The generated Xcode plist is a binary format and looks like this, as a rule, for the standard standard sandbox setting:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.ubiquity-container-identifiers</key> <array> <string>$(TeamIdentifierPrefix)com.company.appanme</string> </array> <key>com.apple.developer.ubiquity-kvstore-identifier</key> <string>$(TeamIdentifierPrefix)com.company.appname</string> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.assets.movies.read-only</key> <true/> <key>com.apple.security.assets.music.read-only</key> <true/> <key>com.apple.security.assets.pictures.read-only</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.print</key> <true/> <key>com.apple.security.files.bookmarks.document-scope</key> <true/> </dict> </plist>
All I can offer is to use Xcode to create a plist and delete those keys that you do not need manually. In your case ...
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/> </dict> </plist>
I'm just wondering if the !DOCTYPE element is required for some reason with a signature tool, and the encoding attribute should be in uppercase.
I also left a few keys that may be needed even if, as you say, this is a basic lisp application, in particular the com.apple.security.files.user-selected.read-write key, which will provide your process file.