How to enforce sandbox rules for the particular app?

Solution 1:

Yes, you can change the binary, or even change the Info.plist, but like changing the binary you make will need to do this again each time the app is updated. There's no way to do this without changing the app in a way that won't be overwritten when it's updated.

You can automatically make your changes with a Launch Agent.
Save the following in ~/Library/LaunchAgents as com.yourname.youragent.plist, then run launchctl load ~/Library/LaunchAgents/com.yourname.youragent.plist.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>Label</key>
        <string>com.yourname.youragent</string>
        <key>OnDemand</key>
        <true/>
        <key>Program</key>
        <string>cp</string>
        <key>ProgramArguments</key>
        <array>
            <string>/Users/grgarside/test/MyApp</string>
            <string>/Applications/MyApp.app/Contents/MacOS/</string>
        </array>
        <key>WatchPaths</key>
        <array>
            <string>/Applications/MyApp.app/Contents/MacOS/MyApp</string>
        </array>
    </dict>
</plist>

The above script will watch the WatchPaths for any modifications (in this case, it's watching the binary for an app) and will run cp to copy your binary to the app in /Applications.