I’m trying to understand in the Electron implementation, where this entitlement is used:
<key>com.apple.security.files.downloads.read-write</key>
in the app? There is also this one which seems similar:
<key>com.apple.security.files.user-selected.read-write</key>
These occur in /RocketChat/Rocket.Chat.Electron/build/entitlements.mas.plist.
Thanks!
Thanks! I’m new to the entitlements being used for sandboxed Mac apps.
Per Apple feedback, Mac Store apps should only have the minimum set of entitlements necessary for it to function properly. I could find examples where this is used: com.apple.security.files.user-selected.read-write (user selects where to put on their machine). But, with com.apple.security.files.downloads.read-write, I think the data is read/written only to download (vs. pictures, movies or music). From,
codesign --display --entitlements :- /Applications/Rocket.Chat.app
I can see that these are both in the live RocketChat desktop app that I download from the Mac store. Just trying to understand where/how com.apple.security.files.downloads.read-write is used. I thought it might be part of admin functionality, but couldn’t see anything.
I found this auto update feature: Auto update when new version is released by alexbrazier · Pull Request #411 · RocketChat/Rocket.Chat.Electron · GitHub . I was thinking that this may be what the entitlement
<key>com.apple.security.files.downloads.read-write</key>
is used for because the user would be downloading without user selecting the location.
Cool!
Glad you got it sorted.