diff --git a/install/build_osx.sh b/install/build_osx.sh
index ad096139..010e3edb 100755
--- a/install/build_osx.sh
+++ b/install/build_osx.sh
@@ -23,9 +23,12 @@ if [ "$1" = "--release" ]; then
PKG_PATH="$ROOT/dist/OnionShare.pkg"
IDENTITY_NAME_APPLICATION="Developer ID Application: Micah Lee"
IDENTITY_NAME_INSTALLER="Developer ID Installer: Micah Lee"
+ ENTITLEMENTS_CHILD_PATH="$ROOT/install/macos_sandbox/child.plist"
+ ENTITLEMENTS_PARENT_PATH="$ROOT/install/macos_sandbox/parent.plist"
echo "Codesigning the app bundle"
- codesign --deep -s "$IDENTITY_NAME_APPLICATION" "$APP_PATH" --entitlements "$ROOT/install/OnionShare.entitlements"
+ codesign --deep -s "$IDENTITY_NAME_APPLICATION" -f --entitlements "$ENTITLEMENTS_CHILD_PATH" "$APP_PATH"
+ codesign -s "$IDENTITY_NAME_APPLICATION" -f --entitlements "$ENTITLEMENTS_PARENT_PATH" "$APP_PATH"
echo "Creating an installer"
productbuild --sign "$IDENTITY_NAME_INSTALLER" --component "$APP_PATH" /Applications "$PKG_PATH"
diff --git a/install/macos_sandbox/child.plist b/install/macos_sandbox/child.plist
new file mode 100644
index 00000000..06d88f66
--- /dev/null
+++ b/install/macos_sandbox/child.plist
@@ -0,0 +1,10 @@
+
+
+
+
+ com.apple.security.app-sandbox
+
+ com.apple.security.inherit
+
+
+
diff --git a/install/OnionShare.entitlements b/install/macos_sandbox/parent.plist
similarity index 100%
rename from install/OnionShare.entitlements
rename to install/macos_sandbox/parent.plist
index fa6a9141..ceecd30a 100644
--- a/install/OnionShare.entitlements
+++ b/install/macos_sandbox/parent.plist
@@ -4,10 +4,10 @@
com.apple.security.app-sandbox
- com.apple.security.files.user-selected.read-only
-
com.apple.security.network.client
+ com.apple.security.files.user-selected.read-only
+
com.apple.security.temporary-exception.files.home-relative-path.read-write
/OnionShare