From 06fa176367b30f977b4a4afedb09e47950902d0b Mon Sep 17 00:00:00 2001
From: zjs81 <zacharysylvester81@gmail.com>
Date: Sat, 7 Mar 2026 13:10:42 -0700
Subject: [PATCH] Narrow macOS sandbox entitlement to /dev/cu. and /dev/tty.
 only

The /dev/ prefix granted read/write to all device nodes. The app only
needs access to serial port devices (/dev/cu.* and /dev/tty.*) for USB
LoRa communication.
---
 macos/Runner/DebugProfile.entitlements | 4 +++-
 macos/Runner/Release.entitlements      | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/macos/Runner/DebugProfile.entitlements b/macos/Runner/DebugProfile.entitlements
index 17455ef..2fcad1b 100644
--- a/macos/Runner/DebugProfile.entitlements
+++ b/macos/Runner/DebugProfile.entitlements
@@ -14,9 +14,11 @@
 	<true/>
 	<key>com.apple.security.device.usb</key>
 	<true/>
+	<!-- USB serial ports (/dev/cu.* and /dev/tty.*) for LoRa device communication -->
 	<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
 	<array>
-		<string>/dev/</string>
+		<string>/dev/cu.</string>
+		<string>/dev/tty.</string>
 	</array>
 	<key>com.apple.security.device.camera</key>
 	<true/>
diff --git a/macos/Runner/Release.entitlements b/macos/Runner/Release.entitlements
index 11bd5b8..2b1c694 100644
--- a/macos/Runner/Release.entitlements
+++ b/macos/Runner/Release.entitlements
@@ -10,9 +10,11 @@
 	<true/>
 	<key>com.apple.security.device.usb</key>
 	<true/>
+	<!-- USB serial ports (/dev/cu.* and /dev/tty.*) for LoRa device communication -->
 	<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
 	<array>
-		<string>/dev/</string>
+		<string>/dev/cu.</string>
+		<string>/dev/tty.</string>
 	</array>
 	<key>com.apple.security.device.camera</key>
 	<true/>