Add trailing slash to ~/OnionShare/ in entitlements file, so the sandbox knows it's a directory and not a file

1 files changed, 8 insertions, 2 deletions

diff --git a/install/macos_sandbox/parent.plist b/install/macos_sandbox/parent.plist
index 35b4447c..3929abe9 100644
--- a/install/macos_sandbox/parent.plist
+++ b/install/macos_sandbox/parent.plist
@@ -2,32 +2,38 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<!-- Enable app sandbox -->
 	<key>com.apple.security.app-sandbox</key>
 	<true/>
-	<!-- Tor needs to network server and client, and OnionShare needs network client -->
+
+	<!-- Both OnionShare and Tor need network server and client -->
 	<key>com.apple.security.network.server</key>
 	<true/>
 	<key>com.apple.security.network.client</key>
 	<true/>
+
 	<!-- In share mode, users need to be able to select files, and in receive mode,
        users need to be able to choose a folder to save files to -->
 	<key>com.apple.security.files.user-selected.read-write</key>
 	<true/>
+
 	<!-- Flask needs to read this mime.types file when starting an HTTP server -->
 	<key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
 	<array>
 		<string>/private/etc/apache2/mime.types</string>
 	</array>
+
 	<!-- For OnionShare to be able to connect to Tor Browser's tor control port,
 	     it needs to read it's control_auth_cookie file -->
 	<key>com.apple.security.temporary-exception.files.home-relative-path.read-only</key>
 	<array>
 		<string>/Library/Application Support/TorBrowser-Data/Tor/control_auth_cookie</string>
 	</array>
+
 	<!-- In receive mode, OnionShare needs to be able to write to ~/OnionShare -->
 	<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
 	<array>
-		<string>/OnionShare</string>
+		<string>/OnionShare/</string>
 	</array>
 </dict>
 </plist>