diff --git a/pkg/apple/RetroArch.entitlements b/pkg/apple/RetroArch.entitlements
index 6b550ae4d0..4c614d4a5e 100644
--- a/pkg/apple/RetroArch.entitlements
+++ b/pkg/apple/RetroArch.entitlements
@@ -6,11 +6,7 @@
com.apple.security.cs.allow-jit
- com.apple.security.cs.disable-executable-page-protection
-
- com.apple.security.cs.disable-library-validation
-
- com.apple.security.device.camera
+ com.apple.security.cs.allow-unsigned-executable-memory
com.apple.security.network.client
diff --git a/pkg/apple/RetroArch.xcodeproj/project.pbxproj b/pkg/apple/RetroArch.xcodeproj/project.pbxproj
index d01f7ee4c5..42ddfa7c60 100644
--- a/pkg/apple/RetroArch.xcodeproj/project.pbxproj
+++ b/pkg/apple/RetroArch.xcodeproj/project.pbxproj
@@ -94,6 +94,8 @@
8D1107320486CEB800E47090 /* RetroArch.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = RetroArch.app; sourceTree = BUILT_PRODUCTS_DIR; };
9254B2F825F5A94300A1E0DA /* OpenGL_GitLabCI.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = OpenGL_GitLabCI.xcconfig; sourceTree = ""; };
9254B33325FA72ED00A1E0DA /* assets.zip */ = {isa = PBXFileReference; lastKnownFileType = archive.zip; name = assets.zip; path = OSX/assets.zip; sourceTree = ""; };
+ D44049A526094BD500A7AB50 /* RetroArchCg.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = RetroArchCg.entitlements; sourceTree = ""; };
+ D44049A626094BD800A7AB50 /* RetroArch.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = RetroArch.entitlements; sourceTree = ""; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
@@ -168,6 +170,8 @@
29B97314FDCFA39411CA2CEA /* RetroArch */ = {
isa = PBXGroup;
children = (
+ D44049A626094BD800A7AB50 /* RetroArch.entitlements */,
+ D44049A526094BD500A7AB50 /* RetroArchCg.entitlements */,
9254B2F825F5A94300A1E0DA /* OpenGL_GitLabCI.xcconfig */,
840222FA1A889EA2009AB261 /* Core */,
080E96DDFE201D6D7F000001 /* Classes */,
@@ -368,11 +372,13 @@
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
+ CODE_SIGN_ENTITLEMENTS = RetroArchCg.entitlements;
CODE_SIGN_IDENTITY = "Developer ID Application";
CODE_SIGN_STYLE = Manual;
COMBINE_HIDPI_IMAGES = YES;
COPY_PHASE_STRIP = NO;
DEVELOPMENT_TEAM = UK699V5ZS8;
+ ENABLE_HARDENED_RUNTIME = YES;
FRAMEWORK_SEARCH_PATHS = (
"$(inherited)",
"$(LOCAL_LIBRARY_DIR)/Frameworks",
@@ -410,11 +416,13 @@
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
+ CODE_SIGN_ENTITLEMENTS = RetroArchCg.entitlements;
CODE_SIGN_IDENTITY = "Developer ID Application";
CODE_SIGN_STYLE = Manual;
COMBINE_HIDPI_IMAGES = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
DEVELOPMENT_TEAM = UK699V5ZS8;
+ ENABLE_HARDENED_RUNTIME = YES;
FRAMEWORK_SEARCH_PATHS = (
"$(inherited)",
"$(LOCAL_LIBRARY_DIR)/Frameworks",
@@ -451,11 +459,13 @@
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
ARCHS = x86_64;
+ CODE_SIGN_ENTITLEMENTS = RetroArch.entitlements;
CODE_SIGN_IDENTITY = "Developer ID Application";
CODE_SIGN_STYLE = Manual;
COMBINE_HIDPI_IMAGES = YES;
COPY_PHASE_STRIP = NO;
DEVELOPMENT_TEAM = UK699V5ZS8;
+ ENABLE_HARDENED_RUNTIME = YES;
FRAMEWORK_SEARCH_PATHS = (
"$(inherited)",
"$(LOCAL_LIBRARY_DIR)/Frameworks",
@@ -490,11 +500,13 @@
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
ARCHS = x86_64;
+ CODE_SIGN_ENTITLEMENTS = RetroArch.entitlements;
CODE_SIGN_IDENTITY = "Developer ID Application";
CODE_SIGN_STYLE = Manual;
COMBINE_HIDPI_IMAGES = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
DEVELOPMENT_TEAM = UK699V5ZS8;
+ ENABLE_HARDENED_RUNTIME = YES;
FRAMEWORK_SEARCH_PATHS = (
"$(inherited)",
"$(LOCAL_LIBRARY_DIR)/Frameworks",
diff --git a/pkg/apple/RetroArchCg.entitlements b/pkg/apple/RetroArchCg.entitlements
new file mode 100644
index 0000000000..26b12f2886
--- /dev/null
+++ b/pkg/apple/RetroArchCg.entitlements
@@ -0,0 +1,10 @@
+
+
+
+
+ com.apple.security.cs.allow-jit
+
+ com.apple.security.cs.allow-unsigned-executable-memory
+
+
+