build/macosx/hardenedruntime/production.entitlements.xml
author Rob Lemley <rob@thunderbird.net>
Fri, 11 Oct 2019 00:00:17 -0400
changeset 37134 8f5ce14d70f4ad8d2b22624f2d5e178790e2ca68
child 37206 f72d9fcf281ea6f25557e6be94e63151d311fb5c
permissions -rw-r--r--
Bug 1586617 - create macOS entitlements.xml specific to Thunderbird requirements. r=darktrojan Thunderbird has been using Firefox's entitlements files since the Apple's hardened runtime became a necessity with notarization. However, Thunderbird cannot access macOS's addressbook for contacts when running macOS Mojave or Catalina, necessitating this change.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
     Entitlements to apply to the .app bundle and all executable files
     contained within it during codesigning of production channel builds that
     will be notarized. These entitlements enable hardened runtime protections
     to the extent possible for Thunderbird. Some supporting binaries within the
     bundle could use more restrictive entitlements, but they are launched by
     the main Thunderbird process and therefore inherit the parent process
     entitlements.
     This file is based on the production.entitlements.xml file used for Firefox.
-->
<plist version="1.0">
  <dict>
    <!-- Thunderbird does not use MAP_JIT for executable mappings -->
    <key>com.apple.security.cs.allow-jit</key><false/>

    <!-- Thunderbird needs to create executable pages (without MAP_JIT) -->
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>

    <!-- Code paged in from disk should match the signature at page in-time -->
    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>

    <!-- Allow loading third party libraries. Possibly needed by some legacy extensions.  -->
    <key>com.apple.security.cs.disable-library-validation</key><true/>

    <!-- Allow dyld environment variables. Needed because Thunderbird uses
         dyld variables to load libaries from within the .app bundle. -->
    <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>

    <!-- Don't allow debugging of the executable. Debuggers will be prevented
         from attaching to running executables. Notarization does not permit
         access to get-task-allow (as documented by Apple) so this must be
         disabled on notarized builds. -->
    <key>com.apple.security.get-task-allow</key><false/>

    <!-- Thunderbird needs to access the microphone on sites the user allows -->
    <key>com.apple.security.device.audio-input</key><true/>

    <!-- Thunderbird needs to access the camera on sites the user allows -->
    <key>com.apple.security.device.camera</key><true/>

    <!-- Thunderbird needs to access the location on sites the user allows -->
    <key>com.apple.security.personal-information.location</key><true/>

    <!-- Thunderbird uses the macOS addressbook for contacts storage. -->
    <key>com.apple.security.personal-information.addressbook</key><true/>

    <!-- Allow Thunderbird to send Apple events to other applications. Needed
         for native messaging webextension helper applications launched by
         Thunderbird which rely on Apple Events to signal other processes. -->
    <key>com.apple.security.automation.apple-events</key><true/>
  </dict>
</plist>