[Interest] Mac OS - AVCaptureDevice requestAccessForMediaType:AVMediaTypeVideo crashes application

coroberti . coroberti at gmail.com
Fri Jan 10 10:48:28 CET 2020


On Fri, Jan 10, 2020 at 11:17 AM Nuno Santos <nunosantos at imaginando.pt> wrote:
>
> Roland,
>
> After spending more than 4 hours googling and searching for others examples and realising I was not doing anything wrong I have stumbled with a detail that was causing the crash.
>
> I was codesiging it with: codesign BUNDLE.app -s \"Developer ID Application: Acme Inc. (XPTO)\" --options "runtime"
>
> Removing the —options “runtime” did the trick. The documentation says:
>
> runtime  On macOS versions >= 10.14.0, opts signed processes into a hard-
>               ened runtime environment which includes runtime code signing
>               enforcement, library validation, hard, kill, and debugging
>               restrictions.  These restrictions can be selectively relaxed via
>               entitlements. Note: macOS versions older than 10.14.0 ignore the
>               presence of this flag in the code signature.
>
> But I still don’t understand why it was crashing with this option.
>
> The app was not crashing on the computer that was built and signed but as soon it ran on another computer it would crash with the __CRASHING_DUE_TO_PRIVACY_VIOLATION__ reason.
>
> This was a very tricky one!
>
> Thanks for your reply.
>
> Best regards,
>
> Nuno
>

Nuno,
Mac OS 10.15 requires every software to be delivered from iTunes App Store or
to be notarized.

For Mac software (not being distributed via Store) to be notarized,
hardening runtime seems to be a pre-condition.

Signing with hardening runtime (-o runtime), you can pass some escapes
using the entitlements.plist, for example:

<?xml version="1.0" encoding="utf-8"?>
<plist version="1.0">
    <dict>
        <key>com.apple.security.automation.apple-events</key>
        <true/>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>
    <key>com.apple.security.cs.disable-executable-page-protection</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
    </dict>
</plist>

and some others.

codesign --deep -o runtime -f -vv --entitlements ./entitlements.plist
--preserve-metadata=identifier,entitlements,requirements,runtime
--timestamp -s
"Developer ID Application: Your.app" ./Your.app

Afterwords you place the app to an archive or package, notarize it
with Apple and staple prior to distribution.

I was getting various strange crashes prior to doing that.

Kind regards,
Robert Iakobashvili
............................


More information about the Interest mailing list