App Sandbox

Manages access to system resources and user data for macOS apps to contain damage if an app becomes compromised.

Topics

First Steps

App Sandbox Entitlement

A Boolean value that indicates whether the app may use access control technology to contain damage to the system and user data if an app is compromised.

Key: com.apple.security.app-sandbox

Network

com.apple.security.network.client

A Boolean value indicating whether your app may open outgoing network connections.

com.apple.security.network.server

A Boolean value indicating whether your app may listen for incoming network connections.

Hardware

com.apple.security.device.bluetooth

A Boolean value indicating whether your app may interact with Bluetooth devices.

Camera Entitlement

A Boolean value that indicates whether the app may capture movies and still images using the built-in camera.

Key: com.apple.security.device.camera
com.apple.security.device.microphone

A Boolean value that indicates whether the app may use the microphone.

com.apple.security.device.print

A Boolean value indicating whether your app may print a document.

com.apple.security.device.usb

A Boolean value indicating whether your app may interact with USB devices.

App Data

Address Book Entitlement

A Boolean value that indicates whether the app may have read-write access to contacts in the user's address book.

Key: com.apple.security.personal-information.addressbook
Calendars Entitlement

A Boolean value that indicates whether the app may have read-write access to the user's calendar.

Key: com.apple.security.personal-information.calendars
Location Entitlement

A Boolean value that indicates whether the app may access location information from Location Services.

Key: com.apple.security.personal-information.location

File Access

com.apple.security.assets.movies.read-only

A Boolean value that indicates whether the app may have read-only access to the Movies folder.

com.apple.security.assets.movies.read-write

A Boolean value that indicates whether the app may have read-write access to the Movies folder.

com.apple.security.assets.music.read-only

A Boolean value that indicates whether the app may have read-only access to the Music folder.

com.apple.security.assets.music.read-write

A Boolean value that indicates whether the app may have read-write access to the Music folder.

com.apple.security.assets.pictures.read-only

A Boolean value that indicates whether the app may have read-only access to the Pictures folder.

com.apple.security.assets.pictures.read-write

A Boolean value that indicates whether the app may have read-write access to the Pictures folder.

All Files Entitlement

A Boolean value that indicates whether the app may have access to all files.

Key: com.apple.security.files.all
Deprecated
com.apple.security.files.downloads.read-only

A Boolean value that indicates whether the app may have read-only access to the Downloads folder.

com.apple.security.files.downloads.read-write

A Boolean value that indicates whether the app may have read-write access to the Downloads folder.

com.apple.security.files.user-selected.read-only

A Boolean value that indicates whether the app may have read-only access to files the user has selected using an Open or Save dialog.

com.apple.security.files.user-selected.read-write

A Boolean value that indicates whether the app may have read-write access to files the user has selected using an Open or Save dialog.