App Sandbox Entitlements

Manage access to system resources and user data in macOS apps to contain damage if an app becomes compromised.

Overview

App Sandbox provides protection to system resources and user data by limiting your app's access to resources requested through entitlements.

Topics

First Steps

App Sandbox Entitlement

A Boolean value that indicates whether the app may use access control technology to contain damage to the system and user data if an app is compromised.

Key: com.apple.security.app-sandbox

Network

com.apple.security.network.server

A Boolean value indicating whether your app may listen for incoming network connections.

com.apple.security.network.client

A Boolean value indicating whether your app may open outgoing network connections.

Hardware

Camera Entitlement

A Boolean value that indicates whether the app may capture movies and still images using the built-in camera.

Key: com.apple.security.device.camera
com.apple.security.device.microphone

A Boolean value that indicates whether the app may use the microphone.

com.apple.security.device.usb

A Boolean value indicating whether your app may interact with USB devices.

com.apple.security.device.print

A Boolean value indicating whether your app may print a document.

com.apple.security.device.bluetooth

A Boolean value indicating whether your app may interact with Bluetooth devices.

App Data

Address Book Entitlement

A Boolean value that indicates whether the app may have read-write access to contacts in the user's address book.

Key: com.apple.security.personal-information.addressbook
Location Entitlement

A Boolean value that indicates whether the app may access location information from Location Services.

Key: com.apple.security.personal-information.location
Calendars Entitlement

A Boolean value that indicates whether the app may have read-write access to the user's calendar.

Key: com.apple.security.personal-information.calendars

File Access

com.apple.security.files.user-selected.read-only

A Boolean value that indicates whether the app may have read-only access to files the user has selected using an Open or Save dialog.

com.apple.security.files.user-selected.read-write

A Boolean value that indicates whether the app may have read-write access to files the user has selected using an Open or Save dialog.

com.apple.security.files.downloads.read-only

A Boolean value that indicates whether the app may have read-only access to the Downloads folder.

com.apple.security.files.downloads.read-write

A Boolean value that indicates whether the app may have read-write access to the Downloads folder.

com.apple.security.assets.pictures.read-only

A Boolean value that indicates whether the app may have read-only access to the Pictures folder.

com.apple.security.assets.pictures.read-write

A Boolean value that indicates whether the app may have read-write access to the Pictures folder.

com.apple.security.assets.music.read-only

A Boolean value that indicates whether the app may have read-only access to the Music folder.

com.apple.security.assets.music.read-write

A Boolean value that indicates whether the app may have read-write access to the Music folder.

com.apple.security.assets.movies.read-only

A Boolean value that indicates whether the app may have read-only access to the Movies folder.

com.apple.security.assets.movies.read-write

A Boolean value that indicates whether the app may have read-write access to the Movies folder.

All Files Entitlement

A Boolean value that indicates whether the app may have access to all files.

Key: com.apple.security.files.all
Deprecated

See Also

Secure Code

Code Signing Services

Examine and validate signed code running on the system.

Notarizing macOS Software Before Distribution

Give users even more confidence in your macOS software by submitting it to Apple for notarization.

Preparing Your App to Work with Pointer Authentication

Test your app against the arm64e architecture to ensure that it works seamlessly with enhanced security features.

Hardened Runtime Entitlements

Manage security protections and resource access for your macOS apps.