diff options
Diffstat (limited to 'desktop/package/Entitlements.plist')
-rw-r--r-- | desktop/package/Entitlements.plist | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/desktop/package/Entitlements.plist b/desktop/package/Entitlements.plist new file mode 100644 index 00000000..8c5c4268 --- /dev/null +++ b/desktop/package/Entitlements.plist @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <!-- Disable app sandbox :( --> + <key>com.apple.security.app-sandbox</key> + <false/> + + <!-- Required for running PyInstaller python code with hardened runtime --> + <key>com.apple.security.cs.allow-unsigned-executable-memory</key> + <true/> + + <!-- Both OnionShare and Tor need network server and client --> + <key>com.apple.security.network.server</key> + <true/> + <key>com.apple.security.network.client</key> + <true/> + + <!-- In share mode, users need to be able to select files, and in receive mode, + users need to be able to choose a folder to save files to --> + <key>com.apple.security.files.user-selected.read-write</key> + <true/> + + <!-- Flask needs to read this mime.types file when starting an HTTP server --> + <key>com.apple.security.temporary-exception.files.absolute-path.read-only</key> + <array> + <string>/private/etc/apache2/mime.types</string> + </array> + + <!-- For OnionShare to be able to connect to Tor Browser's tor control port, + it needs to read it's control_auth_cookie file --> + <key>com.apple.security.temporary-exception.files.home-relative-path.read-only</key> + <array> + <string>/Library/Application Support/TorBrowser-Data/Tor/control_auth_cookie</string> + </array> + + <!-- In receive mode, OnionShare needs to be able to write to ~/OnionShare --> + <key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key> + <array> + <string>/OnionShare/</string> + </array> +</dict> +</plist> |