desktop/source/app/check_ext_deps.cxx | 3 ++ desktop/source/deployment/misc/dp_misc.cxx | 4 ++ sal/Library_sal.mk | 1 sal/osl/unx/uunxapi.cxx | 39 ++++++++++++++++++++++++++--- 4 files changed, 42 insertions(+), 5 deletions(-)
New commits: commit 8e279c79f88608a4ab4dfc74c0a66a7947ea1482 Author: Tor Lillqvist <t...@collabora.com> Date: Fri Aug 15 01:39:49 2014 +0300 Don't do the security scope bookmark dance if not in a sandboxed process No point in doing it in build-time tools like cppumaker which don't run as sandboxed processes. Just slows them down a lot, while cfprefsd consumes lots of CPU doing user preference lookups in vain for every file accessed through the uunxapi functions. Change-Id: I83e55a8e8d0c4f2c60c60ecad2c831e42c9e5bfd diff --git a/sal/Library_sal.mk b/sal/Library_sal.mk index 16c4876..77d4176 100644 --- a/sal/Library_sal.mk +++ b/sal/Library_sal.mk @@ -81,6 +81,7 @@ $(eval $(call gb_Library_use_system_darwin_frameworks,sal,\ Carbon \ CoreFoundation \ Foundation \ + $(if $(ENABLE_MACOSX_SANDBOX),Security) \ )) endif diff --git a/sal/osl/unx/uunxapi.cxx b/sal/osl/unx/uunxapi.cxx index 6fb75a1..8690c4d 100644 --- a/sal/osl/unx/uunxapi.cxx +++ b/sal/osl/unx/uunxapi.cxx @@ -37,11 +37,36 @@ inline rtl::OString OUStringToOString(const rtl_uString* s) #if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX +#include <Foundation/Foundation.h> +#include <Security/Security.h> +#include <mach-o/dyld.h> + static NSUserDefaults *userDefaults = NULL; +static bool isSandboxed = false; -static void get_user_defaults() +static void do_once() { - userDefaults = [NSUserDefaults standardUserDefaults]; + SecCodeRef code; + OSStatus rc = SecCodeCopySelf(kSecCSDefaultFlags, &code); + + SecStaticCodeRef staticCode; + if (rc == errSecSuccess) + rc = SecCodeCopyStaticCode(code, kSecCSDefaultFlags, &staticCode); + + CFDictionaryRef signingInformation; + if (rc == errSecSuccess) + rc = SecCodeCopySigningInformation(staticCode, kSecCSRequirementInformation, &signingInformation); + + CFDictionaryRef entitlements = NULL; + if (rc == errSecSuccess) + entitlements = (CFDictionaryRef) CFDictionaryGetValue(signingInformation, kSecCodeInfoEntitlementsDict); + + if (entitlements != NULL) + if (CFDictionaryGetValue(entitlements, CFSTR("com.apple.security.app-sandbox")) != NULL) + isSandboxed = true; + + if (isSandboxed) + userDefaults = [NSUserDefaults standardUserDefaults]; } typedef struct { @@ -53,12 +78,15 @@ static accessFilePathState * prepare_to_access_file_path( const char *cpFilePath ) { static pthread_once_t once = PTHREAD_ONCE_INIT; - pthread_once(&once, &get_user_defaults); + pthread_once(&once, &do_once); NSURL *fileURL = nil; NSData *data = nil; BOOL stale; accessFilePathState *state; + if (!isSandboxed) + return NULL; + // If malloc() fails we are screwed anyway state = (accessFilePathState*) malloc(sizeof(accessFilePathState)); @@ -86,6 +114,9 @@ prepare_to_access_file_path( const char *cpFilePath ) static void done_accessing_file_path( const char * /*cpFilePath*/, accessFilePathState *state ) { + if (!isSandboxed) + return; + int saved_errno = errno; if (state->scopeURL != nil) @@ -259,7 +290,7 @@ int open_c(const char *cpPath, int oflag, int mode) int result = open(cpPath, oflag, mode); #if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX - if (result != -1 && (oflag & O_CREAT) && (oflag & O_EXCL)) + if (isSandboxed && result != -1 && (oflag & O_CREAT) && (oflag & O_EXCL)) { // A new file was created. Check if it is outside the sandbox. // (In that case it must be one the user selected as export or commit 59ddf7216d52dd5492ffe1362174518dc2f5e0ce Author: Tor Lillqvist <t...@collabora.com> Date: Tue Feb 25 16:26:30 2014 +0200 Don't do the annoying restart thing when sandboxed on OS X, ignore risks... So far we have just displayed a hugely annoying dialog "sorry, but we suck, you need to start LibreOffice again". But that sucks. So just try to do without restart then, and let's see what happens. At least in trivial testing, no crash. Change-Id: I475fe49a0fdb8086bb33a165a08b32ac46548857 diff --git a/desktop/source/app/check_ext_deps.cxx b/desktop/source/app/check_ext_deps.cxx index e32bb13..ad2d72b 100644 --- a/desktop/source/app/check_ext_deps.cxx +++ b/desktop/source/app/check_ext_deps.cxx @@ -18,6 +18,7 @@ */ #include <config_folders.h> +#include <config_features.h> #include <osl/file.hxx> #include <osl/mutex.hxx> @@ -420,8 +421,10 @@ void Desktop::SynchronizeExtensionRepositories() if (m_bCleanedExtensionCache) { deployment::ExtensionManager::get(context)->reinstallDeployedExtensions( true, "user", Reference<task::XAbortChannel>(), silent); +#if !HAVE_FEATURE_MACOSX_SANDBOX task::OfficeRestartManager::get(context)->requestRestart( silent->getInteractionHandler()); +#endif } else { // reinstallDeployedExtensions above already calls syncRepositories // internally: diff --git a/desktop/source/deployment/misc/dp_misc.cxx b/desktop/source/deployment/misc/dp_misc.cxx index a021e23..159605a 100644 --- a/desktop/source/deployment/misc/dp_misc.cxx +++ b/desktop/source/deployment/misc/dp_misc.cxx @@ -18,6 +18,7 @@ */ #include <config_folders.h> +#include <config_features.h> #include "dp_misc.h" #include "dp_version.hxx" @@ -559,7 +560,7 @@ void syncRepositories( Reference<task::XAbortChannel>(), xCmdEnv); } } - +#if !HAVE_FEATURE_MACOSX_SANDBOX if (bModified) { Reference<task::XRestartManager> restarter(task::OfficeRestartManager::get(comphelper::getProcessComponentContext())); @@ -570,6 +571,7 @@ void syncRepositories( Reference<task::XInteractionHandler>()); } } +#endif } void disposeBridges(Reference<css::uno::XComponentContext> const & ctx) _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits