58 строки
2.9 KiB
XML
58 строки
2.9 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<!--
|
|
Entitlements to apply to the .app bundle and all executable files
|
|
contained within it during codesigning of developer builds. These
|
|
entitlements configure hardened runtime and allow debugging of the
|
|
application. The com.apple.security.get-task-allow entitlement must be
|
|
set to true to allow debuggers to attach to application processes but
|
|
this prohibits notarization with the notary service. Aside from allowing
|
|
debugging, these entitlements enable hardened runtime protections to the
|
|
extent possible for Thunderbird. Supporting binaries within the bundle could
|
|
use more restrictive entitlements, but they are launched by the main
|
|
Thunderbird process and therefore inherit the parent process entitlements.
|
|
This file is based on the developer.entitlements.xml file used for Firefox.
|
|
-->
|
|
<plist version="1.0">
|
|
<dict>
|
|
<!-- Thunderbird does not use MAP_JIT for executable mappings -->
|
|
<key>com.apple.security.cs.allow-jit</key><false/>
|
|
|
|
<!-- Thunderbird needs to create executable pages (without MAP_JIT) -->
|
|
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
|
|
|
|
<!-- Code paged in from disk should match the signature at page-in time -->
|
|
<key>com.apple.security.cs.disable-executable-page-protection</key><false/>
|
|
|
|
<!-- Allow loading third party libraries. Possibly needed by some legacy extensions. -->
|
|
<key>com.apple.security.cs.disable-library-validation</key><true/>
|
|
|
|
<!-- Allow dyld environment variables. Needed because Thunderbird uses
|
|
dyld variables to load libraries from within the .app bundle. -->
|
|
<key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
|
|
|
|
<!-- Allow debuggers to attach to running executables -->
|
|
<key>com.apple.security.get-task-allow</key><true/>
|
|
|
|
<!-- Thunderbird needs to access the microphone on sites the user allows -->
|
|
<key>com.apple.security.device.audio-input</key><true/>
|
|
|
|
<!-- Thunderbird needs to access the camera on sites the user allows -->
|
|
<key>com.apple.security.device.camera</key><true/>
|
|
|
|
<!-- Thunderbird needs to access the location on sites the user allows -->
|
|
<key>com.apple.security.personal-information.location</key><true/>
|
|
|
|
<!-- Thunderbird uses the macOS addressbook for contacts storage. -->
|
|
<key>com.apple.security.personal-information.addressbook</key><true/>
|
|
|
|
<!-- Allow Thunderbird to send Apple events to other applications. Needed
|
|
for native messaging webextension helper applications launched by
|
|
Thunderbird which rely on Apple Events to signal other processes. -->
|
|
<key>com.apple.security.automation.apple-events</key><true/>
|
|
|
|
<!-- For SmartCardServices(7) -->
|
|
<key>com.apple.security.smartcard</key><true/>
|
|
</dict>
|
|
</plist>
|