AppSandbox

apple_bundle::entitlements::security

Struct AppSandbox 

Source 
pub struct AppSandbox {
Show 22 fields
    pub app_sandbox: Option<bool>,
    pub security_network_server: Option<bool>,
    pub security_network_client: Option<bool>,
    pub camera: Option<bool>,
    pub device_microphone: Option<bool>,
    pub device_usb: Option<bool>,
    pub print: Option<bool>,
    pub bluetooth: Option<bool>,
    pub address_book: Option<bool>,
    pub location: Option<bool>,
    pub calendars: Option<bool>,
    pub files_user_selected_read_only: Option<bool>,
    pub files_user_selected_read_write: Option<bool>,
    pub files_downloads_read_only: Option<bool>,
    pub files_downloads_read_write: Option<bool>,
    pub assets_pictures_read_only: Option<bool>,
    pub assets_pictures_read_write: Option<bool>,
    pub assets_music_read_only: Option<bool>,
    pub assets_music_read_write: Option<bool>,
    pub assets_movies_read_only: Option<bool>,
    pub assets_movies_read_write: Option<bool>,
    pub all_files: Option<bool>,

}
Expand description

App Sandbox

Fields§

§app_sandbox: Option<bool>

A Boolean value that indicates whether the app may use access control technology to contain damage to the system and user data if an app is compromised.

To add this entitlement to your app, enable the App Sandbox capability in Xcode.

§Availability

  • macOS 10.7+

§Framework

  • Security
§security_network_server: Option<bool>

A Boolean value indicating whether your app may listen for incoming network connections.

Use this key to allow other computers to initiate network connections to your sandboxed app.

§Note

For TCP sockets, the com.apple.security.network.server and com.apple.security.network.client entitlements restrict only the initiation of a network connection, not the flow of data. Outgoing and incoming connections can both send and receive data.

For UDP sockets, the network entitlements restrict both initiation and data flow. For example, an app with only the server entitlement enabled can receive, but not send, data. Apps using UDP usually require both entitlements.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Network, select Incoming Connections (Server).

§Availability

  • macOS 10.7+

§Framework

  • Security
§security_network_client: Option<bool>

A Boolean value indicating whether your app may open outgoing network connections.

Use this key to allow your sandboxed app to connect to a server process running on another machine, or on the same machine.

§Note

For TCP sockets, the com.apple.security.network.client and com.apple.security.network.server entitlements restrict only the initiation of a network connection, not the flow of data. Outgoing and incoming connections can both send and receive data.

For UDP sockets, the network entitlements restrict both initiation and data flow. For example, an app with only the client entitlement enabled can send, but not receive, data. Apps using UDP usually require both entitlements.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Network, select Outgoing Connections (Client).

§Availability

  • macOS 10.7+

§Framework

  • Security
§camera: Option<bool>

A Boolean value that indicates whether the app may capture movies and still images using the built-in camera.

To add this entitlement to your app, first enable the App Sandbox or Hardened Runtime capability in Xcode, and then select Camera.

In macOS 10.14 and later, the user must explicitly grant permission for each app to access cameras. See Requesting Authorization for Media Capture on macOS.

§Availability

  • macOS 10.7+

§Framework

  • Security
§device_microphone: Option<bool>

A Boolean value that indicates whether the app may use the microphone.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and under Hardware select Audio Input.

§Availability

  • macOS 10.7+

§Framework

  • Security
§device_usb: Option<bool>

A Boolean value indicating whether your app may interact with USB devices.

Use this key to allow your sandboxed app to interact with USB devices through USB device access APIs.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Hardware, select USB.

§Availability

  • macOS 10.7+

§Framework

  • Security
§print: Option<bool>

A Boolean value indicating whether your app may print a document.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Hardware, select Printing.

§Availability

  • macOS 10.7+

§Framework

  • Security
§bluetooth: Option<bool>

A Boolean value indicating whether your app may interact with Bluetooth devices.

To add this entitlement to your app, enable the App Sandbox capability in Xcode, and under Hardware, select Bluetooth.

§Availability

  • macOS 10.7+

§Framework

  • Security
§address_book: Option<bool>

A Boolean value that indicates whether the app may have read-write access to contacts in the user’s address book.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and then select Contacts, or enable the Hardened Runtime capability and then select Address Book.

§Availability

  • macOS 10.7+

§Framework

  • Security
§location: Option<bool>

A Boolean value that indicates whether the app may access location information from Location Services.

To add this entitlement to your app, first enable the App Sandbox or Hardened Runtime capability in Xcode, and then select Location.

§Availability

  • macOS 10.7+

§Framework

  • Security
§calendars: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the user’s calendar.

To add this entitlement to your app, first enable the App Sandbox or Hardened Runtime capability in Xcode, and then select Calendar.

§Availability

  • macOS 10.7+

§Framework

  • Security
§files_user_selected_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to files the user has selected using an Open or Save dialog.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set User Selected File to Read Only.

§Availability

  • macOS 10.7+

§Framework

  • Security
§files_user_selected_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to files the user has selected using an Open or Save dialog.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set User Selected File to Read/Write.

§Availability

  • macOS 10.7+

§Framework

  • Security
§files_downloads_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to the Downloads folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Downloads Folder to Read Only.

§Availability

  • macOS 10.7+

§Framework

  • Security
§files_downloads_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the Downloads folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Downloads Folder to Read/Write.

§Availability

  • macOS 10.7+

§Framework

  • Security
§assets_pictures_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to the Pictures folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Pictures Folder to Read Only.

§Availability

  • macOS 10.7+

§Framework

  • Security
§assets_pictures_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the Pictures folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Pictures Folder to Read/Write.

§Availability

  • macOS 10.7+

§Framework

  • Security
§assets_music_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to the Music folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Music Folder to Read Only.

§Availability

  • macOS 10.7+

§Framework

  • Security
§assets_music_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the Music folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Music Folder to Read/Write.

§Availability

  • macOS 10.7+

§Framework

  • Security
§assets_movies_read_only: Option<bool>

A Boolean value that indicates whether the app may have read-only access to the Movies folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Movies Folder to Read Only.

§Availability

  • macOS 10.7+

§Framework

  • Security
§assets_movies_read_write: Option<bool>

A Boolean value that indicates whether the app may have read-write access to the Movies folder.

To add this entitlement to your app, enable the App Sandbox capability in Xcode and set Movies Folder to Read/Write.

§Availability

  • macOS 10.7+

§Framework

  • Security
§all_files: Option<bool>
👎Deprecated since macOS 10.7-10.11

A Boolean value that indicates whether the app may have access to all files.

§Availability

  • macOS 10.7–10.11

§Framework

  • Security

Trait Implementations§

Source§

impl Clone for AppSandbox

Source§

fn clone(&self) -> AppSandbox

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AppSandbox

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for AppSandbox

Source§

fn default() -> AppSandbox

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for AppSandbox

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for AppSandbox

Source§

fn eq(&self, other: &AppSandbox) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for AppSandbox

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Eq for AppSandbox

Source§

impl StructuralPartialEq for AppSandbox

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,