Allowed Values For Mac

Posted on  by 

Jul 10, 2017 Normally, a router allows any device to connect — as long as it knows the appropriate passphrase. With MAC address filtering a router will first compare a device’s MAC address against an approved list of MAC addresses and only allow a device onto the Wi-Fi network if its MAC address has been specifically approved. Medicare Administrative Contractor (MAC) COVID-19 Test Pricing May 19, 2020. On March 5 and February 13, CMS announced new Healthcare Common Procedure Coding System (HCPCS) codes for healthcare providers and laboratories to test patients for SARSCoV2. Starting in April, laboratories performing the test can bill Medicare and other health. To send the message, it also requires Computer 2's MAC address. First, Computer 1 uses a cached ARP table to look up 192.168.0.55 for any existing records of Computer 2's MAC address (00:eb:24:b2:05:ac). If the MAC address is found, it sends an Ethernet frame with destination address 00:eb:24:b2:05:ac, containing the IP packet onto the link. Jun 10, 2020 TCP/IP networks based on IPv6 also implement a different approach to communicating MAC addresses compared to mainstream IPv4. Instead of 64-bit hardware addresses, IPv6 automatically translates a 48-bit MAC address to a 64-bit address by inserting a fixed (hardcoded) 16-bit value FFFE between the vendor prefix and the device identifier.

  1. Allowed Values For Macronutrients
  2. Mac Value Guide
  3. Best Value Mac

DATE

Combines separate values for year, month, and day and returns a date/time value.

DATEDIF

Returns the number of days, months, or years between two dates.

DATEVALUE

Converts a date text string and returns a date/time value. This function is provided for compatibility with other spreadsheet programs.

DAY

Returns the day of the month for a given date/time value.

DAYNAME

Returns the name of the day of the week from a date/time value or a number. Day 1 is Sunday.

DAYS360

Returns the number of days between two dates based on twelve 30‑day months and a 360‑day year.

EDATE

Returns a date that is some number of months before or after a given date.

EOMONTH

Returns a date that is the last day of the month some number of months before or after a given date.

HOUR

Returns the hour for a given date/time value.

MINUTE

Returns the minutes for a given date/time value.

MONTH

Returns the month for a given date/time value.

MONTHNAME

Returns the name of the month from a number. Month 1 is January.

NETWORKDAYS

Returns the number of working days between two dates. Working days exclude weekends and any other specified dates.

NOW

Returns the current date/time value from the system clock.

SECOND

Returns the seconds for a given date/time value.

TIME

Converts separate values for hours, minutes, and seconds into a date/time value.

TIMEVALUE

Returns the time as a decimal fraction of a 24‑hour day from a given date/time value or from a text string.

TODAY

Returns the current system date. The time is set to 12:00 a.m.

WEEKDAY

Returns a number that is the day of the week for a given date.

WEEKNUM

Returns the number of the week within the year for a given date.

WORKDAY

Returns the date that is the given number of working days before or after a given date. Working days exclude weekends and any other dates specifically excluded.

YEAR

Returns the year for a given date/time value.

YEARFRAC

Finds the fraction of a year represented by the number of whole days between two dates.

DUR2DAYS

Converts a duration value to a number of days.

DUR2HOURS

Converts a duration value to a number of hours.

DUR2MILLISECONDS

Converts a duration value to a number of milliseconds.

DUR2MINUTES

Converts a duration value to a number of minutes.

DUR2SECONDS

Converts a duration value to a number of seconds.

DUR2WEEKS

Converts a duration value to a number of weeks.

DURATION

Combines separate values for weeks, days, hours, minutes, seconds, and milliseconds and returns a duration value.

STRIPDURATION

Evaluates a given value and returns either the number of days represented, if a duration value; or the given value. This function is included for compatibility with other spreadsheet applications.

BASETONUM

Converts a number of the specified base into a number in base 10.

BESSELJ

Returns the integer Bessel function Jn(x).

BESSELY

Returns the integer Bessel function Yn(x).

BIN2DEC

Converts a binary number to the corresponding decimal number.

BIN2HEX

Converts a binary number to the corresponding hexadecimal number.

BIN2OCT

Converts a binary number to the corresponding octal number.

CONVERT

Converts a number from one measurement system to its corresponding value in another measurement system.

DEC2BIN

Converts a decimal number to the corresponding binary number.

DEC2HEX

Converts a decimal number to the corresponding hexadecimal number.

DEC2OCT

Converts a decimal number to the corresponding octal number.

DELTA

Determines whether two values are exactly equal.

ERF

Returns the error function integrated between two values.

ERFC

Returns the complementary ERF function integrated between a given lower bound and infinity.

GESTEP

Determines if one value is greater than or exactly equal to another value.

HEX2BIN

Converts a hexadecimal number to the corresponding binary number.

HEX2DEC

Converts a hexadecimal number to the corresponding decimal number.

HEX2OCT

Converts a hexadecimal number to the corresponding octal number.

NUMTOBASE

Converts a number from base 10 into a number in the specified base.

OCT2BIN

Converts an octal number to the corresponding binary number.

OCT2DEC

Converts an octal number to the corresponding decimal number.

OCT2HEX

Converts an octal number to the corresponding hexadecimal number.

ACCRINT

Calculates the accrued interest added to the purchase price of a security and paid to the seller when the security pays periodic interest.

ACCRINTM

Calculates the total accrued interest added to the purchase price of a security and paid to the seller when the security pays interest only at maturity.

BONDDURATION

Calculates the weighted average of the present value of the cash flows for an assumed par value of $100.

BONDMDURATION

Calculates the modified weighted average of the present value of the cash flows for an assumed par value of $100.

COUPDAYBS

Returns the number of days between the beginning of the coupon period in which settlement occurs and the settlement date.

COUPDAYS

Returns the number of days in the coupon period in which settlement occurs.

COUPDAYSNC

Returns the number of days between the settlement date and the end of the coupon period in which settlement occurs.

COUPNUM

Returns the number of coupons remaining to be paid between the settlement date and the maturity date.

CUMIPMT

Returns the total interest included in loan or annuity payments over a chosen time interval based on fixed periodic payments and a fixed interest rate.

CUMPRINC

Returns the total principal included in loan or annuity payments over a chosen time interval based on fixed periodic payments and a fixed interest rate.

DB

Returns the amount of depreciation of an asset for a specified period using the fixed‑declining balance method.

DDB

Returns the amount of depreciation of an asset based on a specified depreciation rate.

DISC

Returns the annual discount rate of a security that pays no interest and is sold at a discount to its redemption value.

EFFECT

Returns the effective annual interest rate from the nominal annual interest rate based on the number of compounding periods per year.

FV

Returns the future value of an investment based on a series of regular periodic cash flows (payments of a constant amount and all cash flows at constant intervals) and a fixed interest rate.

INTRATE

Returns the effective annual interest rate for a security that pays interest only at maturity.

IPMT

Returns the interest portion of a specified loan or annuity payment based on fixed, periodic payments and a fixed interest rate.

IRR

Returns the internal rate of return for an investment that is based on a series of potentially irregular cash flows that occur at regular time intervals.

ISPMT

Returns the interest portion of a specified loan or annuity payment based on fixed, periodic payments and a fixed interest rate. This function is provided for compatibility with tables imported from other spreadsheet applications.

MIRR

Returns the modified internal rate of return for an investment that is based on a series of potentially irregular cash flows that occur at regular time intervals. The rate earned on positive cash flows and the rate paid to finance negative cash flows can differ.

NOMINAL

Returns the nominal annual interest rate from the effective annual interest rate based on the number of compounding periods per year.

NPER

Returns the number of payment periods for a loan or annuity based on a series of regular periodic cash flows (payments of a constant amount and all cash flows at constant intervals) and a fixed interest rate.

NPV

Returns the net present value of an investment based on a series of potentially irregular cash flows that occur at regular time intervals.

PMT

Returns the fixed periodic payment for a loan or annuity based on a series of regular periodic cash flows (payments of a constant amount and all cash flows at constant intervals) and a fixed interest rate.

PPMT

Returns the principal portion of a specified loan or annuity payment based on fixed periodic payments and a fixed interest rate.

PRICE

Returns the price of a security that pays periodic interest per $100 of redemption (par) value.

PRICEDISC

Returns the price of a security that is sold at a discount to redemption value and does not pay interest per $100 of redemption (par) value.

PRICEMAT

Returns the price of a security that pays interest only at maturity per $100 of redemption (par) value.

PV

Returns the present value of an investment or annuity based on a series of regular periodic cash flows (payments of a constant amount and all cash flows at constant intervals) and a fixed interest rate.

RATE

Returns the interest rate of an investment, loan, or annuity based on a series of regular periodic cash flows (payments of a constant amount and all cash flows at constant intervals) and a fixed interest rate.

RECEIVED

Returns the maturity value for a security that pays interest only at maturity.

SLN

Returns the amount of depreciation of an asset for a single period using the straight‑line method.

SYD

Returns the amount of depreciation of an asset for a specified period using the sum‑of‑the‑years‑digits method.

VDB

Returns the amount of depreciation of an asset over a chosen time interval, based on a specified depreciation rate.

YIELD

Returns the effective annual interest rate for a security that pays regular periodic interest.

YIELDDISC

Returns the effective annual interest rate for a security that is sold at a discount to redemption value and pays no interest.

YIELDMAT

Returns the effective annual interest rate for a security that pays interest only at maturity.

AND

Returns TRUE if all arguments are true; otherwise it returns FALSE.

FALSE

Returns the Boolean value FALSE. This function is included for compatibility with tables imported from other spreadsheet applications.

IF

Returns one of two values depending on whether a specified expression evaluates to a Boolean value of TRUE or FALSE.

IFERROR

Returns a value that you specify if a given value evaluates to an error; otherwise it returns the given value.

ISBLANK

Returns TRUE if the specified cell is empty; otherwise it returns FALSE.

ISERROR

Returns TRUE if a given expression evaluates to an error; otherwise it returns FALSE.

ISEVEN

Returns TRUE if the value is even (leaves no remainder when divided by 2); otherwise it returns FALSE.

ISODD

Returns TRUE if the value is odd (leaves a remainder when divided by 2); otherwise it returns FALSE.

NOT

Returns the opposite of the Boolean value of a specified expression.

OR

Returns TRUE if any argument is true; otherwise it returns FALSE.

TRUE

Returns the Boolean value TRUE. This function is included for compatibility with tables imported from other spreadsheet applications.

ABS

Returns the absolute value of a number or duration.

CEILING

Rounds a number away from zero to the nearest multiple of the specified factor.

COMBIN

Returns the number of different ways you can combine a number of items into groups of a specific size, ignoring the order within the groups.

EVEN

Rounds a number away from zero to the next even number.

EXP

Returns e (the base of natural logarithms) raised to the specified power.

FACT

Returns the factorial of a number.

FACTDOUBLE

Returns the double factorial of a number.

FLOOR

Rounds a number toward zero to the nearest multiple of the specified factor.

GCD

Returns the greatest common divisor of the specified numbers.

INT

Returns the nearest integer that is less than or equal to the number.

LCM

Returns the least common multiple of the specified numbers.

LN

Returns the natural logarithm of a number, the power to which e must be raised to result in the number.

LOG

Returns the logarithm of a number using a specified base.

LOG10

Returns the base‑10 logarithm of a number.

MOD

Returns the remainder from a division.

MROUND

Rounds a number to the nearest multiple of a specified factor.

MULTINOMIAL

Returns the closed form of the multinomial coefficient of the given numbers.

ODD

Rounds a number away from zero to the next odd number.

PI

Returns the approximate value of π (pi), the ratio of a circle’s circumference to its diameter.

POLYNOMIAL

Evaluates a polynomial at a given point.

POWER

Returns a number raised to a power.

PRODUCT

Returns the product of one or more numbers.

QUOTIENT

Returns the integer quotient of two numbers.

RAND

Returns a random number that is greater than or equal to 0 and less than 1.

RANDBETWEEN

Returns a random integer within the specified range.

ROMAN

Converts a number to Roman numerals.

ROUND

Returns a number rounded to the specified number of places.

ROUNDDOWN

Returns a number rounded toward zero (rounded down) to the specified number of places.

ROUNDUP

Returns a number rounded away from zero (rounded up) to the specified number of places.

SERIESSUM

Computes and returns the sum of a power series.

SIGN

Returns 1 when a given number is positive, –1 when it is negative, and 0 when it is zero.

SQRT

Returns the square root of a number.

SQRTPI

Returns the square root of a number multiplied by π (pi).

SUM

Returns the sum of a collection of numbers.

SUMIF

Returns the sum of a collection of numbers, including only numbers that satisfy a specified condition.

SUMIFS

Returns the sum of the cells in a collection where the test values meet the given conditions.

SUMPRODUCT

Returns the sum of the products of corresponding numbers in one or more ranges.

SUMSQ

Returns the sum of the squares of a collection of numbers.

SUMX2MY2

Returns the sum of the difference of the squares of corresponding values in two collections.

SUMX2PY2

Returns the sum of the squares of corresponding values in two collections.

SUMXMY2

Returns the sum of the squares of the differences between corresponding values in two collections.

TRUNC

Truncates a number to the specified number of digits.

ADDRESS

Constructs a cell address string from separate row, column, and table identifiers.

AREAS

Returns the number of ranges the function references.

CHOOSE

Returns a value from a collection of values based on a specified index value.

COLUMN

Returns the column number of the column containing a specified cell.

COLUMNS

Returns the number of columns included in a specified range of cells.

HLOOKUP

Returns a value from a range of rows by using the top row of values to pick a column and a row number to pick a row within that column.

INDEX

Returns the value in the cell located at the intersection of the specified row and column within a range of cells.

INDIRECT

Returns the contents of a cell or range referenced by an address specified as a string.

INTERSECT.RANGES

Returns a range that is the intersection of the specified ranges.

LOOKUP

Finds a match for a given search value in one range, then returns the value in the cell with the same relative position in a second range.

MATCH

Returns the position of a value within a range.

OFFSET

Returns a range of cells that is the specified number of rows and columns away from the specified base cell.

ROW

Returns the row number of the row containing a specified cell.

ROWS

Returns the number of rows included in a specified range of cells.

TRANSPOSE

Returns a vertical range of cells as a horizontal range of cells, or vice versa.

UNION.RANGES

Returns a range that represents a range representing the union of the specified ranges.

VLOOKUP

Returns a value from a range of columns by using the left column of values to pick a row and a column number to pick a column in that row.

AVEDEV

Returns the average of the difference of a collection of numbers from their average (arithmetic mean).

AVERAGE

Returns the average (arithmetic mean) of a collection of numbers.

AVERAGEA

Returns the average (arithmetic mean) of a collection of values, including text and Boolean values.

AVERAGEIF

Returns the average (arithmetic mean) of the cells in a range that meet a given condition.

AVERAGEIFS

Returns the average (arithmetic mean) of the cells in a collection that meet all the given conditions.

BETADIST

Returns the cumulative beta distribution probability value.

BETAINV

Returns the inverse of the given cumulative beta distribution probability value.

BINOMDIST

Returns the individual term binomial distribution probability of the specified form.

CHIDIST

Returns the one‑tailed probability of the chi‑square distribution.

CHIINV

Returns the inverse of the one‑tailed probability of the chi‑square distribution.

CHITEST

Returns the value from the chi‑square distribution for the given data.

CONFIDENCE

Returns a value for creating a statistical confidence interval for a sample from a population with a known standard deviation.

CORREL

Returns the correlation between two collections using linear regression analysis.

COUNT

Returns the number of its arguments that contain numbers, numeric expressions, or dates.

COUNTA

Returns the number of its arguments that are not empty.

COUNTBLANK

Returns the number of cells in a range that are empty.

COUNTIF

Returns the number of cells in a range that satisfy a given condition.

COUNTIFS

Returns the number of cells in one or more ranges that satisfy given conditions (one condition per range).

COVAR

Returns the covariance of two collections.

CRITBINOM

Returns the smallest value for which the cumulative binomial distribution is greater than or equal to a given value.

DEVSQ

Returns the sum of the squares of deviations of a collection of numbers from their average (arithmetic mean).

EXPONDIST

Returns the exponential distribution of the specified form.

FDIST

Returns the F probability distribution.

FINV

Returns the inverse of the F probability distribution.

FORECAST

Returns the forecasted y value for a given x value based on sample values using linear regression analysis.

FREQUENCY

Returns an array of how often data values occur within a range of interval values.

GAMMADIST

Returns the gamma distribution in the specified form.

GAMMAINV

Returns the inverse gamma cumulative distribution.

GAMMALN

Returns the natural logarithm of the gamma function, G(x).

GEOMEAN

Returns the geometric mean.

HARMEAN

Returns the harmonic mean.

INTERCEPT

Returns the y‑intercept of the best‑fit line for the collection using linear regression analysis.

LARGE

Returns the nth‑largest value within a collection. The largest value is ranked number 1.

LINEST

Returns an array of the statistics for a straight line that best fits the given data using the least squares method.

LOGINV

Returns the inverse of the log‑normal cumulative distribution function of x.

LOGNORMDIST

Returns the log‑normal distribution.

MAX

Returns the largest number in a collection.

MAXA

Returns the largest number in a collection of values that may include text and Boolean values.

MEDIAN

Returns the median value in a collection of numbers. The median is the value where half the numbers in the collection are less than the median and half are greater.

MIN

Returns the smallest number in a collection.

MINA

Returns the smallest number in a collection of values that may include text and Boolean values.

MODE

Returns the most frequently occurring value in a collection of numbers.

NEGBINOMDIST

Returns the negative binomial distribution.

NORMDIST

Returns the normal distribution of the specified function form.

NORMINV

Returns the inverse of the cumulative normal distribution.

NORMSDIST

Returns the standard normal distribution.

NORMSINV

Returns the inverse of the cumulative standard normal distribution.

PERCENTILE

Returns the value within a collection that corresponds to a particular percentile.

PERCENTRANK

Returns the rank of a value in a collection as a percentage of the collection.

PERMUT

Returns the number of permutations for a given number of objects that can be selected from a total number of objects.

POISSON

Returns the probability that a specific number of events will occur using the Poisson distribution.

PROB

Returns the probability of a range of values if you know the probabilities of the individual values.

QUARTILE

Returns the value for the specified quartile of a given collection.

RANK

Returns the rank of a number within a range of numbers.

SLOPE

Returns the slope of the best‑fit line for the collection using linear regression analysis.

SMALL

Returns the nth‑smallest value within a range. The smallest value is ranked number 1.

STANDARDIZE

Returns a normalized value from a distribution characterized by a given mean and standard deviation.

STDEV

Returns the standard deviation, a measure of dispersion, of a collection of values based on their sample (unbiased) variance.

STDEVA

Returns the standard deviation, a measure of dispersion, of a collection of values that may include text and Boolean values, based on the sample (unbiased) variance.

STDEVP

Returns the standard deviation, a measure of dispersion, of a collection of values based on their population (true) variance.

STDEVPA

Returns the standard deviation, a measure of dispersion, of a collection of values that may include text and Boolean values, based on the population (true) variance.

TDIST

Returns the probability from the Student’s t‑distribution.

TINV

Returns the t value (a function of the probability and degrees of freedom) from the Student’s t‑distribution.

TTEST

Returns the probability associated with a Student’s t‑test, based on the t‑distribution function.

VAR

Returns the sample (unbiased) variance, a measure of dispersion, of a collection of values.

VARA

Returns the sample (unbiased) variance, a measure of dispersion, of a collection of values, including text and Boolean values.

VARP

Returns the population (true) variance, a measure of dispersion, of a collection of values.

VARPA

Returns the sample (unbiased) variance, a measure of dispersion, of a collection of values, including text and Boolean values.

WEIBULL

Returns the values of the Weibull distribution.

ZTEST

Returns the one‑tailed probability value of the Z‑test.

CHAR

Returns the character that corresponds to a decimal Unicode character code.

CLEAN

Removes most common nonprinting characters (Unicode character codes 0–31) from text.

CODE

Returns the decimal Unicode number of the first character in a specified string.

CONCATENATE

Joins (concatenates) strings.

DOLLAR

Returns a string formatted as a dollar amount from a given number.

EXACT

Returns TRUE if the argument strings are identical in case and content.

FIND

Returns the starting position of one string within another.

FIXED

Rounds a number to the specified number of decimal places and then returns the result as a string value.

LEFT

Returns a string consisting of the specified number of characters from the left end of a given string.

LEN

Returns the number of characters in a string.

LOWER

Returns a string that is entirely lowercase, regardless of the case of the characters in the specified string.

MID

Returns a string consisting of the given number of characters from a string starting at the specified position.

PROPER

Allowed Values For Mac

Returns a string where the first letter of each word is uppercase and all remaining characters are lowercase, regardless of the case of the characters in the specified string.

REPLACE

Returns a string where a specified number of characters of a given string have been replaced with a new string.

REPT

Returns a string that contains a given string repeated a specified number of times.

RIGHT

Returns a string consisting of the given number of characters from the right end of a specified string.

SEARCH

Returns the starting position of one string within another, ignoring case and allowing wildcards.

SUBSTITUTE

Returns a string where the specified characters of a given string have been replaced with a new string.

T

Returns the text contained in a cell. This function is included for compatibility with tables imported from other spreadsheet applications.

TRIM

Returns a string based on a given string, after removing extra spaces.

UPPER

Returns a string that is entirely uppercase, regardless of the case of the characters in the specified string.

VALUE

Returns a number value even if the argument is formatted as text.

ACOS

Returns the inverse cosine (arccosine) of a number.

ACOSH

Returns the inverse hyperbolic cosine (hyperbolic arccosine) of a number.

ASIN

Returns the arcsine (the inverse sine) of a number.

ASINH

Returns the inverse hyperbolic sine of a number.

ATAN

Returns the inverse tangent (arctangent) of a number.

ATAN2

Returns the angle, relative to the positive x‑axis, of the line passing through the origin and the specified point.

ATANH

Returns the inverse hyperbolic tangent of a number.

COS

Returns the cosine of an angle that is expressed in radians.

COSH

Returns the hyperbolic cosine of a number.

DEGREES

Returns the number of degrees in an angle expressed in radians.

RADIANS

Returns the number of radians in an angle expressed in degrees.

SIN

Returns the sine of an angle that is expressed in radians.

SINH

Returns the hyperbolic sine of the specified number.

TAN

Returns the tangent of an angle that is expressed in radians.

TANH

Returns the hyperbolic tangent of the specified number.

Note: This chapter describes property list keys specific to the macOS implementation of App Sandbox. They are not available in iOS.

In your macOS Xcode project, configure fine-grained security permissions by enabling settings in the Summary tab of the target editor. These settings, in turn, add Boolean values to entitlement keys in the target’s .entitlementsproperty list file. The values are then incorporated into the target’s code signature when you build the project.

You can think of using App Sandbox entitlements as a two-step process:

  1. Sandbox a target, which removes most capabilities for interacting with the system

  2. Restore capabilities to the sandboxed target, as needed, by configuring App Sandbox entitlements

At runtime, if a target requires a capability or a system resource for which the target isn’t entitled, the sandbox daemon (sandboxd) logs a violation message to the console.

For more information about App Sandbox, read App Sandbox Design Guide.

App Sandbox Entitlement Keys

This section describes the keys you can use to confer capabilities to a sandboxed app in macOS. The first key enables App Sandbox; the others configure the sandbox. If App Sandbox is not enabled, the other keys in this section are meaningless.

The value to use for any of these keys is a Boolean YES or NO, with the default value in each case being NO. If you are editing the .entitlements file directly in a text editor, the corresponding Boolean values to use are <true/> and <false/>. The default value for each key is false, so you can (and generally should) leave out the entitlement entirely rather than specifying a false value.

In cases where there are read-only and read/write entitlement key pairs, use of either key in the pair is mutually exclusive with the other.

Add these keys by using the Summary tab of the Xcode target editor. You can also add them directly to a target’s .entitlements file with the Xcode property list editor.

For information on additional entitlements for handling special circumstances, see App Sandbox Temporary Exception Entitlements.

For each key in this table, providing a Boolean value of YES enables the corresponding capability (unless otherwise noted).

Capability

Enables App Sandbox for a target in an Xcode project

Allows access to group containers that are shared among multiple apps produced by a single development team, and allows certain additional interprocess communication between the apps

Supported in macOS v10.7.5 and in v10.8.3 and later. The format for this attribute is described in Adding an App to an App Group.

Read-only access to the user’s Movies folder and iTunes movies

For details, see Enabling Access to Files in Standard Locations.

Read/write access to the user’s Movies folder and iTunes movies

For details, see Enabling Access to Files in Standard Locations.

Read-only access to the user’s Music folder

For details, see Enabling Access to Files in Standard Locations.

Read/write access to the user’s Music folder

For details, see Enabling Access to Files in Standard Locations.

Read-only access to the user’s Pictures folder

For details, see Enabling Access to Files in Standard Locations.

Read/write access to the user’s Pictures folder

For details, see Enabling Access to Files in Standard Locations.

Communication with AVB devices

For details, see Enabling Hardware Access.

Allowed Values For Macronutrients

Interaction with Bluetooth devices

For details, see Enabling Hardware Access.

Capture of movies and still images using the built-in camera, if available

For details, see Enabling Hardware Access.

Interaction with FireWire devices (currently, does not support interaction with audio/video devices such as DV cameras)

For details, see Enabling Hardware Access.

Recording of audio using the built-in microphone, if available, along with access to audio input using any Core Audio API that supports audio input

For details, see Enabling Hardware Access.

Interaction with serial devices

For details, see Enabling Hardware Access.

Interaction with USB devices, including HID devices such as joysticks

For details, see Enabling Hardware Access.

Read/write access to the user’s Downloads folder

For details, see Enabling Access to Files in Standard Locations.

Use of app-scoped bookmarks and URLs

For details, see Enabling Security-Scoped Bookmark and URL Access.

Use of document-scoped bookmarks and URLs

For details, see Enabling Security-Scoped Bookmark and URL Access.

Read-only access to files the user has selected using an Open or Save dialog

For details, see Enabling User-Selected File Access.

Read/write access to files the user has selected using an Open or Save dialog

For details, see Enabling User-Selected File Access.

Allows apps to write executable files.

For details, see Enabling User-Selected File Access.

Child process inheritance of the parent’s sandbox

For details, see Enabling App Sandbox Inheritance.

Network socket for connecting to other machines

For details, see Enabling Network Access.

Network socket for listening for incoming connections initiated by other machines

For details, see Enabling Network Access.

com.apple.security.personal-information.addressbook

Read/write access to contacts in the user’s address book; allows apps to infer the default address book if more than one is present on a system

For details, see Enabling Personal Information Access.

Read/write access to the user’s calendars

For details, see Enabling Personal Information Access.

Use of the Core Location framework for determining the computer’s geographical location

For details, see Enabling Personal Information Access.

Printing

For details, see Enabling Hardware Access.

Ability to use specific AppleScript scripting access groups within a specific scriptable app

For details, see Enabling Scripting of Other Apps.

Enabling App Sandbox

You enable App Sandbox individually for each target in an macOS Xcode project. For example, you may design a project as a main app, and some helpers in the form of XPC services. You then enable and configure the sandbox for each target individually.

To learn how to enable App Sandbox for your macOS app, which includes performing code signing, see App Sandbox Quick Start in App Sandbox Design Guide. The essential step is to ensure that the target editor checkbox named in Table 4-1 is selected.

Table 4-1 Xcode setting for enabling App Sandbox

Setting

Entitlement key

Enable App Sandboxing

com.apple.security.app-sandbox

Enabling User-Selected File Access

Xcode provides a pop-up menu, in the Summary tab of the target editor, with choices to enable read-only or read/write access to files and folders that the user explicitly selects. When you enable user-selected file access, you gain programmatic access to files and folders that the user opens using an NSOpenPanel object, and files the user saves using an NSSavePanel object.

Certain other user interactions, such as dragging items to your app or choosing items from the Open Recent menu, automatically expand your sandbox to include those items. Similarly, when macOS resumes an app after a reboot, the sandbox is automatically expanded to include any items that are automatically opened.

To enable user-selected file access in your app, use the Xcode target editor setting shown in Table 4-2.

Note: If your app needs to create executable files that are typically executed in some way other than through Launch Services (shell scripts, for example), you should also specify the com.apple.security.files.user-selected.executable entitlement.

By default, when writing executable files in sandboxed apps, the files are quarantined. Gatekeeper prevents quarantined executable files and other similar files (shell scripts, web archives, and so on) from opening or executing unless the user explicitly launches them from Finder.

If those executables are tools that are intended to run from the command line, such as shell scripts, this presents a problem. With this flag, the file quarantine system allows the app to write non-quarantined executables so that Gatekeeper does not prevent them from executing.

This entitlement does not have an Xcode checkbox, and thus must be added to your app’s entitlement property list manually. For details, see App Sandbox Entitlement Keys.

Table 4-2 Xcode setting for user-selected file and folder access

Setting

Entitlement keys

User Selected File

com.apple.security.files.user-selected.read-only

com.apple.security.files.user-selected.read-write

Enabling Access to Files in Standard Locations

In addition to granting user-selected file access, you can employ entitlements to grant programmatic file access to the following user folders:

  • Downloads

  • Music

  • Movies

  • Pictures

The Xcode control for enabling Downloads folder access is a checkbox; the controls for enabling access to these other folders are pop-up menus.

When you enable programmatic access to the user’s Movies folder, you also gain access to their iTunes movies.

Reopening of files by macOS using Resume does not require the presence of any entitlement key.

To enable programmatic access to specific folders, use the Xcode target editor settings shown in Table 4-3.

Table 4-3 Xcode settings for programmatic file and folder access

Setting

Entitlement keys

Downloads Folder

com.apple.security.files.downloads.read-write

Music Folder

com.apple.security.assets.music.read-only

com.apple.security.assets.music.read-write

Movies Folder

com.apple.security.assets.movies.read-only

com.apple.security.assets.movies.read-write

Pictures Folder

com.apple.security.assets.pictures.read-only

com.apple.security.assets.pictures.read-write

Enabling Security-Scoped Bookmark and URL Access

If you want to provide your sandboxed app with persistent access to file system resources, you must enable security-scoped bookmark and URL access. Security-scoped bookmarks are available starting in macOS v10.7.3.

To add the bookmarks.app-scope or bookmarks.document-scope entitlement, edit the target’s.entitlementsproperty list file using the Xcode property list editor. Use the entitlement keys shown in Table 4-4, depending on which type of access you want. Use a value of <true/> for each entitlement you want to enable. You can enable either or both entitlements.

For more information on security-scoped bookmarks, read Security-Scoped Bookmarks and Persistent Resource Access in App Sandbox Design Guide.

Table 4-4 Entitlement keys for enabling security-scoped bookmark and URL access

Entitlement key

Description

com.apple.security.files.bookmarks.app-scope

Enables use of app-scoped bookmarks and URLs

com.apple.security.files.bookmarks.document-scope

Enables use of document-scoped bookmarks and URLs.

Version note: in macOS v10.7.3, this entitlement key was named com.apple.security.files.bookmarks.collection-scope

Enabling Network Access

Xcode’s Network checkboxes in the Summary tab of the target editor let you enable network access for your app.

To enable your app to connect to a server process running on another machine (or on the same machine), enable outgoing network connections.

To enable opening a network listening socket so that other computers can connect to your app, allow incoming network connections.

Note: Both outgoing and incoming connections can send and receive data. The sole difference is in whether your app is initiating the connection or is receiving connections initiated by other apps or other hosts.

To enable network access, use the Xcode target editor settings shown in Table 4-5.

Table 4-5 Xcode settings for network access

Setting

Entitlement key

Allow Incoming Connections

com.apple.security.network.server

Allow Outgoing Connections

com.apple.security.network.client

Enabling Hardware Access

To allow a sandboxed target to access hardware services on a system—USB, printing, or the built-in camera and microphone—enable the corresponding setting in the Summary tab of the Xcode target editor.

  • Camera access enables access to video and still image capture using the built-in camera, if available.

  • Microphone access enables access to audio recording using the built-in microphone, if available.

  • USB access enables the ability to interact with USB devices using USB device access APIs. On violation, sandboxd names the I/O Kit class your code tried to access.

  • Printing access is required if you want to provide a target with the ability to print.

To enable access to hardware, use the Xcode target editor settings shown in Table 4-6.

Table 4-6 Xcode settings for hardware access

Setting

Entitlement key

Allow Camera Access

com.apple.security.device.camera

Allow Microphone Access

com.apple.security.device.audio-input

Allow USB Access

com.apple.security.device.usb

Allow Printing

com.apple.security.print

To allow access to hardware devices for which no checkbox exists in Xcode’s user interface, you must manually add the appropriate entitlement to your app’s entitlements property list. These additional entitlements are listed in Table 4-7. All of these keys take a Boolean value.

Table 4-7 Other entitlement keys for accessing hardware

Entitlement key

Description

com.apple.security.device.audio-video-bridging

Interaction with AVB devices by using the Audio Video Bridging framework

com.apple.security.device.bluetooth

Interaction with Bluetooth devices

com.apple.security.device.firewire

Interaction with FireWire devices (currently, does not support interaction with audio/video devices such as DV cameras)

com.apple.security.device.serial

Interaction with serial devices

Enabling Personal Information Access

A user’s personal information is inaccessible to your sandboxed app unless you grant access using the appropriate settings.

  • Address Book access enables read/write access to contacts in the user’s address book.

  • Location Services access enables use of the Core Location framework to determine the computer’s geographic position.

  • Calendar access enables read/write access to the user’s calendars.

To enable access to personal information, use the Xcode target editor settings shown in Table 4-8.

Table 4-8 Xcode settings for access to a user’s personal information

Setting

Entitlement key

Allow Address Book Data Access

com.apple.security.personal-information.addressbook

Allow Location Services Access

com.apple.security.personal-information.location

Allow Calendar Data Access

com.apple.security.personal-information.calendars

Adding an App to an App Group

The com.apple.security.application-groups (available in macOS v10.7.5 and v10.8.3 and later) allows multiple apps produced by a single development team to share access to a special group container. This container is intended for content that is not user-facing, such as shared caches or databases.

In addition, this attribute allows the apps within the group to share Mach and POSIX semaphores and to use certain other IPC mechanisms among the group’s members. For additional details and naming conventions, read “Mach IPC and POSIX Semaphores and Shared Memory” in App Sandbox Design Guide.

The value for this key must be of type array, and must contain one or more string values, each of which must consist of your development team ID, followed by a period, followed by an arbitrary name chosen by your development team. For example:

The group containers are automatically created or added into each app’s sandbox container as determined by the existence of these keys. The group containers are stored in ~/Library/Group Containers/<application-group-id>, where <application-group-id> is one of the strings from the array. Your app can obtain the path to the group containers by calling the containerURLForSecurityApplicationGroupIdentifier: method of NSFileManager.

Enabling App Sandbox Inheritance

If your app employs a child process created with either the posix_spawn function or the NSTask class, you can configure the child process to inherit the sandbox of its parent. However, using a child process does not provide the security afforded by using an XPC service.

Important: XPC (as described in External Tools, XPC Services, and Privilege Separation) complements App Sandbox and is the preferred technology for implementing privilege separation in an macOS app. Before using a child process, consider using an XPC service instead.

To enable sandbox inheritance, a child target must use exactly two App Sandbox entitlement keys: com.apple.security.app-sandbox and com.apple.security.inherit. If you specify any other App Sandbox entitlement, the system aborts the child process. You can, however, confer other capabilities to a child process by way of iCloud and notification entitlements.

The main app in an Xcode project must never have a YES value for the inherit entitlement.

Mac Value Guide

To add the inherit entitlement, edit the target’s .entitlementsproperty list file using the Xcode property list editor. Use the entitlement key shown in Table 4-9 with a value of <true/>.

Best Value Mac

Note: This property causes the child process to inherit only the static rights defined in the main app’s entitlements file, not any rights added to your sandbox after launch (such as PowerBox access to files).

If you need to provide access to files opened after launch, you must either pass the data to the helper or pass a bookmark to the child process. The bookmark need not be a security-scoped bookmark, but it can be, if desired.

If you are using other APIs to create child processes (such as NSWorkspace) and wish to have a shared container directory, you must use an app group.

Table 4-9 Entitlement key for inheriting the parent process’s App Sandbox

Entitlement key

Description

com.apple.security.inherit

Enables App Sandbox inheritance

Enabling Scripting of Other Apps

If your app needs to control another scriptable app, your app can use the scripting targets entitlement to request access to one or more of the scriptable app’s scripting access groups.

Note: Before you can use this entitlement, the scriptable app must provide scripting access groups. If it does not, you can still control the app, but you use a temporary exception entitlement instead. In some cases, you may use both scripting-targets entitlement and a temporary entitlement together, to provide support across different versions of the OS. For more information, see Apple Event Temporary Exception.

Table 4-10 Entitlement key for accessing scripting targets

Entitlement key

Description

com.apple.security.scripting-targets

Ability to use specific AppleScript scripting access groups within a specific scriptable app

The scripting target entitlement contains a dictionary where each entry has the target app’s code signing identifier as the key, and an array of scripting access groups as the value. Scripting access groups are identified by strings and are specific to an app. For example, the following entry would grant access to composing mail messages with Apple’s Mail app:

For more information about how to add scripting access groups to an app, watch WWDC 2012: Secure Automation Techniques in OS X and read the manual page for sdef.



Copyright © 2017 Apple Inc. All Rights Reserved. Terms of Use | Privacy Policy | Updated: 2017-03-27

Coments are closed