Part of: #9941
Problem
Both FileProviderExt.appex and FileProviderUIExt.appex declare com.apple.security.network.server. This is confirmed in the release build via codesign.
This is unusual for extensions of these types:
- A file-syncing extension normally makes outbound connections only.
- A file-provider UI extension (showing action dialogs) has no obvious reason to listen on a port at all.
Apple reviewers will flag any network.server entitlement and request justification.
Affected files
shell_integration/MacOSX/FileProviderExt.entitlements.cmake (line 13)shell_integration/MacOSX/FileProviderUIExt.entitlements.cmake
Required change
Audit whether either extension truly listens on a TCP/UDP port. If all traffic is outbound (sync to server), remove network.server from both. If the File Provider extension uses it for local XPC or socket communication, replace it with the appropriate entitlement or eliminate the need altogether.
Part of: #9941
Problem
Both
FileProviderExt.appexandFileProviderUIExt.appexdeclarecom.apple.security.network.server. This is confirmed in the release build viacodesign.This is unusual for extensions of these types:
Apple reviewers will flag any
network.serverentitlement and request justification.Affected files
shell_integration/MacOSX/FileProviderExt.entitlements.cmake(line 13)shell_integration/MacOSX/FileProviderUIExt.entitlements.cmakeRequired change
Audit whether either extension truly listens on a TCP/UDP port. If all traffic is outbound (sync to server), remove
network.serverfrom both. If the File Provider extension uses it for local XPC or socket communication, replace it with the appropriate entitlement or eliminate the need altogether.