From build-dev: https://mail.openjdk.java.net/pipermail/build-dev/2020-April/027322.html

---
Since upgrading to the hardened runtime version of the JDK, I can no longer access microphone input using the standard Java Sound API, only silence is captured when running my .jar file using the command line. While checking Console.app, I found that TCC is blocking microphone access in the background because of a missing entitlement:

Prompting policy for hardened runtime; service: kTCCServiceMicrophone requires entitlement com.apple.security.device.audio-input but it is missing for ACC:{ID: net.java.openjdk.cmd, PID[2161], auid: 501, euid: 501, binary path: '/Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/bin/java'}, REQ:{ID: com.apple.tccd, PID[154], auid: 0, euid: 0, binary path: '/System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/tccd'}
This causes microphone access to be blocked without any user action:

Policy disallows prompt for ACC:{ID: net.java.openjdk.cmd, PID[2161], auid: 501, euid: 501, binary path: '/Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/bin/java'}, REQ:{ID: com.apple.tccd, PID[154], auid: 0, euid: 0, binary path: '/System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/tccd'}; access to kTCCServiceMicrophone denied
This does not happen with file access: a dialog to provide access to "Documents" and "Downloads" appears when trying to access a file there.
---

We need to add some more entitlements to the java launcher. It seems these will only be needed for the main java launcher and none of the others. The same should also be added to the launcher jpackage bundles into jpackaged applications.

The question is which other entitlements may be needed.

https://developer.apple.com/documentation/security/hardened_runtime