Bug 1779816 - Don't specify entitlements that use the default setting of false r=mac-reviewers,bradwerth

Cleanup our entitlement files by removing entitlements that use the default setting of false.

production.entitlements.xml and developer.entitlements.xml are used today.

The browser and plugin-container entitlement lists will be used when we enable using different entitlements for parent and child processes.

Differential Revision: https://phabricator.services.mozilla.com/D151943

security/mac/hardenedruntime/browser.developer.entitlements.xml

@@ -1,20 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <!--
-     Entitlements to apply to the .app bundle and main browser process
-     executable during codesigning of developer builds.
+    Entitlements to apply to the main browser process executable during
+    codesigning of developer builds.
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox does not use MAP_JIT for executable mappings -->
-    <key>com.apple.security.cs.allow-jit</key><false/>
-
     <!-- Firefox needs to create executable pages (without MAP_JIT) -->
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
 
-    <!-- Code paged in from disk should match the signature at page-in time -->
-    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>
-
     <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 

security/mac/hardenedruntime/browser.production.entitlements.xml

@@ -1,32 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <!--
-     Entitlements to apply to the .app bundle and main browser process
-     executable during codesigning of production channel builds.
+     Entitlements to apply to the main browser process executable during
+     codesigning of production channel builds.
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox does not use MAP_JIT for executable mappings -->
-    <key>com.apple.security.cs.allow-jit</key><false/>
-
     <!-- Firefox needs to create executable pages (without MAP_JIT) -->
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
 
-    <!-- Code paged in from disk should match the signature at page in-time -->
-    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>
-
     <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 
-    <!-- Don't allow dyld environment variables -->
-    <key>com.apple.security.cs.allow-dyld-environment-variables</key><false/>
-
-    <!-- Don't allow debugging of the executable. Debuggers will be prevented
-         from attaching to running executables. Notarization does not permit
-         access to get-task-allow (as documented by Apple) so this must be
-         disabled on notarized builds. -->
-    <key>com.apple.security.get-task-allow</key><false/>
-
     <!-- Firefox needs to access the microphone on sites the user allows -->
     <key>com.apple.security.device.audio-input</key><true/>
 

security/mac/hardenedruntime/developer.entitlements.xml

@@ -14,15 +14,9 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox does not use MAP_JIT for executable mappings -->
-    <key>com.apple.security.cs.allow-jit</key><false/>
-
     <!-- Firefox needs to create executable pages (without MAP_JIT) -->
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
 
-    <!-- Code paged in from disk should match the signature at page-in time -->
-    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>
-
     <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 

security/mac/hardenedruntime/plugin-container.developer.entitlements.xml

@@ -6,15 +6,9 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox does not use MAP_JIT for executable mappings -->
-    <key>com.apple.security.cs.allow-jit</key><false/>
-
     <!-- Firefox needs to create executable pages (without MAP_JIT) -->
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
 
-    <!-- Code paged in from disk should match the signature at page-in time -->
-    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>
-
     <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 

security/mac/hardenedruntime/plugin-container.production.entitlements.xml

@@ -6,27 +6,12 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox does not use MAP_JIT for executable mappings -->
-    <key>com.apple.security.cs.allow-jit</key><false/>
-
     <!-- Firefox needs to create executable pages (without MAP_JIT) -->
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
 
-    <!-- Code paged in from disk should match the signature at page in-time -->
-    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>
-
     <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 
-    <!-- Don't allow dyld environment variables -->
-    <key>com.apple.security.cs.allow-dyld-environment-variables</key><false/>
-
-    <!-- Don't allow debugging of the executable. Debuggers will be prevented
-         from attaching to running executables. Notarization does not permit
-         access to get-task-allow (as documented by Apple) so this must be
-         disabled on notarized builds. -->
-    <key>com.apple.security.get-task-allow</key><false/>
-
     <!-- Firefox needs to access the microphone on sites the user allows -->
     <key>com.apple.security.device.audio-input</key><true/>
 

security/mac/hardenedruntime/production.entitlements.xml

@@ -5,27 +5,12 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox does not use MAP_JIT for executable mappings -->
-    <key>com.apple.security.cs.allow-jit</key><false/>
-
     <!-- Firefox needs to create executable pages (without MAP_JIT) -->
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
 
-    <!-- Code paged in from disk should match the signature at page in-time -->
-    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>
-
     <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 
-    <!-- Don't allow dyld environment variables -->
-    <key>com.apple.security.cs.allow-dyld-environment-variables</key><false/>
-
-    <!-- Don't allow debugging of the executable. Debuggers will be prevented
-         from attaching to running executables. Notarization does not permit
-         access to get-task-allow (as documented by Apple) so this must be
-         disabled on notarized builds. -->
-    <key>com.apple.security.get-task-allow</key><false/>
-
     <!-- Firefox needs to access the microphone on sites the user allows -->
     <key>com.apple.security.device.audio-input</key><true/>