diff options
-rw-r--r-- | install/macos_sandbox/parent.plist | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/install/macos_sandbox/parent.plist b/install/macos_sandbox/parent.plist index 35b4447c..3929abe9 100644 --- a/install/macos_sandbox/parent.plist +++ b/install/macos_sandbox/parent.plist @@ -2,32 +2,38 @@ <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> + <!-- Enable app sandbox --> <key>com.apple.security.app-sandbox</key> <true/> - <!-- Tor needs to network server and client, and OnionShare needs network client --> + + <!-- Both OnionShare and Tor need network server and client --> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.network.client</key> <true/> + <!-- In share mode, users need to be able to select files, and in receive mode, users need to be able to choose a folder to save files to --> <key>com.apple.security.files.user-selected.read-write</key> <true/> + <!-- Flask needs to read this mime.types file when starting an HTTP server --> <key>com.apple.security.temporary-exception.files.absolute-path.read-only</key> <array> <string>/private/etc/apache2/mime.types</string> </array> + <!-- For OnionShare to be able to connect to Tor Browser's tor control port, it needs to read it's control_auth_cookie file --> <key>com.apple.security.temporary-exception.files.home-relative-path.read-only</key> <array> <string>/Library/Application Support/TorBrowser-Data/Tor/control_auth_cookie</string> </array> + <!-- In receive mode, OnionShare needs to be able to write to ~/OnionShare --> <key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key> <array> - <string>/OnionShare</string> + <string>/OnionShare/</string> </array> </dict> </plist> |