

8
make/data/macosxsigning/jspawnhelper.plist Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
</dict>
</plist>