Don't do the security scope bookmark dance if not in a sandboxed process

No point in doing it in build-time tools like cppumaker which don't run as sandboxed processes. Just slows them down a lot, while cfprefsd consumes lots of CPU doing user preference lookups in vain for every file accessed through the uunxapi functions. Change-Id: I83e55a8e8d0c4f2c60c60ecad2c831e42c9e5bfd

Don't do the security scope bookmark dance if not in a sandboxed process
No point in doing it in build-time tools like cppumaker which don't run as sandboxed processes. Just slows them down a lot, while cfprefsd consumes lots of CPU doing user preference lookups in vain for every file accessed through the uunxapi functions. Change-Id: I83e55a8e8d0c4f2c60c60ecad2c831e42c9e5bfd
8e279c79 · Tor Lillqvist · 59ddf721 · 8e279c79 · 8e279c79
Kaydet (Commit) 8e279c79 authored Agu 14, 2014 tarafından Tor Lillqvist
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 4 deletions

Library_sal.mk sal/Library_sal.mk +1 -0

uunxapi.cxx sal/osl/unx/uunxapi.cxx +35 -4

No files found.
--- a/sal/Library_sal.mk
+++ b/sal/Library_sal.mk
@@ -81,6 +81,7 @@ $(eval $(call gb_Library_use_system_darwin_frameworks,sal,\
 	Carbon \
 	CoreFoundation \
 	Foundation \
+	$(if $(ENABLE_MACOSX_SANDBOX),Security) \
 ))
 endif


--- a/sal/osl/unx/uunxapi.cxx
+++ b/sal/osl/unx/uunxapi.cxx
@@ -37,11 +37,36 @@ inline rtl::OString OUStringToOString(const rtl_uString* s)

 #if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX

+#include <Foundation/Foundation.h>
+#include <Security/Security.h>
+#include <mach-o/dyld.h>
+
 static NSUserDefaults *userDefaults = NULL;
+static bool isSandboxed = false;

-static void get_user_defaults()
+static void do_once()
 {
-    userDefaults = [NSUserDefaults standardUserDefaults];
+    SecCodeRef code;
+    OSStatus rc = SecCodeCopySelf(kSecCSDefaultFlags, &code);
+
+    SecStaticCodeRef staticCode;
+    if (rc == errSecSuccess)
+        rc = SecCodeCopyStaticCode(code, kSecCSDefaultFlags, &staticCode);
+
+    CFDictionaryRef signingInformation;
+    if (rc == errSecSuccess)
+        rc = SecCodeCopySigningInformation(staticCode, kSecCSRequirementInformation, &signingInformation);
+
+    CFDictionaryRef entitlements = NULL;
+    if (rc == errSecSuccess)
+        entitlements = (CFDictionaryRef) CFDictionaryGetValue(signingInformation, kSecCodeInfoEntitlementsDict);
+
+    if (entitlements != NULL)
+        if (CFDictionaryGetValue(entitlements, CFSTR("com.apple.security.app-sandbox")) != NULL)
+            isSandboxed = true;
+
+    if (isSandboxed)
+        userDefaults = [NSUserDefaults standardUserDefaults];
 }

 typedef struct {
@@ -53,12 +78,15 @@ static accessFilePathState *
 prepare_to_access_file_path( const char *cpFilePath )
 {
    static pthread_once_t once = PTHREAD_ONCE_INIT;
-    pthread_once(&once, &get_user_defaults);
+    pthread_once(&once, &do_once);
    NSURL *fileURL = nil;
    NSData *data = nil;
    BOOL stale;
    accessFilePathState *state;

+    if (!isSandboxed)
+        return NULL;
+
    // If malloc() fails we are screwed anyway
    state = (accessFilePathState*) malloc(sizeof(accessFilePathState));

@@ -86,6 +114,9 @@ prepare_to_access_file_path( const char *cpFilePath )
 static void
 done_accessing_file_path( const char * /*cpFilePath*/, accessFilePathState *state )
 {
+    if (!isSandboxed)
+        return;
+
    int saved_errno = errno;

    if (state->scopeURL != nil)
@@ -259,7 +290,7 @@ int open_c(const char *cpPath, int oflag, int mode)
    int result = open(cpPath, oflag, mode);

 #if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
-    if (result != -1 && (oflag & O_CREAT) && (oflag & O_EXCL))
+    if (isSandboxed && result != -1 && (oflag & O_CREAT) && (oflag & O_EXCL))
    {
        // A new file was created. Check if it is outside the sandbox.
        // (In that case it must be one the user selected as export or