[Libreoffice-commits] core.git: 3 commits - fpicker/source Repository.mk sal/Library_sal.mk sal/osl
Tor Lillqvist
tml at iki.fi
Fri Aug 23 11:47:31 PDT 2013
Repository.mk | 4 +-
fpicker/source/aqua/SalAquaFilePicker.mm | 32 +++++++++++++++++++
sal/Library_sal.mk | 3 +
sal/osl/unx/file.cxx | 50 +++++++++++++++++++++++++++++--
sal/osl/unx/system.c | 13 ++++----
5 files changed, 90 insertions(+), 12 deletions(-)
New commits:
commit 6d7a70b4a40941d3dbb4724a3d30af4196b46fca
Author: Tor Lillqvist <tml at iki.fi>
Date: Fri Aug 23 20:32:19 2013 +0200
Bypass the alias resolving completely when sandboxed
Attempting to look up the bookmark data for a file will try acessing
its resource fork, causing messages like:
soffice(83685) deny file-read-data /Users/tml/Documents/b.odt/..namedfork/rsrc
Change-Id: I1b2b0b493a46aa629581b921c94c5014f994e75c
diff --git a/sal/osl/unx/system.c b/sal/osl/unx/system.c
index 55a5bb5..eb19fbc 100644
--- a/sal/osl/unx/system.c
+++ b/sal/osl/unx/system.c
@@ -145,16 +145,16 @@ int macxp_resolveAlias(char *path, int buflen)
#if HAVE_FEATURE_MACOSX_SANDBOX
/* Avoid unnecessary messages in the system.log:
*
- * kernel[0]: Sandbox: soffice(57342) deny file-read-data /Users
- * kernel[0]: Sandbox: soffice(57342) deny file-read-data /Users/tml
+ * soffice(57342) deny file-read-data /Users/tml/Documents/b.odt/..namedfork/rsrc
+ * etc.
*
- * etc. It is quite unlikely anyway, I hope, that anything except
- * the last component of a path name would be a bookmark.
+ * Just don't bother with resolving aliases. I doubt its usefulness anyway.
*/
- char *unprocessedPath = path + strlen(path) - 1;
+ (void) path;
+ (void) buflen;
+ return 0;
#else
char *unprocessedPath = path;
-#endif
if ( *unprocessedPath == '/' )
unprocessedPath++;
@@ -230,6 +230,7 @@ int macxp_resolveAlias(char *path, int buflen)
}
return nRet;
+#endif
}
#endif /* defined MACOSX */
commit d22c94dbf16d18bce39f060aa21f3083169426ca
Author: Tor Lillqvist <tml at iki.fi>
Date: Fri Aug 23 09:51:48 2013 +0300
Make our File>Recent Documents work better when sandboxed
Store security scope bookmarks for files selected in the file picker
in the user data. (I looked into storing it in the LO "registry" in
the Histories/PickList thingies, but that was horribly complex.)
When opening a file, if we have stored a security scope bookmark for
it, use that while opening the file.
Change-Id: I347ae2dd815299441c17467d9b66a226061d0ed2
diff --git a/fpicker/source/aqua/SalAquaFilePicker.mm b/fpicker/source/aqua/SalAquaFilePicker.mm
index 44b1382..ffa9c9c 100644
--- a/fpicker/source/aqua/SalAquaFilePicker.mm
+++ b/fpicker/source/aqua/SalAquaFilePicker.mm
@@ -1,4 +1,4 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* -*- Mode: ObjC; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
@@ -17,6 +17,8 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
+
#include "sal/config.h"
#include <com/sun/star/lang/DisposedException.hpp>
@@ -300,6 +302,17 @@ uno::Sequence<rtl::OUString> SAL_CALL SalAquaFilePicker::getFiles() throw( uno::
SolarMutexGuard aGuard;
+#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+ static NSUserDefaults *userDefaults;
+ static bool triedUserDefaults = false;
+
+ if (!triedUserDefaults)
+ {
+ userDefaults = [NSUserDefaults standardUserDefaults];
+ triedUserDefaults = true;
+ }
+#endif
+
// OSL_TRACE("starting work");
/*
* If more than one file is selected in an OpenDialog, then the first result
@@ -322,6 +335,23 @@ uno::Sequence<rtl::OUString> SAL_CALL SalAquaFilePicker::getFiles() throw( uno::
for(int nIndex = 0; nIndex < nFiles; nIndex += 1)
{
NSURL *url = [files objectAtIndex:nIndex];
+
+#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+ if (userDefaults != NULL &&
+ [url respondsToSelector:@selector(bookmarkDataWithOptions:includingResourceValuesForKeys:relativeToURL:error:)])
+ {
+ NSData *data = [url bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope
+ includingResourceValuesForKeys:nil
+ relativeToURL:nil
+ error:nil];
+ if (data != NULL)
+ {
+ [userDefaults setObject:data
+ forKey:[@"bookmarkFor:" stringByAppendingString:[url absoluteString]]];
+ }
+ }
+#endif
+
OSL_TRACE("handling %s", [[url description] UTF8String]);
InfoType info = FULLPATH;
if (nFiles > 1) {
diff --git a/sal/Library_sal.mk b/sal/Library_sal.mk
index 37e01a6..093546f 100644
--- a/sal/Library_sal.mk
+++ b/sal/Library_sal.mk
@@ -75,6 +75,7 @@ ifeq ($(OS),MACOSX)
$(eval $(call gb_Library_use_system_darwin_frameworks,sal,\
Carbon \
CoreFoundation \
+ Foundation \
))
endif
@@ -122,7 +123,7 @@ $(eval $(call gb_Library_add_cobjects,sal,\
sal/osl/all/filepath \
))
-ifeq ($(OS),IOS)
+ifneq (,$(filter IOS MACOSX,$(OS)))
$(eval $(call gb_Library_add_cxxflags,sal,\
$(gb_OBJCXXFLAGS) \
))
diff --git a/sal/osl/unx/file.cxx b/sal/osl/unx/file.cxx
index 279b3211..cf9e491 100644
--- a/sal/osl/unx/file.cxx
+++ b/sal/osl/unx/file.cxx
@@ -1,4 +1,4 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* -*- Mode: ObjC; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
@@ -43,8 +43,7 @@
#include <sys/mount.h>
#define HAVE_O_EXLOCK
-// add MACOSX Time Value
-#include <CoreFoundation/CoreFoundation.h>
+#include <Foundation/Foundation.h>
#endif /* MACOSX */
@@ -843,6 +842,17 @@ SAL_CALL osl_openMemoryAsFile( void *address, size_t size, oslFileHandle *pHandl
#define OPEN_CREATE_FLAGS ( O_CREAT | O_RDWR )
#endif
+#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+
+static NSUserDefaults *userDefaults = NULL;
+
+static void get_user_defaults()
+{
+ userDefaults = [NSUserDefaults standardUserDefaults];
+}
+
+#endif
+
oslFileError
SAL_CALL osl_openFilePath( const char *cpFilePath, oslFileHandle* pHandle, sal_uInt32 uFlags )
{
@@ -906,8 +916,42 @@ SAL_CALL osl_openFilePath( const char *cpFilePath, oslFileHandle* pHandle, sal_u
flags = osl_file_adjustLockFlags (cpFilePath, flags);
}
+#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+ static pthread_once_t once = PTHREAD_ONCE_INIT;
+ pthread_once(&once, &get_user_defaults);
+ NSURL *fileURL = NULL;
+ NSData *data = NULL;
+ NSURL *scopeURL = NULL;
+ BOOL stale;
+
+ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
+
+ if (userDefaults != NULL)
+ fileURL = [NSURL fileURLWithPath:[NSString stringWithUTF8String:cpFilePath]];
+
+ if (fileURL != NULL)
+ data = [userDefaults dataForKey:[@"bookmarkFor:" stringByAppendingString:[fileURL absoluteString]]];
+
+ if (data != NULL)
+ scopeURL = [NSURL URLByResolvingBookmarkData:data
+ options:NSURLBookmarkResolutionWithSecurityScope
+ relativeToURL:nil
+ bookmarkDataIsStale:&stale
+ error:nil];
+ if (scopeURL != NULL)
+ [scopeURL startAccessingSecurityScopedResource];
+#endif
+
/* open the file */
int fd = open( cpFilePath, flags, mode );
+
+
+#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+ if (scopeURL != NULL)
+ [scopeURL stopAccessingSecurityScopedResource];
+ [pool release];
+#endif
+
#ifdef IOS
/* Horrible hack: If opening for RDWR and getting EPERM, just try
* again for RDONLY. Quicker this way than to figure out why
commit 523df6efab74549f1e0d061d48160978ce038f37
Author: Tor Lillqvist <tml at iki.fi>
Date: Thu Aug 22 23:59:25 2013 +0300
Must bypass AppleRemote here, too, if ENABLE_MACOSX_SANDBOX
Change-Id: I5bc2588c8a5cdb836e72a160233fe1add63de8e8
diff --git a/Repository.mk b/Repository.mk
index 43ee143..3ccadb1 100644
--- a/Repository.mk
+++ b/Repository.mk
@@ -378,7 +378,9 @@ $(eval $(call gb_Helper_register_libraries_for_install,OOOLIBS,ooo, \
wininetbe1 \
) \
$(if $(filter $(OS),MACOSX), \
- AppleRemote \
+ $(if $(ENABLE_MACOSX_SANDBOX),, \
+ AppleRemote \
+ ) \
fps_aqua \
MacOSXSpell \
) \
More information about the Libreoffice-commits
mailing list