I have noticed this issue on BigSur that did not happen on Catalina:
An app is attempting to establish a network connection, despite the following entitlements:
<key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.network.client</key> <false/>
An outbound firewall is preventing it, but my understanding is that these entitlements should prevent entirely the app from making connections.
Has this changed under BigSur?
when I remove the line entirely (but keep the sandbox entitlement), it seems it is not making network connections.
Cool.
is that entitlement broken?
I think that depends on your perspective. At a practical level, adding an entitlement with the default value is pointless. At best it does nothing (except waste bytes on disk and the energy required to process it). In the worst case it may trigger implementation oddities like this one.
At a theoretical level I agree that we should honour the value in the entitlement. However, I can’t recommend that you file a bug about the current behaviour because we can’t change it without the risk of binary compatibility problems.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"