How do I see where can a sandboxed Mac application write on my disk?
I know the app entitlements define its scope of access to resources. I already figured out how to get an app's entitlements, using the answer to this question
For example, to see Safari's entitlements, I use the following command in Terminal:
codesign -d --entitlements :- /Applications/Safari.app/
However, I cannot find there any list of directories the app can use to write files, and no list of directories where it can't. I'm especially interested to know where does Safari store temporary mid-download files.
Please advise.
Any sandboxed app always has full access to anywhere in its own sandbox. Safari's sandbox is
~/Library/Containers/com.apple.Safari