From e2557293dd4241369dcce7ad08f46b2e4997568b Mon Sep 17 00:00:00 2001 From: Kateryna Kostiuk Date: Tue, 19 Nov 2024 13:11:45 -0500 Subject: [PATCH] macOS: sandbox application This commit enables App Sandbox for Jami on macOS. Folders Migrated: - App data(accounts, ect) - Jami cache - Sparkle cache Entitlements: - Access to Movies folder (default recording location) - Access to Downloads folder (default download location) - Access to Pictures folder (default screenshots location) - Camera, microphone, network client/server - User-selected files User Impact: - User preferences will be reset to defaults (theme, notifications, download locations) - Download folder "~/Library/Containers/.../Data/Downloads", files will be accessible in "~/Downloads" - Screenshots folder is "~/Library/Containers/.../Data/Pictures", files will be accessible in "~/Pictures" Change-Id: I5af4e88fc54e0942ad8d4ba53c8bd2f7324d550a --- CMakeLists.txt | 8 ++++++++ resources/Info.plist | 2 ++ resources/container-migration.plist | 12 ++++++++++++ resources/entitlements/Jami.entitlements | 19 +++++++++++++++++++ 4 files changed, 41 insertions(+) create mode 100644 resources/container-migration.plist diff --git a/CMakeLists.txt b/CMakeLists.txt index bf6012ec6..c046b597a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -991,6 +991,14 @@ else() set_target_properties(${PROJECT_NAME} PROPERTIES XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/resources/entitlements/appstore/Jami.entitlements") else() + # Include container-migration.plist in the Resources directory of the app bundle + set_source_files_properties("${CMAKE_CURRENT_SOURCE_DIR}/resources/container-migration.plist" PROPERTIES + MACOSX_PACKAGE_LOCATION "Resources" + ) + # Add container-migration.plist to the target + target_sources(${PROJECT_NAME} PRIVATE + "${CMAKE_CURRENT_SOURCE_DIR}/resources/container-migration.plist" + ) set_target_properties(${PROJECT_NAME} PROPERTIES SPARKLE_URL "${SPARKLE_URL}" SPARKLE_PUBLIC_KEY "${SPARKLE_PUBLIC_KEY}" diff --git a/resources/Info.plist b/resources/Info.plist index 6fac284b8..739b83f7f 100644 --- a/resources/Info.plist +++ b/resources/Info.plist @@ -28,6 +28,8 @@ ${SPARKLE_PUBLIC_KEY} SUFeedURL ${SPARKLE_URL} + SUEnableInstallerLauncherService + NSPrincipalClass NSApplication NSCameraUsageDescription diff --git a/resources/container-migration.plist b/resources/container-migration.plist new file mode 100644 index 000000000..10f6140ae --- /dev/null +++ b/resources/container-migration.plist @@ -0,0 +1,12 @@ + + + + + Move + + ${ApplicationSupport}/jami + ${Caches}/cx.ring + ${Caches}/jami + + + diff --git a/resources/entitlements/Jami.entitlements b/resources/entitlements/Jami.entitlements index 5c566afa1..25221b1d3 100644 --- a/resources/entitlements/Jami.entitlements +++ b/resources/entitlements/Jami.entitlements @@ -2,15 +2,34 @@ + com.apple.security.app-sandbox + com.apple.security.device.camera + com.apple.security.device.microphone + com.apple.security.device.audio-input com.apple.security.files.user-selected.read-write + com.apple.security.assets.movies.read-write + + com.apple.security.files.downloads.read-write + + com.apple.security.assets.pictures.read-write + + com.apple.security.network.client + + com.apple.security.network.server + com.apple.security.cs.allow-jit com.apple.security.cs.allow-unsigned-executable-memory + com.apple.security.temporary-exception.mach-lookup.global-name + + cx.ring-spks + cx.ring-spki +