Struct apple_bundle::entitlements::security::AppSandbox[−][src]

pub struct AppSandbox {Show fields
    pub app_sandbox: Option<bool>,
    pub security_network_server: Option<bool>,
    pub security_network_client: Option<bool>,
    pub camera: Option<bool>,
    pub device_microphone: Option<bool>,
    pub device_usb: Option<bool>,
    pub print: Option<bool>,
    pub bluetooth: Option<bool>,
    pub address_book: Option<bool>,
    pub location: Option<bool>,
    pub calendars: Option<bool>,
    pub files_user_selected_read_only: Option<bool>,
    pub files_user_selected_read_write: Option<bool>,
    pub files_downloads_read_only: Option<bool>,
    pub files_downloads_read_write: Option<bool>,
    pub assets_pictures_read_only: Option<bool>,
    pub assets_pictures_read_write: Option<bool>,
    pub assets_music_read_only: Option<bool>,
    pub assets_music_read_write: Option<bool>,
    pub assets_movies_read_only: Option<bool>,
    pub assets_movies_read_write: Option<bool>,
    pub all_files: Option<bool>,
}

Expand description

App Sandbox

Fields

app_sandbox: Option<bool>

A Boolean value that indicates whether the app may use access control technology to contain damage to the system and user data if an app is compromised.

To add this entitlement to your app, enable the App Sandbox capability in Xcode.

Framework

Security

security_network_server: Option<bool>

A Boolean value indicating whether your app may listen for incoming network connections.

Use this key to allow other computers to initiate network connections to your sandboxed app.

For TCP sockets, the com.apple.security.network.server and com.apple.security.network.client entitlements restrict only the initiation of a network connection, not the flow of data. Outgoing and incoming connections can both send and receive data.

For UDP sockets, the network entitlements restrict both initiation and data flow. For example, an app with only the server entitlement enabled can receive, but not send, data. Apps using UDP usually require both entitlements.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Network, select Incoming Connections (Server).

Availability

macOS 10.7+

Framework

Security

security_network_client: Option<bool>

A Boolean value indicating whether your app may open outgoing network connections.

Use this key to allow your sandboxed app to connect to a server process running on another machine, or on the same machine.

Note

For TCP sockets, the com.apple.security.network.client and com.apple.security.network.server entitlements restrict only the initiation of a network connection, not the flow of data. Outgoing and incoming connections can both send and receive data.

For UDP sockets, the network entitlements restrict both initiation and data flow. For example, an app with only the client entitlement enabled can send, but not receive, data. Apps using UDP usually require both entitlements.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Network, select Outgoing Connections (Client).

Availability

macOS 10.7+

Framework

Security

camera: Option<bool>

A Boolean value that indicates whether the app may capture movies and still images using the built-in camera.

To add this entitlement to your app, first enable the App Sandbox or Hardened Runtime capability in Xcode, and then select Camera.

In macOS 10.14 and later, the user must explicitly grant permission for each app to access cameras. See Requesting Authorization for Media Capture on macOS.

Availability

macOS 10.7+

Framework

Security

device_microphone: Option<bool>

A Boolean value that indicates whether the app may use the microphone.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and under Hardware select Audio Input.

Availability

macOS 10.7+

Framework

Security

device_usb: Option<bool>

A Boolean value indicating whether your app may interact with USB devices.

Use this key to allow your sandboxed app to interact with USB devices through USB device access APIs.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Hardware, select USB.

Availability

macOS 10.7+

Framework

Security

print: Option<bool>

A Boolean value indicating whether your app may print a document.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Hardware, select Printing.

Availability

macOS 10.7+

Framework

Security

bluetooth: Option<bool>

A Boolean value indicating whether your app may interact with Bluetooth devices.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Hardware, select Bluetooth.

Availability

macOS 10.7+

Framework

Security

address_book: Option<bool>

A Boolean value that indicates whether the app may have read-write access to contacts in the user’s address book.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and then select Contacts, or enable the Hardened Runtime capability and then select Address Book.

Availability

macOS 10.7+

Framework

Security

location: Option<bool>

A Boolean value that indicates whether the app may access location information from Location Services.

To add this entitlement to your app, first enable the App Sandbox or Hardened Runtime capability in Xcode, and then select Location.

Availability

macOS 10.7+

Framework

Security

calendars: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the user’s calendar.

To add this entitlement to your app, first enable the App Sandbox or Hardened Runtime capability in Xcode, and then select Calendar.

Availability

macOS 10.7+

Framework

Security

files_user_selected_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to files the user has selected using an Open or Save dialog.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set User Selected File to Read Only.

Availability

macOS 10.7+

Framework

Security

files_user_selected_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to files the user has selected using an Open or Save dialog.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set User Selected File to Read/Write.

Availability

macOS 10.7+

Framework

Security

files_downloads_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to the Downloads folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Downloads Folder to Read Only.

Availability

macOS 10.7+

Framework

Security

files_downloads_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the Downloads folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Downloads Folder to Read/Write.

Availability

macOS 10.7+

Framework

Security

assets_pictures_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to the Pictures folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Pictures Folder to Read Only.

Availability

macOS 10.7+

Framework

Security

assets_pictures_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the Pictures folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Pictures Folder to Read/Write.

Availability

macOS 10.7+

Framework

Security

assets_music_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to the Music folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Music Folder to Read Only.

Availability

macOS 10.7+

Framework

Security

assets_music_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the Music folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Music Folder to Read/Write.

Availability

macOS 10.7+

Framework

Security

assets_movies_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to the Movies folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Movies Folder to Read Only.

Availability

macOS 10.7+

Framework

Security

assets_movies_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the Movies folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Movies Folder to Read/Write.

Availability

macOS 10.7+

Framework

Security

all_files: Option<bool>

👎 Deprecated since macOS 10.7–10.11

A Boolean value that indicates whether the app may have access to all files.

Availability

macOS 10.7–10.11

Framework

Security

Trait Implementations

impl Clone for AppSandbox[src]

fn clone(&self) -> AppSandbox[src]

Returns a copy of the value. Read more

fn clone_from(&mut self, source: &Self)1.0.0 [src]

Performs copy-assignment from source. Read more

impl Debug for AppSandbox[src]

fn fmt(&self, f: &mut Formatter<'_>) -> Result[src]

Formats the value using the given formatter. Read more

impl Default for AppSandbox[src]

fn default() -> AppSandbox[src]

Returns the “default value” for a type. Read more

impl<'de> Deserialize<'de> for AppSandbox[src]

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>,

[src]

Deserialize this value from the given Serde deserializer. Read more

impl PartialEq<AppSandbox> for AppSandbox[src]

fn eq(&self, other: &AppSandbox) -> bool[src]

This method tests for self and other values to be equal, and is used by ==. Read more

fn ne(&self, other: &AppSandbox) -> bool[src]

This method tests for !=.

impl Serialize for AppSandbox[src]

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer,

[src]

Serialize this value into the given Serde serializer. Read more

impl StructuralPartialEq for AppSandbox[src]

Auto Trait Implementations

impl RefUnwindSafe for AppSandbox

impl Send for AppSandbox

impl Sync for AppSandbox

impl Unpin for AppSandbox

impl UnwindSafe for AppSandbox

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized,

[src]

pub fn type_id(&self) -> TypeId[src]

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
    T: ?Sized,

[src]

pub fn borrow(&self) -> &T[src]

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
    T: ?Sized,

[src]

pub fn borrow_mut(&mut self) -> &mut T[src]

Mutably borrows from an owned value. Read more

impl<T> From<T> for T[src]

pub fn from(t: T) -> T[src]

Performs the conversion.

impl<T, U> Into<U> for T where
    U: From<T>,

[src]

pub fn into(self) -> U[src]

Performs the conversion.

impl<T> ToOwned for T where
    T: Clone,

[src]

type Owned = T

The resulting type after obtaining ownership.

pub fn to_owned(&self) -> T[src]

Creates owned data from borrowed data, usually by cloning. Read more

pub fn clone_into(&self, target: &mut T)[src]

🔬 This is a nightly-only experimental API. (toowned_clone_into)

recently added

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T where
    U: Into<T>,

[src]

type Error = Infallible

The type returned in the event of a conversion error.

pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]

Performs the conversion.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>,

[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

pub fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>[src]

Performs the conversion.

impl<T> DeserializeOwned for T where
    T: for<'de> Deserialize<'de>,

[src]