annotate deploy/osx/Entitlements.plist @ 2265:d33dff02b39b sandbox-notarize

Work on sandboxing (possibly) and using the hardened runtime for notarization. Supply appropriate bundle ID for helpers as well as main application, and request inherited sandbox entitlements. Currently works with sandboxing (apparently) but not yet with the hardened runtime, where we can't load plugins signed by third parties even with the com.apple.security.cs.disable-library-validation entitlement because their team IDs don't match the host. Possibly that exception is supposed to be requested some other way?
author Chris Cannam
date Thu, 25 Apr 2019 16:46:02 +0100
parents
children
rev   line source
Chris@2265 1 <?xml version="1.0" encoding="utf-8"?>
Chris@2265 2 <plist version="1.0">
Chris@2265 3 <dict>
Chris@2265 4
Chris@2265 5 <key>com.apple.security.app-sandbox</key>
Chris@2265 6 <true/>
Chris@2265 7
Chris@2265 8 <key>com.apple.security.files.user-selected.read-write</key>
Chris@2265 9 <true/>
Chris@2265 10
Chris@2265 11 <!-- to load plugins signed by other authorities: -->
Chris@2265 12 <key>com.apple.security.cs.disable-library-validation</key>
Chris@2265 13 <true/>
Chris@2265 14
Chris@2265 15 <key>com.apple.security.device.microphone</key>
Chris@2265 16 <true/>
Chris@2265 17
Chris@2265 18 <key>com.apple.security.network.client</key>
Chris@2265 19 <true/>
Chris@2265 20
Chris@2265 21 <!-- for osc server: -->
Chris@2265 22 <key>com.apple.security.network.server</key>
Chris@2265 23 <true/>
Chris@2265 24
Chris@2265 25 </dict>
Chris@2265 26 </plist>