From 80f1cb6227489dd06dd8ec800a85e3a6fecd86f3 Mon Sep 17 00:00:00 2001
From: Percy Wegmann <percy@tailscale.com>
Date: Tue, 27 Feb 2024 21:21:16 -0600
Subject: [PATCH] tailfs: support storing bookmark data on shares

This allows the sandboxed Mac application to store security-
scoped URL bookmarks in order to maintain access to restricted
folders across restarts.

Updates tailscale/corp#16827

Signed-off-by: Percy Wegmann <percy@tailscale.com>
---
 tailfs/remote.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tailfs/remote.go b/tailfs/remote.go
index 63f5997c6..a60620eb4 100644
--- a/tailfs/remote.go
+++ b/tailfs/remote.go
@@ -31,6 +31,14 @@ type Share struct {
 	// Can be left blank to use the default value of "whoever is running the
 	// Tailscale GUI".
 	As string `json:"who"`
+
+	// BookmarkData contains security-scoped bookmark data for the Sandboxed
+	// Mac application. The Sandboxed Mac application gains permission to
+	// access the Share's folder as a result of a user selecting it in a file
+	// picker. In order to retain access to it across restarts, it needs to
+	// hold on to a security-scoped bookmark. That bookmark is stored here. See
+	// https://developer.apple.com/documentation/security/app_sandbox/accessing_files_from_the_macos_app_sandbox#4144043
+	BookmarkData []byte `json:"bookmarkData"`
 }
 
 // FileSystemForRemote is the TailFS filesystem exposed to remote nodes. It