[Libreoffice-commits] core.git: bridges/source hardened_runtime.xcent.in

Tor Lillqvist (via logerrit) logerrit at kemper.freedesktop.org
Thu Apr 30 05:38:44 UTC 2020 

 bridges/source/cpp_uno/shared/vtablefactory.cxx |    6 ++++++
 hardened_runtime.xcent.in                       |    2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

New commits:
commit 2c366aae9263dc4115b054fe74b90cabea61fa0b
Author:     Tor Lillqvist <tml at collabora.com>
AuthorDate: Wed Apr 29 20:12:21 2020 +0300
Commit:     Tor Lillqvist <tml at collabora.com>
CommitDate: Thu Apr 30 07:38:02 2020 +0200

    Use a less extreme entitlement for our run-time machine code generation
    
    See https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-executable-page-protection
    and https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-jit
    
    Change-Id: I192038efa9cff4fb723bf4bdc8644f0b09f0fcda
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93181
    Tested-by: Jenkins
    Reviewed-by: Tor Lillqvist <tml at collabora.com>

diff --git a/bridges/source/cpp_uno/shared/vtablefactory.cxx b/bridges/source/cpp_uno/shared/vtablefactory.cxx
index 018b808d89e6..036b81c4218a 100644
--- a/bridges/source/cpp_uno/shared/vtablefactory.cxx
+++ b/bridges/source/cpp_uno/shared/vtablefactory.cxx
@@ -77,6 +77,11 @@ extern "C" void * allocExec(
     std::size_t n = (*size + (pagesize - 1)) & ~(pagesize - 1);
     void * p;
 #if defined SAL_UNX
+#if defined MACOSX
+    p = mmap(
+        nullptr, n, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANON | MAP_JIT, -1,
+        0);
+#else
     p = mmap(
         nullptr, n, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1,
         0);
@@ -88,6 +93,7 @@ extern "C" void * allocExec(
         munmap (p, n);
         p = nullptr;
     }
+#endif
 #elif defined _WIN32
     p = VirtualAlloc(nullptr, n, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
 #endif
diff --git a/hardened_runtime.xcent.in b/hardened_runtime.xcent.in
index d270c93ec694..2bbcda34f18c 100644
--- a/hardened_runtime.xcent.in
+++ b/hardened_runtime.xcent.in
@@ -6,7 +6,7 @@
         <key>com.apple.security.automation.apple-events</key>
         <true/>
         <!-- Needed for our runtime machine code generation -->
-        <key>com.apple.security.cs.disable-executable-page-protection</key>
+        <key>com.apple.security.cs.allow-jit</key>
         <true/>
         <!-- allow use of third-party plugins/frameworks (aka Java) -->
         <key>com.apple.security.cs.disable-library-validation</key>

More information about the Libreoffice-commits mailing list