From 4233fb949059826b51374e7fc5d55dd3408cd79f Mon Sep 17 00:00:00 2001
From: Jamil <jamilbk@users.noreply.github.com>
Date: Wed, 4 Dec 2024 11:11:40 -0800
Subject: [PATCH] fix(apple/macos): Add app sandbox and entitlements to network
 extension (#7455)

Apple
[requires](https://github.com/firezone/firezone/actions/runs/12161693820/job/33916881718)
network extensions on macOS to be sandboxed. Given this requirement, we
must explicitly allow both the `com.apple.security.network.client` and
`com.apple.security.network.security` entitlements for making outbound
network requests and for opening sockets respectively.
---
 .../FirezoneNetworkExtension.entitlements                   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/swift/apple/FirezoneNetworkExtension/FirezoneNetworkExtension.entitlements b/swift/apple/FirezoneNetworkExtension/FirezoneNetworkExtension.entitlements
index 122fe59bc..754f9edf6 100644
--- a/swift/apple/FirezoneNetworkExtension/FirezoneNetworkExtension.entitlements
+++ b/swift/apple/FirezoneNetworkExtension/FirezoneNetworkExtension.entitlements
@@ -10,5 +10,11 @@
 	<array>
 		<string>$(APP_GROUP_ID)</string>
 	</array>
+  <key>com.apple.security.app-sandbox</key>
+  <true/>
+  <key>com.apple.security.network.client</key>
+  <true/>
+  <key>com.apple.security.network.server</key>
+  <true/>
 </dict>
 </plist>