From 2c38aaed6f3337f3ad7e02876dfca9d21f27a3c1 Mon Sep 17 00:00:00 2001 From: Max Goedjen Date: Sat, 6 Sep 2025 23:28:58 -0700 Subject: [PATCH] Move internet access policy to xpc (#676) --- .../InternetAccessPolicy.plist | 31 +++++++++++++++++++ .../SecretAgent/InternetAccessPolicy.plist | 17 +--------- Sources/Secretive.xcodeproj/project.pbxproj | 4 +++ Sources/Secretive/InternetAccessPolicy.plist | 17 +--------- 4 files changed, 37 insertions(+), 32 deletions(-) create mode 100644 Sources/ReleasesDownloader/InternetAccessPolicy.plist diff --git a/Sources/ReleasesDownloader/InternetAccessPolicy.plist b/Sources/ReleasesDownloader/InternetAccessPolicy.plist new file mode 100644 index 0000000..37307a7 --- /dev/null +++ b/Sources/ReleasesDownloader/InternetAccessPolicy.plist @@ -0,0 +1,31 @@ + + + + + ApplicationDescription + Secretive is an app for storing and managing SSH keys in the Secure Enclave + DeveloperName + Max Goedjen + Website + https://github.com/maxgoedjen/secretive + Connections + + + IsIncoming + + Host + api.github.com + NetworkProtocol + TCP + Port + 443 + Purpose + Secretive checks GitHub for new versions and security updates. + DenyConsequences + If you deny these connections, you will not be notified about new versions and critical security updates. + + + Services + + + diff --git a/Sources/SecretAgent/InternetAccessPolicy.plist b/Sources/SecretAgent/InternetAccessPolicy.plist index 5ef4c38..32b9e35 100644 --- a/Sources/SecretAgent/InternetAccessPolicy.plist +++ b/Sources/SecretAgent/InternetAccessPolicy.plist @@ -9,22 +9,7 @@ Website https://github.com/maxgoedjen/secretive Connections - - - IsIncoming - - Host - api.github.com - NetworkProtocol - TCP - Port - 443 - Purpose - Secretive checks GitHub for new versions and security updates. - DenyConsequences - If you deny these connections, you will not be notified about new versions and critical security updates. - - + Services diff --git a/Sources/Secretive.xcodeproj/project.pbxproj b/Sources/Secretive.xcodeproj/project.pbxproj index c9fce11..6dd2a77 100644 --- a/Sources/Secretive.xcodeproj/project.pbxproj +++ b/Sources/Secretive.xcodeproj/project.pbxproj @@ -51,6 +51,7 @@ 5066A6C82516FE6E004B5A36 /* CopyableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5066A6C72516FE6E004B5A36 /* CopyableView.swift */; }; 506772C72424784600034DED /* Credits.rtf in Resources */ = {isa = PBXBuildFile; fileRef = 506772C62424784600034DED /* Credits.rtf */; }; 506772C92425BB8500034DED /* NoStoresView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506772C82425BB8500034DED /* NoStoresView.swift */; }; + 50692BA62E6D5CC90043C7BB /* InternetAccessPolicy.plist in Resources */ = {isa = PBXBuildFile; fileRef = 50692BA52E6D5CC90043C7BB /* InternetAccessPolicy.plist */; }; 5079BA0F250F29BF00EA86F4 /* StoreListView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5079BA0E250F29BF00EA86F4 /* StoreListView.swift */; }; 508A58AA241E06B40069DC07 /* PreviewUpdater.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58A9241E06B40069DC07 /* PreviewUpdater.swift */; }; 508A58B3241ED2180069DC07 /* AgentStatusChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58B2241ED2180069DC07 /* AgentStatusChecker.swift */; }; @@ -201,6 +202,7 @@ 5066A6C72516FE6E004B5A36 /* CopyableView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CopyableView.swift; sourceTree = ""; }; 506772C62424784600034DED /* Credits.rtf */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; path = Credits.rtf; sourceTree = ""; }; 506772C82425BB8500034DED /* NoStoresView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NoStoresView.swift; sourceTree = ""; }; + 50692BA52E6D5CC90043C7BB /* InternetAccessPolicy.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = InternetAccessPolicy.plist; sourceTree = ""; }; 5079BA0E250F29BF00EA86F4 /* StoreListView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StoreListView.swift; sourceTree = ""; }; 508A58A9241E06B40069DC07 /* PreviewUpdater.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreviewUpdater.swift; sourceTree = ""; }; 508A58AB241E121B0069DC07 /* Config.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Config.xcconfig; sourceTree = ""; }; @@ -290,6 +292,7 @@ isa = PBXGroup; children = ( 501577D52E6BC5F3004A37D0 /* Info.plist */, + 50692BA52E6D5CC90043C7BB /* InternetAccessPolicy.plist */, 501577D62E6BC5F3004A37D0 /* main.swift */, ); path = ReleasesDownloader; @@ -628,6 +631,7 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( + 50692BA62E6D5CC90043C7BB /* InternetAccessPolicy.plist in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; diff --git a/Sources/Secretive/InternetAccessPolicy.plist b/Sources/Secretive/InternetAccessPolicy.plist index 37307a7..e1602de 100644 --- a/Sources/Secretive/InternetAccessPolicy.plist +++ b/Sources/Secretive/InternetAccessPolicy.plist @@ -9,22 +9,7 @@ Website https://github.com/maxgoedjen/secretive Connections - - - IsIncoming - - Host - api.github.com - NetworkProtocol - TCP - Port - 443 - Purpose - Secretive checks GitHub for new versions and security updates. - DenyConsequences - If you deny these connections, you will not be notified about new versions and critical security updates. - - + Services