From 9d05a43e1502012fe30b3d1ade812d508ea02e0c Mon Sep 17 00:00:00 2001 From: Max Goedjen Date: Wed, 10 Sep 2025 00:27:20 -0700 Subject: [PATCH 1/2] Try re-enabling swift codeql Enable Swift language support for CodeQL analysis. --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d5fb7f3..036b52a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,8 +25,8 @@ jobs: - language: actions build-mode: none # Disable this until CodeQL supports Xcode 26 builds. - # - language: swift - # build-mode: manual + - language: swift + build-mode: manual steps: - name: Checkout repository uses: actions/checkout@v4 From 4e589f0e908962274f78c11b017f36ad22a484bb Mon Sep 17 00:00:00 2001 From: Max Goedjen Date: Sat, 25 Oct 2025 12:41:09 -0700 Subject: [PATCH 2/2] Disable enhanced security --- Sources/Secretive.xcodeproj/project.pbxproj | 12 ------------ Sources/Secretive/Secretive.entitlements | 10 ---------- 2 files changed, 22 deletions(-) diff --git a/Sources/Secretive.xcodeproj/project.pbxproj b/Sources/Secretive.xcodeproj/project.pbxproj index 89cb503..30f51f7 100644 --- a/Sources/Secretive.xcodeproj/project.pbxproj +++ b/Sources/Secretive.xcodeproj/project.pbxproj @@ -830,8 +830,6 @@ COPY_PHASE_STRIP = NO; DEAD_CODE_STRIPPING = YES; DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_ENHANCED_SECURITY = YES; - ENABLE_POINTER_AUTHENTICATION = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; @@ -906,9 +904,7 @@ COPY_PHASE_STRIP = NO; DEAD_CODE_STRIPPING = YES; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_ENHANCED_SECURITY = YES; ENABLE_NS_ASSERTIONS = NO; - ENABLE_POINTER_AUTHENTICATION = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu11; @@ -949,11 +945,9 @@ DEVELOPMENT_ASSET_PATHS = "\"Secretive/Preview Content\""; DEVELOPMENT_TEAM = Z72PRUAWF6; ENABLE_APP_SANDBOX = YES; - ENABLE_ENHANCED_SECURITY = YES; ENABLE_HARDENED_RUNTIME = YES; ENABLE_INCOMING_NETWORK_CONNECTIONS = NO; ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO; - ENABLE_POINTER_AUTHENTICATION = YES; ENABLE_PREVIEWS = YES; ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO; ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO; @@ -989,11 +983,9 @@ DEVELOPMENT_ASSET_PATHS = "\"Secretive/Preview Content\""; DEVELOPMENT_TEAM = Z72PRUAWF6; ENABLE_APP_SANDBOX = YES; - ENABLE_ENHANCED_SECURITY = YES; ENABLE_HARDENED_RUNTIME = YES; ENABLE_INCOMING_NETWORK_CONNECTIONS = NO; ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO; - ENABLE_POINTER_AUTHENTICATION = YES; ENABLE_PREVIEWS = YES; ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO; ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO; @@ -1274,8 +1266,6 @@ COPY_PHASE_STRIP = NO; DEAD_CODE_STRIPPING = YES; DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_ENHANCED_SECURITY = YES; - ENABLE_POINTER_AUTHENTICATION = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; @@ -1322,11 +1312,9 @@ DEAD_CODE_STRIPPING = YES; DEVELOPMENT_ASSET_PATHS = "\"Secretive/Preview Content\""; ENABLE_APP_SANDBOX = YES; - ENABLE_ENHANCED_SECURITY = YES; ENABLE_HARDENED_RUNTIME = NO; ENABLE_INCOMING_NETWORK_CONNECTIONS = NO; ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO; - ENABLE_POINTER_AUTHENTICATION = YES; ENABLE_PREVIEWS = YES; ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO; ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO; diff --git a/Sources/Secretive/Secretive.entitlements b/Sources/Secretive/Secretive.entitlements index ab2c42b..c9423c4 100644 --- a/Sources/Secretive/Secretive.entitlements +++ b/Sources/Secretive/Secretive.entitlements @@ -2,16 +2,6 @@ - com.apple.security.hardened-process - - com.apple.security.hardened-process.dyld-ro - - com.apple.security.hardened-process.enhanced-security-version - 1 - com.apple.security.hardened-process.hardened-heap - - com.apple.security.hardened-process.platform-restrictions - 2 com.apple.security.smartcard keychain-access-groups