build/macosx/hardenedruntime/developer.entitlements.xml
author Jorg K <jorgk@jorgk.com>
Mon, 28 Oct 2019 10:47:08 +0100
changeset 36499 94c1bd9522d2d73891670081db6669a689e6ebbb
parent 36442 e4d9fac14a3097357dc28523f371c910ece108a0
child 36421 288402b4c3e9240c4fa2490a2a24da3b4c2f4db8
permissions -rw-r--r--
No bug - Change cron start times to 12:00 CET (11:00 GMT). r=rjl DONTBUILD

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
     Entitlements to apply to the .app bundle and all executable files
     contained within it during codesigning of developer builds. These
     entitlements configure hardened runtime and allow debugging of the
     application. The com.apple.security.get-task-allow entitlement must be
     set to true to allow debuggers to attach to application processes but
     this prohibits notarization with the notary service. Aside from allowing
     debugging, these entitlements enable hardened runtime protections to the
     extent possible for Thunderbird. Supporting binaries within the bundle could
     use more restrictive entitlements, but they are launched by the main
     Thunderbird process and therefore inherit the parent process entitlements.
     This file is based on the developer.entitlements.xml file used for Firefox.
-->
<plist version="1.0">
  <dict>
    <!-- Thunderbird does not use MAP_JIT for executable mappings -->
    <key>com.apple.security.cs.allow-jit</key><false/>

    <!-- Thunderbird needs to create executable pages (without MAP_JIT) -->
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>

    <!-- Code paged in from disk should match the signature at page-in time -->
    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>

    <!-- Allow loading third party libraries. Possibly needed by some legacy extensions. -->
    <key>com.apple.security.cs.disable-library-validation</key><true/>

    <!-- Allow dyld environment variables. Needed because Thunderbird uses
         dyld variables to load libraries from within the .app bundle. -->
    <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>

    <!-- Allow debuggers to attach to running executables -->
    <key>com.apple.security.get-task-allow</key><true/>

    <!-- Thunderbird needs to access the microphone on sites the user allows -->
    <key>com.apple.security.device.audio-input</key><true/>

    <!-- Thunderbird needs to access the camera on sites the user allows -->
    <key>com.apple.security.device.camera</key><true/>

    <!-- Thunderbird needs to access the location on sites the user allows -->
    <key>com.apple.security.personal-information.location</key><true/>

    <!-- Thunderbird uses the macOS addressbook for contacts storage. -->
    <key>com.apple.security.personal-information.addressbook</key><true/>

    <!-- Allow Thunderbird to send Apple events to other applications. Needed
         for native messaging webextension helper applications launched by
         Thunderbird which rely on Apple Events to signal other processes. -->
    <key>com.apple.security.automation.apple-events</key><true/>
  </dict>
</plist>