[PM-16530] [BRE-283] Changes to support hardening on the Mac desktop app (#12632)

* [DEVOPS-1424] Changes to support hardening on the Mac desktop app * Remove unsigned memory exception * Remove exceptions from the local (non-MAS) mac builds as well --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2025-12-06 00:13:28 +00:00 · 2024-12-31 15:16:31 -05:00
parent 899b16966a
commit e1778f4282
6 changed files with 8 additions and 8 deletions
--- a/apps/desktop/electron-builder.json
+++ b/apps/desktop/electron-builder.json
@@ -133,7 +133,7 @@
    "entitlements": "resources/entitlements.mas.plist",
    "entitlementsInherit": "resources/entitlements.mas.inherit.plist",
    "entitlementsLoginHelper": "resources/entitlements.mas.loginhelper.plist",
-    "hardenedRuntime": false,
+    "hardenedRuntime": true,
    "extendInfo": {
      "LSMinimumSystemVersion": "12",
      "ElectronTeamID": "LTZ2PFU5D6"
--- a/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist
+++ b/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist
@@ -6,5 +6,7 @@
 	<true/>
 	<key>com.apple.security.inherit</key>
 	<true/>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
 </dict>
 </plist>
--- a/apps/desktop/resources/entitlements.desktop_proxy.plist
+++ b/apps/desktop/resources/entitlements.desktop_proxy.plist
@@ -8,5 +8,7 @@
 	<array>
 		<string>LTZ2PFU5D6.com.bitwarden.desktop</string>
 	</array>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
 </dict>
 </plist>
--- a/apps/desktop/resources/entitlements.mac.plist
+++ b/apps/desktop/resources/entitlements.mac.plist
@@ -4,10 +4,6 @@
 <dict>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
-	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-	<true/>
-	<key>com.apple.security.cs.disable-library-validation</key>
-	<true/>
 	<!--
 	<key>com.apple.developer.authentication-services.autofill-credential-provider</key>
 	<true/>
--- a/apps/desktop/resources/entitlements.mas.inherit.plist
+++ b/apps/desktop/resources/entitlements.mas.inherit.plist
@@ -6,9 +6,7 @@
 	<true/>
 	<key>com.apple.security.inherit</key>
 	<true/>
-	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-	<true/>
-	<key>com.apple.security.cs.disable-library-validation</key>
+	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
 	<!--
 	<key>com.apple.developer.authentication-services.autofill-credential-provider</key>
--- a/apps/desktop/resources/entitlements.mas.plist
+++ b/apps/desktop/resources/entitlements.mas.plist
@@ -34,5 +34,7 @@
 		<string>/Library/Application Support/Microsoft Edge Canary/NativeMessagingHosts/</string>
        <string>/Library/Application Support/Vivaldi/NativeMessagingHosts/</string>
 	</array>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
 </dict>
 </plist>