mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1779816 - Don't specify entitlements that use the default setting of false r=mac-reviewers,bradwerth 

Cleanup our entitlement files by removing entitlements that use the default setting of false.

production.entitlements.xml and developer.entitlements.xml are used today.

The browser and plugin-container entitlement lists will be used when we enable using different entitlements for parent and child processes.

Differential Revision: https://phabricator.services.mozilla.com/D151943
This commit is contained in:
Haik Aftandilian 2022-07-15 19:30:47 +00:00
Родитель 65ee6ac311
Коммит a064a6ac2d
6 изменённых файлов: 4 добавлений и 67 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
security/mac/hardenedruntime/browser.developer.entitlements.xml
Просмотреть файл

@ -1,20 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- <!--
Entitlements to apply to the .app bundle and main browser process Entitlements to apply to the main browser process executable during
executable during codesigning of developer builds. codesigning of developer builds.
--> -->
<plist version="1.0"> <plist version="1.0">
<dict> <dict>
<!-- Firefox does not use MAP_JIT for executable mappings -->
<key>com.apple.security.cs.allow-jit</key><false/>
<!-- Firefox needs to create executable pages (without MAP_JIT) --> <!-- Firefox needs to create executable pages (without MAP_JIT) -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<!-- Code paged in from disk should match the signature at page-in time -->
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
<!-- Allow loading third party libraries. Needed for Flash and CDMs --> <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
<key>com.apple.security.cs.disable-library-validation</key><true/> <key>com.apple.security.cs.disable-library-validation</key><true/>

19
security/mac/hardenedruntime/browser.production.entitlements.xml
Просмотреть файл

@ -1,32 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- <!--
Entitlements to apply to the .app bundle and main browser process Entitlements to apply to the main browser process executable during
executable during codesigning of production channel builds. codesigning of production channel builds.
--> -->
<plist version="1.0"> <plist version="1.0">
<dict> <dict>
<!-- Firefox does not use MAP_JIT for executable mappings -->
<key>com.apple.security.cs.allow-jit</key><false/>
<!-- Firefox needs to create executable pages (without MAP_JIT) --> <!-- Firefox needs to create executable pages (without MAP_JIT) -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<!-- Code paged in from disk should match the signature at page in-time -->
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
<!-- Allow loading third party libraries. Needed for Flash and CDMs --> <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
<key>com.apple.security.cs.disable-library-validation</key><true/> <key>com.apple.security.cs.disable-library-validation</key><true/>
<!-- Don't allow dyld environment variables -->
<key>com.apple.security.cs.allow-dyld-environment-variables</key><false/>
<!-- Don't allow debugging of the executable. Debuggers will be prevented
from attaching to running executables. Notarization does not permit
access to get-task-allow (as documented by Apple) so this must be
disabled on notarized builds. -->
<key>com.apple.security.get-task-allow</key><false/>
<!-- Firefox needs to access the microphone on sites the user allows --> <!-- Firefox needs to access the microphone on sites the user allows -->
<key>com.apple.security.device.audio-input</key><true/> <key>com.apple.security.device.audio-input</key><true/>

6
security/mac/hardenedruntime/developer.entitlements.xml
Просмотреть файл

@ -14,15 +14,9 @@
--> -->
<plist version="1.0"> <plist version="1.0">
<dict> <dict>
<!-- Firefox does not use MAP_JIT for executable mappings -->
<key>com.apple.security.cs.allow-jit</key><false/>
<!-- Firefox needs to create executable pages (without MAP_JIT) --> <!-- Firefox needs to create executable pages (without MAP_JIT) -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<!-- Code paged in from disk should match the signature at page-in time -->
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
<!-- Allow loading third party libraries. Needed for Flash and CDMs --> <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
<key>com.apple.security.cs.disable-library-validation</key><true/> <key>com.apple.security.cs.disable-library-validation</key><true/>

6
security/mac/hardenedruntime/plugin-container.developer.entitlements.xml
Просмотреть файл

@ -6,15 +6,9 @@
--> -->
<plist version="1.0"> <plist version="1.0">
<dict> <dict>
<!-- Firefox does not use MAP_JIT for executable mappings -->
<key>com.apple.security.cs.allow-jit</key><false/>
<!-- Firefox needs to create executable pages (without MAP_JIT) --> <!-- Firefox needs to create executable pages (without MAP_JIT) -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<!-- Code paged in from disk should match the signature at page-in time -->
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
<!-- Allow loading third party libraries. Needed for Flash and CDMs --> <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
<key>com.apple.security.cs.disable-library-validation</key><true/> <key>com.apple.security.cs.disable-library-validation</key><true/>

15
security/mac/hardenedruntime/plugin-container.production.entitlements.xml
Просмотреть файл

@ -6,27 +6,12 @@
--> -->
<plist version="1.0"> <plist version="1.0">
<dict> <dict>
<!-- Firefox does not use MAP_JIT for executable mappings -->
<key>com.apple.security.cs.allow-jit</key><false/>
<!-- Firefox needs to create executable pages (without MAP_JIT) --> <!-- Firefox needs to create executable pages (without MAP_JIT) -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<!-- Code paged in from disk should match the signature at page in-time -->
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
<!-- Allow loading third party libraries. Needed for Flash and CDMs --> <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
<key>com.apple.security.cs.disable-library-validation</key><true/> <key>com.apple.security.cs.disable-library-validation</key><true/>
<!-- Don't allow dyld environment variables -->
<key>com.apple.security.cs.allow-dyld-environment-variables</key><false/>
<!-- Don't allow debugging of the executable. Debuggers will be prevented
from attaching to running executables. Notarization does not permit
access to get-task-allow (as documented by Apple) so this must be
disabled on notarized builds. -->
<key>com.apple.security.get-task-allow</key><false/>
<!-- Firefox needs to access the microphone on sites the user allows --> <!-- Firefox needs to access the microphone on sites the user allows -->
<key>com.apple.security.device.audio-input</key><true/> <key>com.apple.security.device.audio-input</key><true/>

15
security/mac/hardenedruntime/production.entitlements.xml
Просмотреть файл

@ -5,27 +5,12 @@
--> -->
<plist version="1.0"> <plist version="1.0">
<dict> <dict>
<!-- Firefox does not use MAP_JIT for executable mappings -->
<key>com.apple.security.cs.allow-jit</key><false/>
<!-- Firefox needs to create executable pages (without MAP_JIT) --> <!-- Firefox needs to create executable pages (without MAP_JIT) -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<!-- Code paged in from disk should match the signature at page in-time -->
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
<!-- Allow loading third party libraries. Needed for Flash and CDMs --> <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
<key>com.apple.security.cs.disable-library-validation</key><true/> <key>com.apple.security.cs.disable-library-validation</key><true/>
<!-- Don't allow dyld environment variables -->
<key>com.apple.security.cs.allow-dyld-environment-variables</key><false/>
<!-- Don't allow debugging of the executable. Debuggers will be prevented
from attaching to running executables. Notarization does not permit
access to get-task-allow (as documented by Apple) so this must be
disabled on notarized builds. -->
<key>com.apple.security.get-task-allow</key><false/>
<!-- Firefox needs to access the microphone on sites the user allows --> <!-- Firefox needs to access the microphone on sites the user allows -->
<key>com.apple.security.device.audio-input</key><true/> <key>com.apple.security.device.audio-input</key><true/>