Property List Key

Allow Unsigned Executable Memory Entitlement

A Boolean value that indicates whether the app may create writable and executable memory without the restrictions imposed by using the MAP_JIT flag.

Details

Key
com.apple.security.cs.allow-unsigned-executable-memory
Type
boolean

Discussion

In rare cases, an app might need to override or patch C code, use the long-deprecated NSCreateObjectFileImageFromMemory (which is fundamentally insecure), or use the DVDPlayback framework. Add the Allow Unsigned Executable Memory Entitlement to enable these use cases. Otherwise, the app might crash or behave in unexpected ways.

To add the entitlement to your app, first enable the Hardened Runtime capability in Xcode, and then under Runtime Exceptions, select Allow Unsigned Executable Memory.

See Also

Runtime Exceptions

Allow Execution of JIT-compiled Code Entitlement

A Boolean value that indicates whether the app may create writable and executable memory using the MAP_JIT flag.

Key: com.apple.security.cs.allow-jit
Allow DYLD Environment Variables Entitlement

A Boolean value that indicates whether the app may be affected by dynamic linker environment variables, which you can use to inject code into your app’s process.

Key: com.apple.security.cs.allow-dyld-environment-variables
Disable Library Validation Entitlement

A Boolean value that indicates whether the app may load arbitrary plug-ins or frameworks, without requiring code signing.

Key: com.apple.security.cs.disable-library-validation
Disable Executable Memory Protection Entitlement

A Boolean value that indicates whether to disable all code signing protections while launching an app, and during its execution.

Key: com.apple.security.cs.disable-executable-page-protection
Debugging Tool Entitlement

A Boolean value that indicates whether the app is a debugger and may attach to other processes or get task ports.

Key: com.apple.security.cs.debugger