Add com.apple.security.cs.allow-unsigned-executable-memory (#2735).

Tobi pointed out that the crashing thread crashes when trying to
execute the first instruction in the page

VM_ALLOCATE 119af0000-119af1000 [ 4K] r-x/rwx SM=PRV

which is dynamically allocated with VM_ALLOCATE (as opposed to being
a memory-mapped binary). Its protections (r-x/rwx) suggest that its
being used for JIT, so this code isn't signed, so the process
is killed by the hardened runtime.

We suspect FFmpeg is doing some JIT but perhaps only on x86_64
(as I couldn't reproduce the crash on arm64).

diff --git a/platform/osx/make_dmg.sh b/platform/osx/make_dmg.sh
index fb9a24a9bb4f2af7883b554fd861a7a4987cd97d..4772d8b19cbaebb9b5377b15e75ddaca750f1d6f 100644 (file)
--- a/platform/osx/make_dmg.sh
+++ b/platform/osx/make_dmg.sh
@@ -62,6 +62,8 @@ cat <<EOF > entitlements.plist
   <true/>
   <key>com.apple.security.cs.allow-dyld-environment-variables</key>
   <true/>
+  <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+  <true/>
 </dict>
 </plist>
 EOF