com.apple.security.device.camera missing entitlement crash on MacOS test builds

[jazzychad]

Problem Report

Describe the Issue

test builds for MacOS (https://openpnp.s3-us-west-2.amazonaws.com/index.html?prefix=test/ from at least the 2023-04-05 build onward) crash on launch with a missing com.apple.security.device.camera entitlement error.

Process:               JavaApplicationStub [39402]
Path:                  /Applications/OpenPnP/*/OpenPnP.app/Contents/MacOS/JavaApplicationStub
Identifier:            com.install4j.9204-4030-0867-1434.23
Version:               2023-05-11_14-45-53.2897bb9 (2023-05-11_14-45-53.2897bb9)
Code Type:             X86-64 (Translated)
Parent Process:        launchd [1]
User ID:               501

Date/Time:             2023-05-14 01:51:57.6312 -0700
OS Version:            macOS 12.3.1 (21E258)
Report Version:        12
Anonymous UUID:        1FD8E852-291D-2967-4EBF-582AAA909187


Time Awake Since Boot: 8900000 seconds

System Integrity Protection: enabled

Crashed Thread:        2  Dispatch queue: com.apple.root.default-qos

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace TCC, Code 0 
This app has crashed because it attempted to access privacy-sensitive data without a usage description. The app's Info.plist must contain an com.apple.security.device.camera key with a string value explaining to the user how the app uses this data.

This error description is kind of a red herring, because the app's Info.plist does include the NSCameraUsageDescription key and string, but it is missing the com.apple.security.device.camera boolean from the app's signed entitlements.

The app's current entitlements are:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>com.apple.security.cs.allow-jit</key>
		<true/>
		<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
		<true/>
		<key>com.apple.security.cs.disable-executable-page-protection</key>
		<true/>
		<key>com.apple.security.cs.disable-library-validation</key>
		<true/>
	</dict>
</plist>

The above output was found with the following command:
codesign -d --entitlements - --xml /path/to/OpenPnP.app

Steps to Reproduce

1. Download a test build for MacOS from the test releases (https://openpnp.s3-us-west-2.amazonaws.com/index.html?prefix=test/) from 2023-04-05 onward
2. Have a machine.xml configuration which has a machine that uses at least one real/live camera attached to the Mac
3. Observe crash

Expected Result

App to launch without missing entitlement crash

Actual Result

App crashed on launch due to missing entitlement

Notes, Log Files, Screen Captures, Videos, etc. to Show the Issue

Mac configuration:
iMac M1 (Apple Silicon)
MacOS 12.3.1

The full crash log could not be included in this issue due to 65536 character limit, but can be available upon request.

[jazzychad]

Interestingly, downloading the latest develop release from the openpnp.org homepage results in the following output from the codesigning util:

$ codesign -d --entitlements - --xml /Applications/OpenPnP/OpenPnP.app 
/Applications/OpenPnP/OpenPnP.app: code object is not signed at all

so, there is no code signing at all there

[jazzychad]

I have found a workaround, for anyone experiencing the same thing:

I am able to launch a test build of OpenPnP by starting it from Terminal:
$ ./OpenPnP.app/Contents/MacOS/JavaApplicationStub
b/c (for what seems like for some very insecure reason...) binaries that are run from Terminal inherit Terminal's entitlements (which include the camera entitlement)