build/macosx/hardenedruntime/production.entitlements.xml
author Rob Lemley <rob@thunderbird.net>
Thu, 02 Sep 2021 06:23:00 -0400
changeset 33596 59bfc8893d6c51f280c99c7b3adbfa65993732a4
parent 28177 c94a552514bb19d9295a395195be22c93e8ca911
child 36018 e86e4b46473a1a0601a14e946ac46b08cc52a5a3
permissions -rw-r--r--
No bug - temporarily disable daily build. rs=rjl DONTBUILD

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
     Entitlements to apply to the .app bundle and all executable files
     contained within it during codesigning of production channel builds that
     will be notarized. These entitlements enable hardened runtime protections
     to the extent possible for Thunderbird. Some supporting binaries within the
     bundle could use more restrictive entitlements, but they are launched by
     the main Thunderbird process and therefore inherit the parent process
     entitlements.
     This file is based on the production.entitlements.xml file used for Firefox.
-->
<plist version="1.0">
  <dict>
    <!-- Thunderbird does not use MAP_JIT for executable mappings -->
    <key>com.apple.security.cs.allow-jit</key><false/>

    <!-- Thunderbird needs to create executable pages (without MAP_JIT) -->
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>

    <!-- Code paged in from disk should match the signature at page in-time -->
    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>

    <!-- Allow loading third party libraries. Possibly needed by some legacy extensions.  -->
    <key>com.apple.security.cs.disable-library-validation</key><true/>

    <!-- Allow dyld environment variables. Needed because Thunderbird uses
         dyld variables to load libraries from within the .app bundle. -->
    <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>

    <!-- Don't allow debugging of the executable. Debuggers will be prevented
         from attaching to running executables. Notarization does not permit
         access to get-task-allow (as documented by Apple) so this must be
         disabled on notarized builds. -->
    <key>com.apple.security.get-task-allow</key><false/>

    <!-- Thunderbird needs to access the microphone on sites the user allows -->
    <key>com.apple.security.device.audio-input</key><true/>

    <!-- Thunderbird needs to access the camera on sites the user allows -->
    <key>com.apple.security.device.camera</key><true/>

    <!-- Thunderbird needs to access the location on sites the user allows -->
    <key>com.apple.security.personal-information.location</key><true/>

    <!-- Thunderbird uses the macOS addressbook for contacts storage. -->
    <key>com.apple.security.personal-information.addressbook</key><true/>

    <!-- Allow Thunderbird to send Apple events to other applications. Needed
         for native messaging webextension helper applications launched by
         Thunderbird which rely on Apple Events to signal other processes. -->
    <key>com.apple.security.automation.apple-events</key><true/>

    <!-- For SmartCardServices(7) -->
    <key>com.apple.security.smartcard</key><true/>
  </dict>
</plist>