Bug 1474451 - Deploy Enhanced Runtime on Mac without the allow-unsigned-executable-memory entitlement r=spohl,florian,dthayer

Remove the allow-unsigned-executable-memory entitlement and temporarily disable PoisonIOInterposer on x64 macOS.

On Mac, the PoinsonIOInterposer is already limited to x64 and only enabled on Nightly and early Beta. Disable it for now to be re-enabled on Nightly-only after dynamic memory disablement ships and is also re-enabled on Nightly-only. Observability of IO on x64 macOS will be impacted until PoinsonIOInterposer is re-enabled.

Differential Revision: https://phabricator.services.mozilla.com/D204566

security/mac/hardenedruntime/v2/developer/browser.xml

@@ -6,10 +6,7 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox needs to create executable pages without MAP_JIT on x64 -->
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
-
-    <!-- Firefox needs to create executable pages with MAP_JIT on aarch64 -->
+    <!-- Firefox needs to create executable pages with MAP_JIT -->
     <key>com.apple.security.cs.allow-jit</key><true/>
 
     <!-- For dev builds only, allow loading third party libraries as a

security/mac/hardenedruntime/v2/developer/plugin-container.xml

@@ -6,10 +6,7 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox needs to create executable pages without MAP_JIT on x64 -->
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
-
-    <!-- Firefox needs to create executable pages with MAP_JIT on aarch64 -->
+    <!-- Firefox needs to create executable pages with MAP_JIT -->
     <key>com.apple.security.cs.allow-jit</key><true/>
 
     <!-- Allow dyld environment variables for debugging -->

security/mac/hardenedruntime/v2/production/firefox.browser.xml

@@ -6,9 +6,6 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox needs to create executable pages (without MAP_JIT) -->
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
-
     <!-- Allow loading third party libraries to support pkcs11 modules -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 

security/mac/hardenedruntime/v2/production/firefoxdeveloperedition.browser.xml

@@ -6,9 +6,6 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox needs to create executable pages (without MAP_JIT) -->
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
-
     <!-- Allow loading third party libraries to support pkcs11 modules -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 

security/mac/hardenedruntime/v2/production/nightly.browser.xml

@@ -6,9 +6,6 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox needs to create executable pages (without MAP_JIT) -->
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
-
     <!-- Allow loading third party libraries to support pkcs11 modules -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 

security/mac/hardenedruntime/v2/production/plugin-container.xml

@@ -6,10 +6,7 @@
 -->
 <plist version="1.0">
   <dict>
-    <!-- Firefox needs to create executable pages without MAP_JIT on x64 -->
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
-
-    <!-- Firefox needs to create executable pages with MAP_JIT on aarch64 -->
+    <!-- Firefox needs to create executable pages with MAP_JIT -->
     <key>com.apple.security.cs.allow-jit</key><true/>
   </dict>
 </plist>

xpcom/build/PoisonIOInterposerMac.cpp

@@ -328,10 +328,17 @@ void InitPoisonIOInterposer() {
     if (!d->Function) {
       continue;
     }
+
+    // Disable the interposer on arm64 until there's
+    // a mach_override_ptr implementation.
 #ifndef __aarch64__
+    // Temporarily disable the interposer on macOS x64
+    // while dynamic code disablement rides the trains.
+#  ifdef MOZ_INTERPOSER_FORCE_MACOS_X64
     DebugOnly<mach_error_t> t =
         mach_override_ptr(d->Function, d->Wrapper, &d->Buffer);
     MOZ_ASSERT(t == err_none);
+#  endif  // MOZ_INTERPOSER_FORCE_MACOS_X64
 #endif
   }
 }