Are there any more you add personally?
I toyed with the idea of adding: <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> but I think this has to do with JIT, and I don’t think it applies to me.
My plugin is just a simple distortion type of plugin.
In general, you should not need to add entitlements to your generic effects plug-in, unless you are doing something special like hosting another dynamic library (such as a plug-in).
Many of the runtime exceptions you have listed are only applicable if you have enabled “hardened runtime”, which you might need to do if you were making an app. The exceptions would loosen the restrictions of the hardened runtime.
Learn more about entitlements here:
One area that you could look into would be making your plug-in “Sandbox safe” for GarageBand.
Adding entitlements just for fun doesn’t make much sense. You should only add those you actually need for some feature. If your plugin works, why would you want to add further entitlements? You’ll notice that some entitlement is missing when a feature you build doesn’t work because of it.
For one of the plugin formats mention in my OP, there is specific mention of those entitlements in the documentation. I’ve not added those I mentioned, except com.apple.security.cs.disable-library-validation which I am now reviewing.
I don’t want to add entitlements for fun because I’m aware that perhaps the plugin could be open to security risks.
I’m not very experienced in this area of Mac OS distribution, which is why I appreciate you guys inputting.
