Property List Key

Allow DYLD Environment Variables Entitlement

A Boolean value that indicates whether the app may be affected by dynamic linker environment variables, which you can use to inject code into your app’s process.

Details

Key
com.apple.security.cs.allow-dyld-environment-variables
Type
boolean

Discussion

If your app relies on dynamic linker variables to modify its behavior at runtime, add the Allow DYLD Environment Variables Entitlement to your app. This causes the macOS dynamic linker (dyld) to read from environment variables that begin with DLYD_. See the dyld man page for a list of these variables.

Injecting libraries or changing search paths with this feature may still require another entitlement. For example, you also need the Disable Library Validation Entitlement if an injected library isn’t signed with the expected team ID.

To add the entitlement to your app, first enable the Hardened Runtime capability in Xcode, and then under Runtime Exceptions, select Allow DYLD Environment Variables.

See Also

Hardened Runtime

Apple Events Entitlement

A Boolean value that indicates whether the app may prompt the user for permission to send Apple Events to other apps.

Key: com.apple.security.automation.apple-events
Allow Execution of JIT-compiled Code Entitlement

A Boolean value that indicates whether the app may create writable and executable memory using the MAP_JIT flag.

Key: com.apple.security.cs.allow-jit
Allow Unsigned Executable Memory Entitlement

A Boolean value that indicates whether the app may create writable and executable memory without the restrictions imposed by using the MAP_JIT flag.

Key: com.apple.security.cs.allow-unsigned-executable-memory
Debugging Tool Entitlement

A Boolean value that indicates whether the app is a debugger and may attach to other processes or get task ports.

Key: com.apple.security.cs.debugger
Disable Executable Memory Protection Entitlement

A Boolean value that indicates whether to disable all code signing protections while launching an app, and during its execution.

Key: com.apple.security.cs.disable-executable-page-protection
Disable Library Validation Entitlement

A Boolean value that indicates whether the app may load arbitrary plug-ins or frameworks, without requiring code signing.

Key: com.apple.security.cs.disable-library-validation
Audio Input Entitlement

A Boolean value that indicates whether the app may record audio using the built-in microphone and access audio input using Core Audio.

Key: com.apple.security.device.audio-input
Photos Library Entitlement

A Boolean value that indicates whether the app has read-write access to the user's Photos library.

Key: com.apple.security.personal-information.photos-library