Backed out changeset ee3e55708782 (bug 1570840) for breaking Netflix and Flash on Mac Nightly. a=backout
authorCsoregi Natalia <ncsoregi@mozilla.com>
Thu, 15 Aug 2019 22:00:21 +0300
changeset 488249 aab73dbec4586b814066c09f96538f9e7ad235d0
parent 488153 0db07ff50ab5c9b655ba7e23788f68a2b9d66e71
child 488250 44aac6fc3352cc6e5d846863778a1d616990c9e7
push id113904
push userncsoregi@mozilla.com
push dateThu, 15 Aug 2019 19:41:00 +0000
treeherdermozilla-inbound@b283a7ef186c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1570840
milestone70.0a1
backs outee3e55708782cc1d6d3965a01fbbb3f704f3fc18
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset ee3e55708782 (bug 1570840) for breaking Netflix and Flash on Mac Nightly. a=backout
security/mac/hardenedruntime/developer.entitlements.xml
security/mac/hardenedruntime/production.entitlements.xml
--- a/security/mac/hardenedruntime/developer.entitlements.xml
+++ b/security/mac/hardenedruntime/developer.entitlements.xml
@@ -18,21 +18,22 @@
     <key>com.apple.security.cs.allow-jit</key><false/>
 
     <!-- Firefox needs to create executable pages (without MAP_JIT) -->
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
 
     <!-- Code paged in from disk should match the signature at page-in time -->
     <key>com.apple.security.cs.disable-executable-page-protection</key><false/>
 
-    <!-- Do not allow loading unsigned libraries -->
-    <key>com.apple.security.cs.disable-library-validation</key><false/>
+    <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
+    <key>com.apple.security.cs.disable-library-validation</key><true/>
 
     <!-- Allow dyld environment variables. Needed because Firefox uses
-         dyld variables to load libaries from within the .app bundle. -->
+         dyld variables (such as @executable_path) to load libaries from
+         within the .app bundle. -->
     <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
 
     <!-- Allow debuggers to attach to running executables -->
     <key>com.apple.security.get-task-allow</key><true/>
 
     <!-- Firefox needs to access the microphone on sites the user allows -->
     <key>com.apple.security.device.audio-input</key><true/>
 
--- a/security/mac/hardenedruntime/production.entitlements.xml
+++ b/security/mac/hardenedruntime/production.entitlements.xml
@@ -15,21 +15,22 @@
     <key>com.apple.security.cs.allow-jit</key><false/>
 
     <!-- Firefox needs to create executable pages (without MAP_JIT) -->
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
 
     <!-- Code paged in from disk should match the signature at page in-time -->
     <key>com.apple.security.cs.disable-executable-page-protection</key><false/>
 
-    <!-- Do not allow loading unsigned libraries -->
-    <key>com.apple.security.cs.disable-library-validation</key><false/>
+    <!-- Allow loading third party libraries. Needed for Flash and CDMs -->
+    <key>com.apple.security.cs.disable-library-validation</key><true/>
 
     <!-- Allow dyld environment variables. Needed because Firefox uses
-         dyld variables to load libaries from within the .app bundle. -->
+         dyld variables (such as @executable_path) to load libaries from
+         within the .app bundle. -->
     <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
 
     <!-- Don't allow debugging of the executable. Debuggers will be prevented
          from attaching to running executables. Notarization does not permit
          access to get-task-allow (as documented by Apple) so this must be
          disabled on notarized builds. -->
     <key>com.apple.security.get-task-allow</key><false/>