From 7d53981078d09b2a60daf841de95b8f5170698b4 Mon Sep 17 00:00:00 2001
From: Lakshmi Shanmugam
Date: Tue, 3 Sep 2019 12:22:27 +0530
Subject: Bug 550674 - Specify hardened runtime for Mac app signing

Added the entitlement files for the 3 products. Added the entitlement to
the pom files.

Change-Id: I277eb415961f3a62f2f2777f6e8685f39384e351
---
 .../entitlement/equinox.entitlement                    | 18 ++++++++++++++++++
 .../entitlement/platform.entitlement                   | 18 ++++++++++++++++++
 .../entitlement/sdk.entitlement                        | 18 ++++++++++++++++++
 .../equinox.starterkit.product/pom.xml                 |  3 ++-
 .../platform/pom.xml                                   |  1 +
 .../sdk/pom.xml                                        |  1 +
 6 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 eclipse.platform.releng.tychoeclipsebuilder/entitlement/equinox.entitlement
 create mode 100644 eclipse.platform.releng.tychoeclipsebuilder/entitlement/platform.entitlement
 create mode 100644 eclipse.platform.releng.tychoeclipsebuilder/entitlement/sdk.entitlement

diff --git a/eclipse.platform.releng.tychoeclipsebuilder/entitlement/equinox.entitlement b/eclipse.platform.releng.tychoeclipsebuilder/entitlement/equinox.entitlement
new file mode 100644
index 000000000..6fdb9d33d
--- /dev/null
+++ b/eclipse.platform.releng.tychoeclipsebuilder/entitlement/equinox.entitlement
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.cs.debugger</key>
+    <true/>
+</dict>
+</plist>
\ No newline at end of file
diff --git a/eclipse.platform.releng.tychoeclipsebuilder/entitlement/platform.entitlement b/eclipse.platform.releng.tychoeclipsebuilder/entitlement/platform.entitlement
new file mode 100644
index 000000000..6fdb9d33d
--- /dev/null
+++ b/eclipse.platform.releng.tychoeclipsebuilder/entitlement/platform.entitlement
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.cs.debugger</key>
+    <true/>
+</dict>
+</plist>
\ No newline at end of file
diff --git a/eclipse.platform.releng.tychoeclipsebuilder/entitlement/sdk.entitlement b/eclipse.platform.releng.tychoeclipsebuilder/entitlement/sdk.entitlement
new file mode 100644
index 000000000..6fdb9d33d
--- /dev/null
+++ b/eclipse.platform.releng.tychoeclipsebuilder/entitlement/sdk.entitlement
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.cs.debugger</key>
+    <true/>
+</dict>
+</plist>
\ No newline at end of file
diff --git a/eclipse.platform.releng.tychoeclipsebuilder/equinox.starterkit.product/pom.xml b/eclipse.platform.releng.tychoeclipsebuilder/equinox.starterkit.product/pom.xml
index 5bfc33ffc..1b08a1789 100644
--- a/eclipse.platform.releng.tychoeclipsebuilder/equinox.starterkit.product/pom.xml
+++ b/eclipse.platform.releng.tychoeclipsebuilder/equinox.starterkit.product/pom.xml
@@ -138,7 +138,8 @@
                     <fileName>Rt.app</fileName>
                   </fileNames>
                   <timeoutMillis>300000</timeoutMillis> <!-- 5 min -->
-                  <continueOnFail>${macSigner.forceContinue}</continueOnFail> 
+                  <continueOnFail>${macSigner.forceContinue}</continueOnFail>
+                  <entitlements>${project.basedir}/../entitlement/equinox.entitlement</entitlements> 
                 </configuration>
               </execution>
             </executions>
diff --git a/eclipse.platform.releng.tychoeclipsebuilder/platform/pom.xml b/eclipse.platform.releng.tychoeclipsebuilder/platform/pom.xml
index f3d4aec4c..5ca0a580d 100644
--- a/eclipse.platform.releng.tychoeclipsebuilder/platform/pom.xml
+++ b/eclipse.platform.releng.tychoeclipsebuilder/platform/pom.xml
@@ -119,6 +119,7 @@
                 <configuration>
                   <timeoutMillis>300000</timeoutMillis> <!-- 5 min -->
                   <continueOnFail>${macSigner.forceContinue}</continueOnFail> 
+                  <entitlements>${project.basedir}/../entitlement/platform.entitlement</entitlements>
                 </configuration>
               </execution>
             </executions>
diff --git a/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml b/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml
index 6d6fbd847..7551fcf1e 100644
--- a/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml
+++ b/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml
@@ -118,6 +118,7 @@
                 <configuration>
                   <timeoutMillis>300000</timeoutMillis> <!-- 5 min -->
                   <continueOnFail>${macSigner.forceContinue}</continueOnFail>
+                  <entitlements>${project.basedir}/../entitlement/sdk.entitlement</entitlements>
                 </configuration>
               </execution>
             </executions>
-- 
cgit v1.2.3