| commit | 757b20886627469a5457543204449c289fddf8b1 | |
| author | Haik Aftandilian <haftandilian@mozilla.com> | |
| Thu, 7 Nov 2019 13:26:05 +0000 (7 13:26 +0000) | ||
| committer | Haik Aftandilian <haftandilian@mozilla.com> | |
| Thu, 7 Nov 2019 13:26:05 +0000 (7 13:26 +0000) | ||
| tree | 4924e02aa8d39b10aafaf9935bf56bff162b14f1 | treesnapshot (tar.gz zip) |
| parent | 194b574fae8f5c0a287f01e7b125594a6fb518e7 | commitdiff |
Bug 1593071 - [macOS] Land different entitlement files for parent and child processes r=spohl
Add separate entitlement files for the browser (aka parent process) and plugin-container processes. Leave the old production and developer entitlement files in place.
Once automation has been updated to use the new process-specific entitlement files (bug 1593072), the older entitlement files can be removed.
Future work will change the process-specific entitlements to be minimized for each process type.
Update codesign.bash to
1) use the separate browser and plugin-container entitlement files
2) only sign executables with entitlements, not sign unnecessary files
3) output to a .dmg instead of a .zip file.
Differential Revision: https://phabricator.services.mozilla.com/D52117
--HG--
extra : moz-landing-system : lando
Add separate entitlement files for the browser (aka parent process) and plugin-container processes. Leave the old production and developer entitlement files in place.
Once automation has been updated to use the new process-specific entitlement files (bug 1593072), the older entitlement files can be removed.
Future work will change the process-specific entitlements to be minimized for each process type.
Update codesign.bash to
1) use the separate browser and plugin-container entitlement files
2) only sign executables with entitlements, not sign unnecessary files
3) output to a .dmg instead of a .zip file.
Differential Revision: https://phabricator.services.mozilla.com/D52117
--HG--
extra : moz-landing-system : lando
| security/mac/hardenedruntime/browser.developer.entitlements.xml | [new file with mode: 0644] | blob |
| security/mac/hardenedruntime/browser.production.entitlements.xml | [new file with mode: 0644] | blob |
| security/mac/hardenedruntime/codesign.bash | diffblobblamehistory | |
| security/mac/hardenedruntime/plugin-container.developer.entitlements.xml | [new file with mode: 0644] | blob |
| security/mac/hardenedruntime/plugin-container.production.entitlements.xml | [new file with mode: 0644] | blob |