com.apple.security.app-sandbox com.apple.security.application-groups $(TeamIdentifierPrefix)group.$(BUNDLE_IDENTIFIER_BASE) com.apple.security.automation.apple-events com.apple.security.files.user-selected.read-only