Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8244951

Missing entitlements for hardened runtime

    Details

    • Subcomponent:
    • Resolved In Build:
      b24

      Backports

        Description

        From build-dev: https://mail.openjdk.java.net/pipermail/build-dev/2020-April/027322.html

        ---
        Since upgrading to the hardened runtime version of the JDK, I can no longer access microphone input using the standard Java Sound API, only silence is captured when running my .jar file using the command line. While checking Console.app, I found that TCC is blocking microphone access in the background because of a missing entitlement:

        Prompting policy for hardened runtime; service: kTCCServiceMicrophone requires entitlement com.apple.security.device.audio-input but it is missing for ACC:{ID: net.java.openjdk.cmd, PID[2161], auid: 501, euid: 501, binary path: '/Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/bin/java'}, REQ:{ID: com.apple.tccd, PID[154], auid: 0, euid: 0, binary path: '/System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/tccd'}
        This causes microphone access to be blocked without any user action:

        Policy disallows prompt for ACC:{ID: net.java.openjdk.cmd, PID[2161], auid: 501, euid: 501, binary path: '/Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/bin/java'}, REQ:{ID: com.apple.tccd, PID[154], auid: 0, euid: 0, binary path: '/System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/tccd'}; access to kTCCServiceMicrophone denied
        This does not happen with file access: a dialog to provide access to "Documents" and "Downloads" appears when trying to access a file there.
        ---

        We need to add some more entitlements to the java launcher. It seems these will only be needed for the main java launcher and none of the others. The same should also be added to the launcher jpackage bundles into jpackaged applications.

        The question is which other entitlements may be needed.

        https://developer.apple.com/documentation/security/hardened_runtime

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  erikj Erik Joelsson
                  Reporter:
                  erikj Erik Joelsson
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  9 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: