I’m trying to understand in the Electron implementation, where this entitlement is used:
<key>com.apple.security.files.downloads.read-write</key>
in the app? There is also this one which seems similar:
<key>com.apple.security.files.user-selected.read-write</key>
These occur in /RocketChat/Rocket.Chat.Electron/build/entitlements.mas.plist.
Thanks!
https://www.electron.build/configuration/mas
More than that I have no idea!!
Thanks! I’m new to the entitlements being used for sandboxed Mac apps.
Per Apple feedback, Mac Store apps should only have the minimum set of entitlements necessary for it to function properly. I could find examples where this is used: com.apple.security.files.user-selected.read-write (user selects where to put on their machine). But, with com.apple.security.files.downloads.read-write, I think the data is read/written only to download (vs. pictures, movies or music). From,
codesign --display --entitlements :- /Applications/Rocket.Chat.app
I can see that these are both in the live RocketChat desktop app that I download from the Mac store. Just trying to understand where/how com.apple.security.files.downloads.read-write is used. I thought it might be part of admin functionality, but couldn’t see anything.
I found this auto update feature: Auto update when new version is released by alexbrazier · Pull Request #411 · RocketChat/Rocket.Chat.Electron · GitHub . I was thinking that this may be what the entitlement
<key>com.apple.security.files.downloads.read-write</key>
is used for because the user would be downloading without user selecting the location.
Cool!
Glad you got it sorted.