macOS: sandbox application

This commit enables App Sandbox for Jami on macOS.

Folders Migrated:
- App data(accounts, ect)
- Jami cache
- Sparkle cache

Entitlements:
- Access to Movies folder (default recording location)
- Access to Downloads folder (default download location)
- Access to Pictures folder (default screenshots location)
- Camera, microphone, network client/server
- User-selected files

User Impact:
- User preferences will be reset to defaults (theme,
 notifications, download locations)
- Download folder "~/Library/Containers/.../Data/Downloads",
 files will be accessible in "~/Downloads"
- Screenshots folder is "~/Library/Containers/.../Data/Pictures",
files will be accessible in  "~/Pictures"

Change-Id: I5af4e88fc54e0942ad8d4ba53c8bd2f7324d550a

CMakeLists.txt

@@ -991,6 +991,14 @@ else()
     set_target_properties(${PROJECT_NAME} PROPERTIES
           XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/resources/entitlements/appstore/Jami.entitlements")
   else()
+    # Include container-migration.plist in the Resources directory of the app bundle
+    set_source_files_properties("${CMAKE_CURRENT_SOURCE_DIR}/resources/container-migration.plist" PROPERTIES
+      MACOSX_PACKAGE_LOCATION "Resources"
+    )
+    # Add container-migration.plist to the target
+    target_sources(${PROJECT_NAME} PRIVATE
+      "${CMAKE_CURRENT_SOURCE_DIR}/resources/container-migration.plist"
+    )
     set_target_properties(${PROJECT_NAME} PROPERTIES
           SPARKLE_URL "${SPARKLE_URL}"
           SPARKLE_PUBLIC_KEY "${SPARKLE_PUBLIC_KEY}"

resources/Info.plist

@@ -28,6 +28,8 @@
 	<string>${SPARKLE_PUBLIC_KEY}</string>
 	<key>SUFeedURL</key>
 	<string>${SPARKLE_URL}</string>
+	<key>SUEnableInstallerLauncherService</key>
+	<true/>
 	<key>NSPrincipalClass</key>
 	<string>NSApplication</string>
 	<key>NSCameraUsageDescription</key>

resources/container-migration.plist

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>Move</key>
+    <array>
+        <string>${ApplicationSupport}/jami</string>
+        <string>${Caches}/cx.ring</string>
+        <string>${Caches}/jami</string>
+    </array>
+</dict>
+</plist>

resources/entitlements/Jami.entitlements

@@ -2,15 +2,34 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
 	<key>com.apple.security.device.camera</key>
 	<true/>
+	<key>com.apple.security.device.microphone</key>
+	<true/>
 	<key>com.apple.security.device.audio-input</key>
 	<true/>
 	<key>com.apple.security.files.user-selected.read-write</key>
 	<true/>
+	<key>com.apple.security.assets.movies.read-write</key>
+	<true/>
+	<key>com.apple.security.files.downloads.read-write</key>
+	<true/>
+	<key>com.apple.security.assets.pictures.read-write</key>
+	<true/>
+	<key>com.apple.security.network.client</key>
+	<true/>
+	<key>com.apple.security.network.server</key>
+	<true/>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
 	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
 	<true/>
+	<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
+	<array>
+		<string>cx.ring-spks</string>
+		<string>cx.ring-spki</string>
+	</array>
 </dict>
 </plist>