I've made an app which includes a command-line tool. I have enabled the app's sandbox, and tested that it works. I've also code-signed both the app and the command line tool.

But when I upload the app to iTunes, I received a email telling me "App sandbox not enabled".

Apparently I need to set entitlement file of key com.apple.security.app-sandbox with true value, and list the executables: /Contents/MacOS/myApp and /contents/Frameworks/x86/myCommandLineTool.

I'm sure I've enabled sandbox in Xcode, so I thought the problem was with the command line tool.

How can I enable sandbox for command line tool? Or is there a specific folder I should put the tool? Any suggestions welcome - I have been troubled by it for several days.

I had the same issue and after some search, trial & error, this is what worked for me:

1. create an entitlement file - for me it was just com.apple.security.inherit set to YES. I created this file in xcode itself.

2. Now sign this commandline tool using the command:

   codesign --entitlements ./entitlements.plist -s "copy & paste your certificate from keychain" ./commandlinetool   
   

3. Just to be sure, check using this command:

   codesign --display --entitlements - ./commandlinetool   
   

4. This tool was already included in the project. So just compile, archive & submit

The status is now 'waiting for review'.