Thanks! I’m new to the entitlements being used for sandboxed Mac apps.
Per Apple feedback, Mac Store apps should only have the minimum set of entitlements necessary for it to function properly. I could find examples where this is used: com.apple.security.files.user-selected.read-write (user selects where to put on their machine). But, with com.apple.security.files.downloads.read-write, I think the data is read/written only to download (vs. pictures, movies or music). From,
codesign --display --entitlements :- /Applications/Rocket.Chat.app
I can see that these are both in the live RocketChat desktop app that I download from the Mac store. Just trying to understand where/how com.apple.security.files.downloads.read-write is used. I thought it might be part of admin functionality, but couldn’t see anything.