Post

Replies

Boosts

Views

Activity

Reply to How to use the WebAssembly (wasm) binary module in macos App
We have found the cause of the issue. Below are our current entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>app-proxy-provider-systemextension</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>$(TeamIdentifierPrefix)xxxxxx</string> </array> <key>com.apple.security.get-task-allow</key> <false/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> </dict> </plist> We discovered that com.apple.developer.endpoint-security.client and com.apple.security.cs.allow-unsigned-executable-memory are in conflict. Currently, our approach is to download wasm files from the server to the local machine and load them dynamically at runtime, so we cannot package the wasm files into the Contents/Resources directory inside the app bundle. Could you please advise how to resolve this problem?
Topic: Code Signing SubTopic: Notarization Tags:
Nov ’25
Reply to How to use the WebAssembly (wasm) binary module in macos App
When I use the com.apple.security.cs.allow-unsigned-executable-memory entitlements, after the notarization, I met these errors when I launch the App: AMFI: When validating /Applications/xxxx.app/Contents/MacOS/xxx: Hardened Runtime relaxation entitlements disallowed on System Extensions mac_vnode_check_signature: /Applications/xxxx.app/Contents/MacOS/xxxx: code signature validation failed fatally: When validating /Applications/xxxx.app/Contents/MacOS/xxxx: Hardened Runtime relaxation entitlements disallowed on System Extensions ASP: Security policy would not allow process: 85453, /Applications/xxxx.app/Contents/MacOS/xxxx By the way: We found that signing a wasm file writes the signature into the file’s extended attributes. In this case, when the wasm is loaded, is the memory considered to be signed?
Topic: Code Signing SubTopic: Notarization Tags:
Nov ’25
Reply to How to use the WebAssembly (wasm) binary module in macos App
We have found the cause of the issue. Below are our current entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>app-proxy-provider-systemextension</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>$(TeamIdentifierPrefix)xxxxxx</string> </array> <key>com.apple.security.get-task-allow</key> <false/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> </dict> </plist> We discovered that com.apple.developer.endpoint-security.client and com.apple.security.cs.allow-unsigned-executable-memory are in conflict. Currently, our approach is to download wasm files from the server to the local machine and load them dynamically at runtime, so we cannot package the wasm files into the Contents/Resources directory inside the app bundle. Could you please advise how to resolve this problem?
Topic: Code Signing SubTopic: Notarization Tags:
Replies
Boosts
Views
Activity
Nov ’25
Reply to How to use the WebAssembly (wasm) binary module in macos App
When I use the com.apple.security.cs.allow-unsigned-executable-memory entitlements, after the notarization, I met these errors when I launch the App: AMFI: When validating /Applications/xxxx.app/Contents/MacOS/xxx: Hardened Runtime relaxation entitlements disallowed on System Extensions mac_vnode_check_signature: /Applications/xxxx.app/Contents/MacOS/xxxx: code signature validation failed fatally: When validating /Applications/xxxx.app/Contents/MacOS/xxxx: Hardened Runtime relaxation entitlements disallowed on System Extensions ASP: Security policy would not allow process: 85453, /Applications/xxxx.app/Contents/MacOS/xxxx By the way: We found that signing a wasm file writes the signature into the file’s extended attributes. In this case, when the wasm is loaded, is the memory considered to be signed?
Topic: Code Signing SubTopic: Notarization Tags:
Replies
Boosts
Views
Activity
Nov ’25
Reply to How to use the WebAssembly (wasm) binary module in macos App
@DTS Engineer it reports: WebAssembly (wasm) binary module version 0x1000d
Topic: Code Signing SubTopic: Notarization Tags:
Replies
Boosts
Views
Activity
Nov ’25
Reply to The menu can't be shown in background process in MacOS 26(beta)
Yes,status bar items
Topic: App & System Services SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jul ’25
Reply to Does MDM Profile Support the Kernel Extension Update above Mac OS 11
RestartDevice MDM command  will popup a dialog that inform user to restart , NotifyUser But If set this to false, the machine will be restarted immediately. Is there a way that not restart the machine,but only RebuildKernelCache?
Topic: Developer Tools & Services SubTopic: General Tags:
Replies
Boosts
Views
Activity
Feb ’23