I'm developing a macOS app with Python and PyInstaller, and I've hit a roadblock with microphone permissions. The app prompts for microphone access correctly when running unsigned. However, after signing with the hardened runtime option, the prompt no longer appears, and the app can't access the mic.
Here's what my setup looks like:
com.apple.security.device.microphone and com.apple.security.cs.allow-unsigned-executable-memorycodesign --deep --force --verify --timestamp --verbose --sign "Developer ID Application: [******]" --options=runtime --entitlements ./entitlements.plist main.app
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.device.microphone</key>
<true/>
</dict>
</plist>
Testing without the --options=runtime flag works perfectly - the mic prompt appears, and the log file is created. With the flag, neither the prompt nor the log file appears.
Has anyone faced a similar issue or can offer insight into why the hardened runtime option might be causing this? Any guidance or workaround to have the microphone permission prompt appear with hardened runtime enabled would be highly appreciated.
Thanks in advance for your help!
com.apple.security.device.microphone is a sandbox entitlement. For the hardened runtime entitlement, use com.apple.security.device.audio-input.
1