bridges/source/cpp_uno/shared/vtablefactory.cxx | 6 ++++++ hardened_runtime.xcent.in | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-)
New commits: commit 2c366aae9263dc4115b054fe74b90cabea61fa0b Author: Tor Lillqvist <t...@collabora.com> AuthorDate: Wed Apr 29 20:12:21 2020 +0300 Commit: Tor Lillqvist <t...@collabora.com> CommitDate: Thu Apr 30 07:38:02 2020 +0200 Use a less extreme entitlement for our run-time machine code generation See https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-executable-page-protection and https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-jit Change-Id: I192038efa9cff4fb723bf4bdc8644f0b09f0fcda Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93181 Tested-by: Jenkins Reviewed-by: Tor Lillqvist <t...@collabora.com> diff --git a/bridges/source/cpp_uno/shared/vtablefactory.cxx b/bridges/source/cpp_uno/shared/vtablefactory.cxx index 018b808d89e6..036b81c4218a 100644 --- a/bridges/source/cpp_uno/shared/vtablefactory.cxx +++ b/bridges/source/cpp_uno/shared/vtablefactory.cxx @@ -77,6 +77,11 @@ extern "C" void * allocExec( std::size_t n = (*size + (pagesize - 1)) & ~(pagesize - 1); void * p; #if defined SAL_UNX +#if defined MACOSX + p = mmap( + nullptr, n, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANON | MAP_JIT, -1, + 0); +#else p = mmap( nullptr, n, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); @@ -88,6 +93,7 @@ extern "C" void * allocExec( munmap (p, n); p = nullptr; } +#endif #elif defined _WIN32 p = VirtualAlloc(nullptr, n, MEM_COMMIT, PAGE_EXECUTE_READWRITE); #endif diff --git a/hardened_runtime.xcent.in b/hardened_runtime.xcent.in index d270c93ec694..2bbcda34f18c 100644 --- a/hardened_runtime.xcent.in +++ b/hardened_runtime.xcent.in @@ -6,7 +6,7 @@ <key>com.apple.security.automation.apple-events</key> <true/> <!-- Needed for our runtime machine code generation --> - <key>com.apple.security.cs.disable-executable-page-protection</key> + <key>com.apple.security.cs.allow-jit</key> <true/> <!-- allow use of third-party plugins/frameworks (aka Java) --> <key>com.apple.security.cs.disable-library-validation</key> _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits