[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-4.1' - 30 commits - apple_remote/Module_apple_remote.mk config_host/config_features.h.in configure.ac desktop/Library_sofficeapp.mk desktop/source fpicker/source framework/source Makefile.in sal/Library_sal.mk sal/osl scp2/source sd/source setup_native/source sfx2/source smoketest/CppunitTest_smoketest.mk smoketest/Module_smoketest.mk solenv/bin solenv/gbuild ucb/source vcl/aqua vcl/inc vcl/Library_vcl.mk
Tor Lillqvist
tml at collabora.com
Tue Jan 28 07:48:18 PST 2014
Makefile.in | 46 -----
apple_remote/Module_apple_remote.mk | 2
config_host/config_features.h.in | 8
configure.ac | 1
desktop/Library_sofficeapp.mk | 12 +
desktop/source/app/app.cxx | 4
desktop/source/app/cmdlineargs.cxx | 13 +
fpicker/source/aqua/FilterHelper.mm | 11 -
fpicker/source/aqua/NSURL_OOoAdditions.mm | 28 +--
fpicker/source/aqua/SalAquaFilePicker.mm | 47 ++++-
fpicker/source/aqua/SalAquaPicker.mm | 28 +--
framework/source/services/autorecovery.cxx | 2
sal/Library_sal.mk | 3
sal/osl/unx/file.cxx | 15 +
sal/osl/unx/file_misc.cxx | 2
sal/osl/unx/file_stat.cxx | 4
sal/osl/unx/system.c | 89 ++++++----
sal/osl/unx/uunxapi.cxx | 213 +++++++++++++++++++++++--
sal/osl/unx/uunxapi.h | 6
scp2/source/ooo/common_brand.scp | 10 -
sd/source/ui/remotecontrol/BluetoothServer.cxx | 2
setup_native/source/mac/CodesignRules.plist | 19 ++
sfx2/source/doc/docfile.cxx | 12 +
smoketest/CppunitTest_smoketest.mk | 8
smoketest/Module_smoketest.mk | 2
solenv/bin/macosx-codesign-app-bundle | 86 ++++++++++
solenv/bin/modules/installer/simplepackage.pm | 30 ---
solenv/gbuild/gbuild.mk | 1
solenv/gbuild/platform/macosx.mk | 8
ucb/source/ucp/file/shell.cxx | 21 ++
vcl/Library_vcl.mk | 7
vcl/aqua/source/app/saldata.cxx | 6
vcl/aqua/source/app/salinst.cxx | 19 --
vcl/aqua/source/app/vclnsapp.mm | 18 --
vcl/aqua/source/dtrans/DataFlavorMapping.cxx | 23 --
vcl/aqua/source/dtrans/PictToBmpFlt.cxx | 141 ----------------
vcl/aqua/source/dtrans/PictToBmpFlt.hxx | 18 --
vcl/aqua/source/gdi/salprn.cxx | 4
vcl/aqua/source/window/salframe.cxx | 28 ---
vcl/aqua/source/window/salmenu.cxx | 3
vcl/inc/aqua/saldata.hxx | 6
vcl/inc/aqua/salframe.h | 10 -
vcl/inc/aqua/vclnsapp.h | 4
43 files changed, 590 insertions(+), 430 deletions(-)
New commits:
commit e0b19e6f93e6936f994f7e7775f375e5fae01ebc
Author: Tor Lillqvist <tml at collabora.com>
Date: Tue Jan 28 16:55:09 2014 +0200
Backport OS X code signing changes from 4.2 and master
Includes Cloph's dad46670ccd3f2a79ad61812ea5a48120e82058d: allow to
codesign on Mac OS X Mavericks
codesign on Mavericks wants much more stuff to be signed apart from the
actual Mach libraries and executables. However the signature for those
data-style files are stored as extended files attributes, so one needs
to take special care on how to package the dmg to not break the seal.
Also explicitly remove some files from the signing, to allow adjusting
user-config path or similar or for gallery.
Change-Id: I3d27f9ba6b6cc141db418137260f07d86c7baeb3
diff --git a/Makefile.in b/Makefile.in
index 3dd8b51..ef8f291 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -269,51 +269,7 @@ else
ifeq ($(DISABLE_LINKOO),TRUE)
@ooinstall $(DEVINSTALLDIR)/opt
ifneq ($(MACOSX_CODESIGNING_IDENTITY),)
-#
-# Sign dylibs
-#
-# Executables get signed right after linking, see
-# solenv/gbuild/platform/macosx.mk. But many of our dylibs are built
-# by ad-hoc or 3rd-party mechanisms, so we can't easily sign them
-# right after linking. So do it here.
-#
-# The dylibs in the Python framework are called *.so. Go figure
-#
- find $(DEVINSTALLDIR)/opt/LibreOffice.app \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \) ! -type l | \
- while read dylib; do \
- id=`basename "$$dylib"`; \
- case $$id in \
- *.dylib|*.so) \
- ;; \
- *.dylib.*) \
- id=`echo $$id | sed -e 's/dylib.*/dylib/'`; \
- ;; \
- esac; \
- codesign --verbose --identifier=$(MACOSX_BUNDLE_IDENTIFIER).$$id --sign $(MACOSX_CODESIGNING_IDENTITY) "$$dylib"; \
- done
-#
-# Sign frameworks.
-#
-# Yeah, we don't bundle any other framework than our Python one, and
-# it has just one version, so this generic search is mostly for
-# completeness.
-#
- for framework in `find $(DEVINSTALLDIR)/opt/LibreOffice.app -name '*.framework' -type d`; do \
- for version in $$framework/Versions/*; do \
- if test ! -L $$version -a -d $$version; then codesign --force --verbose --prefix=$(MACOSX_BUNDLE_IDENTIFIER). --sign $(MACOSX_CODESIGNING_IDENTITY) $$version; fi; \
- done; \
- done
-#
-# Sign the app bundle as a whole (will sign the soffice binary)
-#
-# The soffice binary will have been signed after linking but it needs
-# to be re-signed as it has been renamed, or modified, or something
-# after linking.
-#
-# At this stage we also attach the entitlements in the sandboxing case
-#
- codesign --force --verbose --sign $(MACOSX_CODESIGNING_IDENTITY) $(entitlements) $(DEVINSTALLDIR)/opt/LibreOffice.app
-#
+ @macosx-codesign-app-bundle $(DEVINSTALLDIR)/opt/LibreOffice.app
endif
@install-gdb-printers -L
else
diff --git a/setup_native/source/mac/CodesignRules.plist b/setup_native/source/mac/CodesignRules.plist
new file mode 100644
index 0000000..e638f92
--- /dev/null
+++ b/setup_native/source/mac/CodesignRules.plist
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>rules</key>
+ <dict>
+ <key>^MacOS/(bootstraprc|fundamentalrc|setuprc|sofficerc|unorc|versionrc)$</key>
+ <false/>
+ <key>^MacOS/pythonloader.unorc$</key>
+ <false/>
+ <key>^MacOS/postgresql-sdbc.ini$</key>
+ <false/>
+ <key>^MacOS/(senddoc|python|gengal|unoinfo)$</key>
+ <false/>
+ <key>.*\.(png|svg|py|res|rdb)$</key>
+ <false/>
+ </dict>
+</dict>
+</plist>
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle
new file mode 100755
index 0000000..80a647c
--- /dev/null
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+# Script to sign dylibs and frameworks in an app bundle plus the
+# bundle itself. Called from
+# installer::simplepackage::create_package() in
+# solenv/bin/modules/installer/simplepackage.pm
+
+test `uname` = Darwin || { echo This is for OS X only; exit 1; }
+
+test $# = 1 || { echo Usage: $0 app-bundle; exit 1; }
+
+for V in \
+ BUILDDIR \
+ MACOSX_BUNDLE_IDENTIFIER \
+ MACOSX_CODESIGNING_IDENTITY; do
+ if test -z "$(eval echo '$'$V)"; then
+ echo No '$'$V "environment variable! This should be run in a build only"
+ exit 1
+ fi
+done
+
+APP_BUNDLE=$1
+
+# Sign dylibs
+#
+# Executables get signed right after linking, see
+# solenv/gbuild/platform/macosx.mk. But many of our dylibs are built
+# by ad-hoc or 3rd-party mechanisms, so we can't easily sign them
+# right after linking. So do it here.
+#
+# The dylibs in the Python framework are called *.so. Go figure
+#
+# On Mavericks also would like to have data files signed...
+# add some where it makes sense. Make a depth-first search to sign the contents
+# of e.g. the spotlight plugin before attempting to sign the plugin itself
+
+find $APP_BUNDLE \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \
+ -or -name '*.fodt' -or -name 'schema.strings' -or -name 'schema.xml' -or -name '*.mdimporter' \
+ -or -name '*.jar' -or -name '*.jnilib' -or -name 'LICENSE' -or -name 'LICENSE.html' \
+ -or -name '*.applescript' \) ! -type l | grep -v "LibreOfficePython\.framework" |
+while read dylib; do
+ id=`basename "$dylib"`
+ id=`echo $id | sed -e 's/\.dylib.*/dylib/'`
+ codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$dylib"
+done
+
+# The executables have already been signed by
+# gb_LinkTarget__command_dynamiclink in
+# solenv/gbuild/platform/macosx.mk.
+
+# Sign frameworks.
+#
+# Yeah, we don't bundle any other framework than our Python one, and
+# it has just one version, so this generic search is mostly for
+# completeness.
+
+for framework in `find $APP_BUNDLE -name '*.framework' -type d`; do
+ fn="$(basename $framework)"
+ fn=${fn%.*}
+ for version in $framework/Versions/*; do
+ if test ! -L $version -a -d $version; then
+ codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version/$fn
+ codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version
+ fi
+ done
+done
+
+# Sign the app bundle as a whole which means (re-)signing the
+# CFBundleExecutable from Info.plist, i.e. soffice, plus the contents
+# of the Resources tree (which unless you used
+# --enable-canonical-installation-tree-structure is not much, far from
+# all of our non-code "resources").
+#
+# At this stage we also attach the entitlements in the sandboxing case
+#
+# Also omit some files from the Bundle's seal via the resource-rules
+# (bootstraprc and similar that the user might adjust and image files)
+# See also https://developer.apple.com/library/mac/technotes/tn2206/
+
+if test "$ENABLE_MACOSX_SANDBOX" = "TRUE"; then
+ entitlements="--entitlements $BUILDDIR/lo.xcent"
+fi
+
+codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$(basename ${APP_BUNDLE})" --resource-rules "$SRCDIR/setup_native/source/mac/CodesignRules.plist" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements $APP_BUNDLE
+
+exit 0
diff --git a/solenv/bin/modules/installer/simplepackage.pm b/solenv/bin/modules/installer/simplepackage.pm
index ec4826a..63a4c8b 100644
--- a/solenv/bin/modules/installer/simplepackage.pm
+++ b/solenv/bin/modules/installer/simplepackage.pm
@@ -404,30 +404,7 @@ sub create_package
if (($volume_name_classic_app eq 'LibreOffice' || $volume_name_classic_app eq 'LibreOfficeDev') &&
defined($ENV{'MACOSX_CODESIGNING_IDENTITY'}) && $ENV{'MACOSX_CODESIGNING_IDENTITY'} ne "" )
{
- # Sign the .app as a whole, which means (re-)signing
- # the CFBundleExecutable from Info.plist, i.e.
- # soffice, plus the contents of the Resources tree
- # (which at the moment is not much, far from all of
- # our non-code "resources").
-
- # Don't bother yet to sign each individual .dylib. (We
- # do that for "make dev-install", but not here.)
-
- # The executables have already been signed by
- # gb_LinkTarget__command_dynamiclink in
- # solenv/gbuild/platform/macosx.mk.
-
- # Eventually it would be a good idea to re-organise
- # the app bundle structure to be more Mac-like and
- # actually put all non-code resources (including
- # extension scripts!) into Resources so that they
- # participate in the signing and their validity can be
- # guaranteed.
-
- $entitlements = '';
- $entitlements = "--entitlements $ENV{'BUILDDIR'}/lo.xcent" if defined($ENV{'ENABLE_MACOSX_SANDBOX'});
-
- $systemcall = "codesign --sign $ENV{'MACOSX_CODESIGNING_IDENTITY'} --force $entitlements -v -v -v $localtempdir/$folder/$volume_name_classic_app.app";
+ $systemcall = "$ENV{'SRCDIR'}/solenv/bin/macosx-codesign-app-bundle $localtempdir/$folder/$volume_name_classic_app.app";
print "... $systemcall ...\n";
my $returnvalue = system($systemcall);
$infoline = "Systemcall: $systemcall\n";
@@ -448,11 +425,9 @@ sub create_package
}
}
- $systemcall = "cd $localtempdir && hdiutil makehybrid -hfs -hfs-openfolder $folder $folder -hfs-volume-name \"$volume_name\" -ov -o $installdir/tmp && hdiutil convert -ov -format UDBZ $installdir/tmp.dmg -o $archive && ";
- if (( $ref ne "" ) && ( $$ref ne "" )) {
- $systemcall .= "hdiutil unflatten $archive && Rez -a $$ref -o $archive && hdiutil flatten $archive &&";
- }
- $systemcall .= "rm -f $installdir/tmp.dmg";
+ # makehybrid doesn't preserve extended attributes (needed when codesigning data files like .jar)
+ # unfortunately this method is slower than makehybrid followed by convert
+ $systemcall = "cd $localtempdir && hdiutil create -srcfolder $folder -volname \"$volume_name\" -ov -format UDBZ $archive";
}
else
{
diff --git a/solenv/gbuild/platform/macosx.mk b/solenv/gbuild/platform/macosx.mk
index a0843bd..16e68a4 100644
--- a/solenv/gbuild/platform/macosx.mk
+++ b/solenv/gbuild/platform/macosx.mk
@@ -126,6 +126,12 @@ $(if $(filter Executable,$(1)),\
$$(call gb_Library_get_layer,$(2)))
endef
+# We sign executables right after linking below. But not dylibs,
+# because many of them are built by ad-hoc or 3rd-party mechanisms. So
+# as we would need to sign those separately anyway, we do it for the
+# gbuild-built ones, too, after an app bundle has been constructed, in
+# the solenv/bin/macosx-codesign-app-bundle script.
+
define gb_LinkTarget__command_dynamiclink
$(call gb_Helper_abbreviate_dirs,\
mkdir -p $(dir $(1)) && \
@@ -156,7 +162,7 @@ $(call gb_Helper_abbreviate_dirs,\
ln -sf $(notdir $(1)) $(basename $(1)).jnilib &&) \
$(if $(MACOSX_CODESIGNING_IDENTITY), \
$(if $(filter Executable,$(TARGETTYPE)), \
- codesign --identifier=$(MACOSX_BUNDLE_IDENTIFIER).$(notdir $(1)) --sign $(MACOSX_CODESIGNING_IDENTITY) $(1) &&)) \
+ (codesign --identifier=$(MACOSX_BUNDLE_IDENTIFIER).$(notdir $(1)) --sign $(MACOSX_CODESIGNING_IDENTITY) --force $(1) || true) &&)) \
$(if $(filter Library,$(TARGETTYPE)),\
otool -l $(1) | grep -A 5 LC_ID_DYLIB > $(1).exports.tmp && \
$(NM) -g -P $(1) | cut -d' ' -f1-2 | grep -v U$$ \
commit 997bdf20a4d8f0a535b765c67e37172eb2d1fb5d
Author: Tor Lillqvist <tml at collabora.com>
Date: Tue Jan 28 16:48:01 2014 +0200
Don't bother with gdbtrace for OS X
Change-Id: I10f4d778db9739d6e99bd1cfc0d955499899d9cb
diff --git a/scp2/source/ooo/common_brand.scp b/scp2/source/ooo/common_brand.scp
index e87898f..e1556d2 100644
--- a/scp2/source/ooo/common_brand.scp
+++ b/scp2/source/ooo/common_brand.scp
@@ -479,6 +479,7 @@ File gid_Brand_File_Html_Thirdpartylicensereadme
End
#if defined UNX
+#ifndef MACOSX
File gid_Brand_File_Gdb_Trace
TXT_FILE_BODY;
@@ -488,6 +489,7 @@ File gid_Brand_File_Gdb_Trace
End
#endif
+#endif
File gid_Brand_File_Bin_Soffice
BIN_FILE_BODY;
commit c2f97355b371964f7c1d6e1aa31b7c85c5553cf0
Author: Tor Lillqvist <tml at collabora.com>
Date: Tue Jan 28 16:04:12 2014 +0200
No reason for these to be "binary" (executable)
Change-Id: I7fa3b2cd34f1ee51794ae1b0a8f2d524fe8feb7f
diff --git a/scp2/source/ooo/common_brand.scp b/scp2/source/ooo/common_brand.scp
index 7047875..e87898f 100644
--- a/scp2/source/ooo/common_brand.scp
+++ b/scp2/source/ooo/common_brand.scp
@@ -1397,7 +1397,7 @@ File gid_License_Txt
End
File gid_License_Odt
- BIN_FILE_BODY;
+ TXT_FILE_BODY;
#if defined MACOSX
Dir = gid_Dir_Bundle_Contents;
#else
@@ -1408,7 +1408,7 @@ File gid_License_Odt
End
File gid_Eula_Odt
- BIN_FILE_BODY;
+ TXT_FILE_BODY;
#if defined MACOSX
Dir = gid_Dir_Bundle_Contents;
#else
@@ -1419,7 +1419,7 @@ File gid_Eula_Odt
End
File gid_Credits_Odt
- BIN_FILE_BODY;
+ TXT_FILE_BODY;
#if defined MACOSX
Dir = gid_Dir_Bundle_Contents;
#else
@@ -1430,7 +1430,7 @@ File gid_Credits_Odt
End
File gid_Apache_Notice
- BIN_FILE_BODY;
+ TXT_FILE_BODY;
#if defined MACOSX
Dir = gid_Dir_Bundle_Contents;
#else
commit 1c566c5374b50b660c3be3a490aa5d9430d14e20
Author: Tor Lillqvist <tml at iki.fi>
Date: Sun Aug 25 21:29:40 2013 +0300
Don't sign the Current symlink in a framework
Change-Id: I14106827d86f798687cdeb560c0df007070469ee
diff --git a/Makefile.in b/Makefile.in
index ac9d1b4..3dd8b51 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -300,7 +300,7 @@ ifneq ($(MACOSX_CODESIGNING_IDENTITY),)
#
for framework in `find $(DEVINSTALLDIR)/opt/LibreOffice.app -name '*.framework' -type d`; do \
for version in $$framework/Versions/*; do \
- test -d $$version && codesign --force --verbose --prefix=$(MACOSX_BUNDLE_IDENTIFIER). --sign $(MACOSX_CODESIGNING_IDENTITY) $$version; \
+ if test ! -L $$version -a -d $$version; then codesign --force --verbose --prefix=$(MACOSX_BUNDLE_IDENTIFIER). --sign $(MACOSX_CODESIGNING_IDENTITY) $$version; fi; \
done; \
done
#
commit a7944903ad8d9326bb509ece1d277a88a3848798
Author: Tor Lillqvist <tml at iki.fi>
Date: Sun Aug 25 20:51:41 2013 +0300
Fix "Save As" when sandboxed on OS X
Change-Id: Ibe2ea21265a0bb9c4fedcef137626df2a8019116
diff --git a/fpicker/source/aqua/SalAquaFilePicker.mm b/fpicker/source/aqua/SalAquaFilePicker.mm
index 3b085f1..c0f3690 100644
--- a/fpicker/source/aqua/SalAquaFilePicker.mm
+++ b/fpicker/source/aqua/SalAquaFilePicker.mm
@@ -340,6 +340,12 @@ uno::Sequence<rtl::OUString> SAL_CALL SalAquaFilePicker::getFiles() throw( uno::
if (userDefaults != NULL &&
[url respondsToSelector:@selector(bookmarkDataWithOptions:includingResourceValuesForKeys:relativeToURL:error:)])
{
+ // In the case of "Save As" when the user has input a new
+ // file name, this call will return nil, as bookmarks can
+ // (naturally) only be created for existing file system
+ // objects. In that case, code at a much lower level, in
+ // sal, takes care of creating a bookmark when a new file
+ // has been created outside the sandbox.
NSData *data = [url bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope
includingResourceValuesForKeys:nil
relativeToURL:nil
diff --git a/sal/osl/unx/uunxapi.cxx b/sal/osl/unx/uunxapi.cxx
index f856e66..a563867 100644
--- a/sal/osl/unx/uunxapi.cxx
+++ b/sal/osl/unx/uunxapi.cxx
@@ -278,6 +278,33 @@ int open_c(const char *cpPath, int oflag, int mode)
int result = open(cpPath, oflag, mode);
+#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+ if (result != -1 && (oflag & O_CREAT) && (oflag & O_EXCL))
+ {
+ // A new file was created. Check if it is outside the sandbox.
+ // (In that case it must be one the user selected as export or
+ // save destination in a file dialog, otherwise we wouldn't
+ // have been able to crete it.) Create and store a security
+ // scoped bookmark for it so that we can access the file in
+ // the future, too. (For the "Recent Files" functionality.)
+ const char *sandbox = [NSHomeDirectory() UTF8String];
+ if (!(memcmp(sandbox, cpPath, strlen(sandbox)) == 0 &&
+ cpPath[strlen(sandbox)] == '/'))
+ {
+ NSURL *url = [NSURL fileURLWithPath:[NSString stringWithUTF8String:cpPath]];
+ NSData *data = [url bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope
+ includingResourceValuesForKeys:nil
+ relativeToURL:nil
+ error:nil];
+ if (data != NULL)
+ {
+ [userDefaults setObject:data
+ forKey:[@"bookmarkFor:" stringByAppendingString:[url absoluteString]]];
+ }
+ }
+ }
+#endif
+
done_accessing_file_path(cpPath, state);
return result;
commit 9c67ea808e60d824b5e72d19013ddebb999a4240
Author: Tor Lillqvist <tml at iki.fi>
Date: Sat Aug 24 22:43:43 2013 +0300
Avoid OS X sandbox messages when just checking if a pathname is a directory
Calling stat() on an arbitrary directory doesn't cause any sandbox
violation, it seems, even if the process has no access to that
directory. Calling opendir() on it is a sandbox violation.
Change-Id: I776c04653cbeeb511a4a1e455fcc2b10ed4a0e5c
diff --git a/ucb/source/ucp/file/shell.cxx b/ucb/source/ucp/file/shell.cxx
index ec7bce8..7f83aa3 100644
--- a/ucb/source/ucp/file/shell.cxx
+++ b/ucb/source/ucp/file/shell.cxx
@@ -17,6 +17,10 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
+
+#include <sys/stat.h>
+
#include <stack>
#include "osl/diagnose.h"
#include <rtl/uri.hxx>
@@ -2074,6 +2078,23 @@ sal_Bool SAL_CALL shell::ensuredir( sal_Int32 CommandId,
else
aPath = rUnqPath;
+#if HAVE_FEATURE_MACOSX_SANDBOX
+
+ // Avoid annoying sandbox messages in the system.log from the
+ // below aDirectory.open(), which ends up calling opendir().
+ // Surely it is easier to just call stat()? Calling stat() on an
+ // arbitrary (?) directory does not seem to cause any sandbox
+ // violation, while opendir() does. (Sorry I could not be bothered
+ // to use some complex cross-platform abstraction over stat() here
+ // in this OS X specific code block.)
+
+ OUString aDirName;
+ struct stat s;
+ if( osl::FileBase::getSystemPathFromFileURL( aPath, aDirName ) == osl::FileBase::E_None &&
+ stat(OUStringToOString( aDirName, RTL_TEXTENCODING_UTF8).getStr(), &s ) == 0 &&
+ S_ISDIR( s.st_mode ) )
+ return sal_True;
+#endif
// HACK: create directory on a mount point with nobrowse option
// returns ENOSYS in any case !!
commit 430775e0f59c8fbb04a44dedd386b419b893761a
Author: Tor Lillqvist <tml at iki.fi>
Date: Sat Aug 24 22:01:18 2013 +0300
More work on a sandboxed LibreOffice on OS X
In particular, surround also the ftruncate() operation that
osl_setFileSize() does with access through a security scope bookmark
for the file, if available. This fixes file saving in a sandboxed
LibreOffice. (But oh boy, does simply saving an ODT document go though
a weird dance of file operations.)
Luckily the C++ oslFileHandle abstraction keeps the pathname that the
file was opened with, so even if ftruncate() as such takes only the
file descriptor, we can get at the pathname to retrieve our security
scope bookmark.
Change-Id: I8acb1b2f3fb3ec0cea833697b7f1d4a1912ed551
diff --git a/sal/osl/unx/file.cxx b/sal/osl/unx/file.cxx
index 8861fba..e12f098 100644
--- a/sal/osl/unx/file.cxx
+++ b/sal/osl/unx/file.cxx
@@ -306,7 +306,7 @@ sal_uInt64 FileHandle_Impl::getSize() const
oslFileError FileHandle_Impl::setSize (sal_uInt64 uSize)
{
off_t const nSize = sal::static_int_cast< off_t >(uSize);
- if (-1 == ftruncate (m_fd, nSize))
+ if (-1 == ftruncate_with_name (m_fd, nSize, m_strFilePath))
{
/* Failure. Save original result. Try fallback algorithm */
oslFileError result = oslTranslateFileError (OSL_FET_ERROR, errno);
diff --git a/sal/osl/unx/uunxapi.cxx b/sal/osl/unx/uunxapi.cxx
index 5432b8f..f856e66 100644
--- a/sal/osl/unx/uunxapi.cxx
+++ b/sal/osl/unx/uunxapi.cxx
@@ -132,7 +132,6 @@ typedef void accessFilePathState;
int access_u(const rtl_uString* pustrPath, int mode)
{
rtl::OString fn = OUStringToOString(pustrPath);
-#ifndef MACOSX
#ifdef ANDROID
if (strncmp(fn.getStr(), "/assets", sizeof("/assets")-1) == 0 &&
(fn.getStr()[sizeof("/assets")-1] == '\0' ||
@@ -149,18 +148,18 @@ typedef void accessFilePathState;
return 0;
}
#endif
- return access(fn.getStr(), mode);
-#else
+
+#ifdef MACOSX
+ fn = macxp_resolveAliasAndConvert(fn);
+#endif
accessFilePathState *state = prepare_to_access_file_path(fn.getStr());
- int result = access(macxp_resolveAliasAndConvert(fn).getStr(), mode);
+ int result = access(fn.getStr(), mode);
done_accessing_file_path(fn.getStr(), state);
return result;
-
-#endif
}
//#########################
@@ -183,12 +182,12 @@ typedef void accessFilePathState;
}
#endif
- accessFilePathState *state = prepare_to_access_file_path(fn.getStr());
-
#ifdef MACOSX
fn = macxp_resolveAliasAndConvert(fn);
#endif
+ accessFilePathState *state = prepare_to_access_file_path(fn.getStr());
+
char rp[PATH_MAX];
bool bRet = realpath(fn.getStr(), rp);
@@ -215,7 +214,14 @@ typedef void accessFilePathState;
cpPath[sizeof("/assets")-1] == '/'))
return lo_apk_lstat(cpPath, buf);
#endif
- return stat(cpPath, buf);
+
+ accessFilePathState *state = prepare_to_access_file_path(cpPath);
+
+ int result = stat(cpPath, buf);
+
+ done_accessing_file_path(cpPath, state);
+
+ return result;
}
//#########################
@@ -243,11 +249,12 @@ typedef void accessFilePathState;
int lstat_u(const rtl_uString* pustrPath, struct stat* buf)
{
rtl::OString fn = OUStringToOString(pustrPath);
-#ifndef MACOSX
- return lstat_c(fn.getStr(), buf);
-#else
- return lstat(macxp_resolveAliasAndConvert(fn).getStr(), buf);
+
+#ifdef MACOSX
+ fn = macxp_resolveAliasAndConvert(fn);
#endif
+
+ return lstat_c(fn.getStr(), buf);
}
//#########################
@@ -287,5 +294,30 @@ int utime_c(const char *cpPath, struct utimbuf *times)
return result;
}
+int ftruncate_with_name(int fd, sal_uInt64 uSize, rtl_String* path)
+{
+ /* When sandboxed on OS X, ftruncate(), even if it takes an
+ * already open file descriptor which was retuned from an open()
+ * call already checked by the sandbox, still requires a security
+ * scope bookmark for the file to be active in case the file is
+ * one that the sandbox doesn't otherwise allow access to. Luckily
+ * LibreOffice usually calls ftruncate() through the helpful C++
+ * abstraction layer that keeps the pathname around.
+ */
+
+ rtl::OString fn = rtl::OString(path);
+
+#ifdef MACOSX
+ fn = macxp_resolveAliasAndConvert(fn);
+#endif
+
+ accessFilePathState *state = prepare_to_access_file_path(fn.getStr());
+
+ int result = ftruncate(fd, uSize);
+
+ done_accessing_file_path(fn.getStr(), state);
+
+ return result;
+}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sal/osl/unx/uunxapi.h b/sal/osl/unx/uunxapi.h
index 0891b80..3319aa3 100644
--- a/sal/osl/unx/uunxapi.h
+++ b/sal/osl/unx/uunxapi.h
@@ -64,6 +64,8 @@ int open_c(const char *cpPath, int oflag, int mode);
int utime_c(const char *cpPath, struct utimbuf *times);
+int ftruncate_with_name(int fd, sal_uInt64 uSize, rtl_String* path);
+
#ifdef __cplusplus
}
#endif
commit 91a6ef5bddc4c389883651c27ee75f757235e185
Author: Tor Lillqvist <tml at iki.fi>
Date: Sat Aug 24 16:07:22 2013 +0300
Do more syscalls using a security scope bookmark on OS X when sandboxed
Move the handling of the bookmarks to the wrappers in uunxapi.cxx, and
add wrappers for open() and utime().
Change-Id: I92f9941152b567545eea60f2aaae6a3b8d35e792
diff --git a/sal/osl/unx/file.cxx b/sal/osl/unx/file.cxx
index 5d34002..8861fba 100644
--- a/sal/osl/unx/file.cxx
+++ b/sal/osl/unx/file.cxx
@@ -29,6 +29,7 @@
#include "createfilehandlefromfd.hxx"
#include "file_error_transl.h"
#include "file_url.h"
+#include "uunxapi.h"
#include <algorithm>
#include <limits>
@@ -43,7 +44,7 @@
#include <sys/mount.h>
#define HAVE_O_EXLOCK
-#include <Foundation/Foundation.h>
+#include <CoreFoundation/CoreFoundation.h>
#endif /* MACOSX */
@@ -842,17 +843,6 @@ SAL_CALL osl_openMemoryAsFile( void *address, size_t size, oslFileHandle *pHandl
#define OPEN_CREATE_FLAGS ( O_CREAT | O_RDWR )
#endif
-#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
-
-static NSUserDefaults *userDefaults = NULL;
-
-static void get_user_defaults()
-{
- userDefaults = [NSUserDefaults standardUserDefaults];
-}
-
-#endif
-
oslFileError
SAL_CALL osl_openFilePath( const char *cpFilePath, oslFileHandle* pHandle, sal_uInt32 uFlags )
{
@@ -916,41 +906,8 @@ SAL_CALL osl_openFilePath( const char *cpFilePath, oslFileHandle* pHandle, sal_u
flags = osl_file_adjustLockFlags (cpFilePath, flags);
}
-#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
- static pthread_once_t once = PTHREAD_ONCE_INIT;
- pthread_once(&once, &get_user_defaults);
- NSURL *fileURL = NULL;
- NSData *data = NULL;
- NSURL *scopeURL = NULL;
- BOOL stale;
-
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
-
- if (userDefaults != NULL)
- fileURL = [NSURL fileURLWithPath:[NSString stringWithUTF8String:cpFilePath]];
-
- if (fileURL != NULL)
- data = [userDefaults dataForKey:[@"bookmarkFor:" stringByAppendingString:[fileURL absoluteString]]];
-
- if (data != NULL)
- scopeURL = [NSURL URLByResolvingBookmarkData:data
- options:NSURLBookmarkResolutionWithSecurityScope
- relativeToURL:nil
- bookmarkDataIsStale:&stale
- error:nil];
- if (scopeURL != NULL)
- [scopeURL startAccessingSecurityScopedResource];
-#endif
-
/* open the file */
- int fd = open( cpFilePath, flags, mode );
-
-
-#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
- if (scopeURL != NULL)
- [scopeURL stopAccessingSecurityScopedResource];
- [pool release];
-#endif
+ int fd = open_c( cpFilePath, flags, mode );
#ifdef IOS
/* Horrible hack: If opening for RDWR and getting EPERM, just try
@@ -961,7 +918,7 @@ SAL_CALL osl_openFilePath( const char *cpFilePath, oslFileHandle* pHandle, sal_u
if (-1 == fd && (flags & O_RDWR) && EPERM == errno)
{
int rdonly_flags = (flags & ~O_ACCMODE) | O_RDONLY;
- fd = open( cpFilePath, rdonly_flags, mode );
+ fd = open_c( cpFilePath, rdonly_flags, mode );
}
#endif
if (-1 == fd)
diff --git a/sal/osl/unx/file_misc.cxx b/sal/osl/unx/file_misc.cxx
index cbfc52f..610452e 100644
--- a/sal/osl/unx/file_misc.cxx
+++ b/sal/osl/unx/file_misc.cxx
@@ -844,7 +844,7 @@ static oslFileError osl_psz_copyFile( const sal_Char* pszPath, const sal_Char* p
nUID=aFileStat.st_uid;
nGID=aFileStat.st_gid;
- nRet = stat(pszDestPath,&aFileStat);
+ nRet = stat_c(pszDestPath,&aFileStat);
if ( nRet < 0 )
{
nRet=errno;
diff --git a/sal/osl/unx/file_stat.cxx b/sal/osl/unx/file_stat.cxx
index e6e6cc5..eecc6f0 100644
--- a/sal/osl/unx/file_stat.cxx
+++ b/sal/osl/unx/file_stat.cxx
@@ -342,7 +342,7 @@ static oslFileError osl_psz_setFileTime (
struct tm* pTM=0;
#endif
- nRet = lstat(pszFilePath,&aFileStat);
+ nRet = lstat_c(pszFilePath,&aFileStat);
if ( nRet < 0 )
{
@@ -400,7 +400,7 @@ static oslFileError osl_psz_setFileTime (
fprintf(stderr,"Modification now '%s'\n",ctime(&aTimeBuffer.modtime));
#endif
- nRet=utime(pszFilePath,&aTimeBuffer);
+ nRet = utime_c(pszFilePath,&aTimeBuffer);
if ( nRet < 0 )
{
nRet=errno;
diff --git a/sal/osl/unx/uunxapi.cxx b/sal/osl/unx/uunxapi.cxx
index 7d62eee..5432b8f 100644
--- a/sal/osl/unx/uunxapi.cxx
+++ b/sal/osl/unx/uunxapi.cxx
@@ -17,6 +17,8 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
+
#include "uunxapi.h"
#include "system.h"
#include <limits.h>
@@ -35,15 +37,85 @@
osl_getThreadTextEncoding());
}
+#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+
+static NSUserDefaults *userDefaults = NULL;
+
+static void get_user_defaults()
+{
+ userDefaults = [NSUserDefaults standardUserDefaults];
+}
+
+typedef struct {
+ NSURL *scopeURL;
+ NSAutoreleasePool *pool;
+} accessFilePathState;
+
+static accessFilePathState *
+prepare_to_access_file_path( const char *cpFilePath )
+{
+ static pthread_once_t once = PTHREAD_ONCE_INIT;
+ pthread_once(&once, &get_user_defaults);
+ NSURL *fileURL = nil;
+ NSData *data = nil;
+ BOOL stale;
+ accessFilePathState *state;
+
+ // If malloc() fails we are screwed anyway
+ state = (accessFilePathState*) malloc(sizeof(accessFilePathState));
+
+ state->pool = [[NSAutoreleasePool alloc] init];
+ state->scopeURL = nil;
+
+ if (userDefaults != nil)
+ fileURL = [NSURL fileURLWithPath:[NSString stringWithUTF8String:cpFilePath]];
+
+ if (fileURL != nil)
+ data = [userDefaults dataForKey:[@"bookmarkFor:" stringByAppendingString:[fileURL absoluteString]]];
+
+ if (data != nil)
+ state->scopeURL = [NSURL URLByResolvingBookmarkData:data
+ options:NSURLBookmarkResolutionWithSecurityScope
+ relativeToURL:nil
+ bookmarkDataIsStale:&stale
+ error:nil];
+ if (state->scopeURL != nil)
+ [state->scopeURL startAccessingSecurityScopedResource];
+
+ return state;
+}
+
+static void
+done_accessing_file_path( const char * /*cpFilePath*/, accessFilePathState *state )
+{
+ int saved_errno = errno;
+
+ if (state->scopeURL != nil)
+ [state->scopeURL stopAccessingSecurityScopedResource];
+ [state->pool release];
+ free(state);
+
+ errno = saved_errno;
+}
+
+#else
+
+typedef void accessFilePathState;
+
+#define prepare_to_access_file_path( cpFilePath ) NULL
+
+#define done_accessing_file_path( cpFilePath, state ) ((void) cpFilePath, (void) state)
+
+#endif
+
//###########################
#ifdef MACOSX
/*
* Helper function for resolving Mac native alias files (not the same as unix alias files)
* and to return the resolved alias as rtl::OString
*/
- inline rtl::OString macxp_resolveAliasAndConvert(const rtl_uString* s)
+ static rtl::OString macxp_resolveAliasAndConvert(rtl::OString p)
{
- rtl::OString p = OUStringToOString(s);
sal_Char path[PATH_MAX];
if (p.getLength() < PATH_MAX)
{
@@ -59,8 +131,8 @@
//access_u
int access_u(const rtl_uString* pustrPath, int mode)
{
-#ifndef MACOSX // not MACOSX
rtl::OString fn = OUStringToOString(pustrPath);
+#ifndef MACOSX
#ifdef ANDROID
if (strncmp(fn.getStr(), "/assets", sizeof("/assets")-1) == 0 &&
(fn.getStr()[sizeof("/assets")-1] == '\0' ||
@@ -79,7 +151,15 @@
#endif
return access(fn.getStr(), mode);
#else
- return access(macxp_resolveAliasAndConvert(pustrPath).getStr(), mode);
+
+ accessFilePathState *state = prepare_to_access_file_path(fn.getStr());
+
+ int result = access(macxp_resolveAliasAndConvert(fn).getStr(), mode);
+
+ done_accessing_file_path(fn.getStr(), state);
+
+ return result;
+
#endif
}
@@ -87,7 +167,6 @@
//realpath_u
sal_Bool realpath_u(const rtl_uString* pustrFileName, rtl_uString** ppustrResolvedName)
{
-#ifndef MACOSX // not MACOSX
rtl::OString fn = OUStringToOString(pustrFileName);
#ifdef ANDROID
if (strncmp(fn.getStr(), "/assets", sizeof("/assets")-1) == 0 &&
@@ -103,12 +182,18 @@
return sal_True;
}
#endif
-#else
- rtl::OString fn = macxp_resolveAliasAndConvert(pustrFileName);
+
+ accessFilePathState *state = prepare_to_access_file_path(fn.getStr());
+
+#ifdef MACOSX
+ fn = macxp_resolveAliasAndConvert(fn);
#endif
+
char rp[PATH_MAX];
bool bRet = realpath(fn.getStr(), rp);
+ done_accessing_file_path(fn.getStr(), state);
+
if (bRet)
{
rtl::OUString resolved = rtl::OStringToOUString(
@@ -143,18 +228,25 @@
cpPath[sizeof("/assets")-1] == '/'))
return lo_apk_lstat(cpPath, buf);
#endif
- return lstat(cpPath, buf);
+
+ accessFilePathState *state = prepare_to_access_file_path(cpPath);
+
+ int result = lstat(cpPath, buf);
+
+ done_accessing_file_path(cpPath, state);
+
+ return result;
}
//#########################
//lstat_u
int lstat_u(const rtl_uString* pustrPath, struct stat* buf)
{
-#ifndef MACOSX // not MACOSX
rtl::OString fn = OUStringToOString(pustrPath);
+#ifndef MACOSX
return lstat_c(fn.getStr(), buf);
#else
- return lstat(macxp_resolveAliasAndConvert(pustrPath).getStr(), buf);
+ return lstat(macxp_resolveAliasAndConvert(fn).getStr(), buf);
#endif
}
@@ -162,7 +254,37 @@
// @see mkdir
int mkdir_u(const rtl_uString* path, mode_t mode)
{
- return mkdir(OUStringToOString(path).getStr(), mode);
+ rtl::OString fn = OUStringToOString(path);
+
+ accessFilePathState *state = prepare_to_access_file_path(fn.getStr());
+
+ int result = mkdir(OUStringToOString(path).getStr(), mode);
+
+ done_accessing_file_path(fn.getStr(), state);
+
+ return result;
+}
+
+int open_c(const char *cpPath, int oflag, int mode)
+{
+ accessFilePathState *state = prepare_to_access_file_path(cpPath);
+
+ int result = open(cpPath, oflag, mode);
+
+ done_accessing_file_path(cpPath, state);
+
+ return result;
+}
+
+int utime_c(const char *cpPath, struct utimbuf *times)
+{
+ accessFilePathState *state = prepare_to_access_file_path(cpPath);
+
+ int result = utime(cpPath, times);
+
+ done_accessing_file_path(cpPath, state);
+
+ return result;
}
diff --git a/sal/osl/unx/uunxapi.h b/sal/osl/unx/uunxapi.h
index f6bc1f2..0891b80 100644
--- a/sal/osl/unx/uunxapi.h
+++ b/sal/osl/unx/uunxapi.h
@@ -60,6 +60,10 @@
/* @see mkdir */
int mkdir_u(const rtl_uString* path, mode_t mode);
+int open_c(const char *cpPath, int oflag, int mode);
+
+int utime_c(const char *cpPath, struct utimbuf *times);
+
#ifdef __cplusplus
}
#endif
commit 6bb73563bec920ed20a74aa6036d94295b722f31
Author: Tor Lillqvist <tml at iki.fi>
Date: Sat Aug 24 01:34:23 2013 +0300
Don't use lock files when sandboxed on OS X
We won't be allowed to create such files anyway.
Change-Id: Iaba652b9ae3f1d8c7cfeaae493e962d58ad1fb7f
diff --git a/framework/source/services/autorecovery.cxx b/framework/source/services/autorecovery.cxx
index 9541000..7520989 100644
--- a/framework/source/services/autorecovery.cxx
+++ b/framework/source/services/autorecovery.cxx
@@ -2021,7 +2021,7 @@ void AutoRecovery::implts_changeAllDocVisibility(sal_Bool bVisible)
*/
void lc_removeLockFile(AutoRecovery::TDocumentInfo& rInfo)
{
-#if !HAVE_FEATURE_MULTIUSER_ENVIRONMENT
+#if !HAVE_FEATURE_MULTIUSER_ENVIRONMENT || HAVE_FEATURE_MACOSX_SANDBOX
(void) rInfo;
#else
if ( rInfo.Document.is() )
diff --git a/sfx2/source/doc/docfile.cxx b/sfx2/source/doc/docfile.cxx
index 06d7a4b..b20fc57 100644
--- a/sfx2/source/doc/docfile.cxx
+++ b/sfx2/source/doc/docfile.cxx
@@ -143,6 +143,9 @@ static const sal_Int8 LOCK_UI_TRY = 2;
bool IsSystemFileLockingUsed()
{
+#if HAVE_FEATURE_MACOSX_SANDBOX
+ return true;
+#else
// check whether system file locking has been used, the default value is false
bool bUseSystemLock = false;
try
@@ -165,11 +168,15 @@ bool IsSystemFileLockingUsed()
}
return bUseSystemLock;
+#endif
}
//----------------------------------------------------------------
bool IsOOoLockFileUsed()
{
+#if HAVE_FEATURE_MACOSX_SANDBOX
+ return false;
+#else
// check whether system file locking has been used, the default value is false
bool bOOoLockFileUsed = false;
try
@@ -192,6 +199,7 @@ bool IsOOoLockFileUsed()
}
return bOOoLockFileUsed;
+#endif
}
bool IsLockingUsed()
@@ -1003,7 +1011,11 @@ namespace
{
INetURLObject aUrl( rLogicName );
INetProtocol eProt = aUrl.GetProtocol();
+#if HAVE_FEATURE_MACOSX_SANDBOX
+ return eProt == INET_PROT_SFTP;
+#else
return eProt == INET_PROT_FILE || eProt == INET_PROT_SFTP;
+#endif
}
#endif
}
commit 3e8f3f8e325c4bfe54c7ba0b0813c57a653c1f25
Author: Tor Lillqvist <tml at iki.fi>
Date: Fri Aug 23 20:32:19 2013 +0200
Bypass the alias resolving completely when sandboxed
Attempting to look up the bookmark data for a file will try acessing
its resource fork, causing messages like:
soffice(83685) deny file-read-data /Users/tml/Documents/b.odt/..namedfork/rsrc
Change-Id: I1b2b0b493a46aa629581b921c94c5014f994e75c
diff --git a/sal/osl/unx/system.c b/sal/osl/unx/system.c
index d18aab4..e1dd12b 100644
--- a/sal/osl/unx/system.c
+++ b/sal/osl/unx/system.c
@@ -145,16 +145,16 @@ int macxp_resolveAlias(char *path, int buflen)
#if HAVE_FEATURE_MACOSX_SANDBOX
/* Avoid unnecessary messages in the system.log:
*
- * kernel[0]: Sandbox: soffice(57342) deny file-read-data /Users
- * kernel[0]: Sandbox: soffice(57342) deny file-read-data /Users/tml
+ * soffice(57342) deny file-read-data /Users/tml/Documents/b.odt/..namedfork/rsrc
+ * etc.
*
- * etc. It is quite unlikely anyway, I hope, that anything except
- * the last component of a path name would be a bookmark.
+ * Just don't bother with resolving aliases. I doubt its usefulness anyway.
*/
- char *unprocessedPath = path + strlen(path) - 1;
+ (void) path;
+ (void) buflen;
+ return 0;
#else
char *unprocessedPath = path;
-#endif
if ( *unprocessedPath == '/' )
unprocessedPath++;
@@ -227,6 +227,7 @@ int macxp_resolveAlias(char *path, int buflen)
}
return nRet;
+#endif
}
#endif /* defined MACOSX */
commit 18818412cb444e51c555c625723c69d6c8efbe48
Author: Tor Lillqvist <tml at iki.fi>
Date: Fri Aug 23 09:51:48 2013 +0300
Make our File>Recent Documents work better when sandboxed
Store security scope bookmarks for files selected in the file picker
in the user data. (I looked into storing it in the LO "registry" in
the Histories/PickList thingies, but that was horribly complex.)
When opening a file, if we have stored a security scope bookmark for
it, use that while opening the file.
Change-Id: I347ae2dd815299441c17467d9b66a226061d0ed2
diff --git a/fpicker/source/aqua/SalAquaFilePicker.mm b/fpicker/source/aqua/SalAquaFilePicker.mm
index b8241dc..3b085f1 100644
--- a/fpicker/source/aqua/SalAquaFilePicker.mm
+++ b/fpicker/source/aqua/SalAquaFilePicker.mm
@@ -1,4 +1,4 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* -*- Mode: ObjC; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
@@ -17,6 +17,8 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
+
#include "sal/config.h"
#include <com/sun/star/lang/DisposedException.hpp>
@@ -300,6 +302,17 @@ uno::Sequence<rtl::OUString> SAL_CALL SalAquaFilePicker::getFiles() throw( uno::
SolarMutexGuard aGuard;
+#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+ static NSUserDefaults *userDefaults;
+ static bool triedUserDefaults = false;
+
+ if (!triedUserDefaults)
+ {
+ userDefaults = [NSUserDefaults standardUserDefaults];
+ triedUserDefaults = true;
+ }
+#endif
+
// OSL_TRACE("starting work");
/*
* If more than one file is selected in an OpenDialog, then the first result
@@ -322,6 +335,23 @@ uno::Sequence<rtl::OUString> SAL_CALL SalAquaFilePicker::getFiles() throw( uno::
for(int nIndex = 0; nIndex < nFiles; nIndex += 1)
{
NSURL *url = [files objectAtIndex:nIndex];
+
+#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+ if (userDefaults != NULL &&
+ [url respondsToSelector:@selector(bookmarkDataWithOptions:includingResourceValuesForKeys:relativeToURL:error:)])
+ {
+ NSData *data = [url bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope
+ includingResourceValuesForKeys:nil
+ relativeToURL:nil
+ error:nil];
+ if (data != NULL)
+ {
+ [userDefaults setObject:data
+ forKey:[@"bookmarkFor:" stringByAppendingString:[url absoluteString]]];
+ }
+ }
+#endif
+
OSL_TRACE("handling %s", [[url description] UTF8String]);
InfoType info = FULLPATH;
if (nFiles > 1) {
diff --git a/sal/Library_sal.mk b/sal/Library_sal.mk
index 37e01a6..093546f 100644
--- a/sal/Library_sal.mk
+++ b/sal/Library_sal.mk
@@ -75,6 +75,7 @@ ifeq ($(OS),MACOSX)
$(eval $(call gb_Library_use_system_darwin_frameworks,sal,\
Carbon \
CoreFoundation \
+ Foundation \
))
endif
@@ -122,7 +123,7 @@ $(eval $(call gb_Library_add_cobjects,sal,\
sal/osl/all/filepath \
))
-ifeq ($(OS),IOS)
+ifneq (,$(filter IOS MACOSX,$(OS)))
$(eval $(call gb_Library_add_cxxflags,sal,\
$(gb_OBJCXXFLAGS) \
))
diff --git a/sal/osl/unx/file.cxx b/sal/osl/unx/file.cxx
index 150a567..5d34002 100644
--- a/sal/osl/unx/file.cxx
+++ b/sal/osl/unx/file.cxx
@@ -1,4 +1,4 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* -*- Mode: ObjC; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
@@ -43,8 +43,7 @@
#include <sys/mount.h>
#define HAVE_O_EXLOCK
-// add MACOSX Time Value
-#include <CoreFoundation/CoreFoundation.h>
+#include <Foundation/Foundation.h>
#endif /* MACOSX */
@@ -843,6 +842,17 @@ SAL_CALL osl_openMemoryAsFile( void *address, size_t size, oslFileHandle *pHandl
#define OPEN_CREATE_FLAGS ( O_CREAT | O_RDWR )
#endif
+#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+
+static NSUserDefaults *userDefaults = NULL;
+
+static void get_user_defaults()
+{
+ userDefaults = [NSUserDefaults standardUserDefaults];
+}
+
+#endif
+
oslFileError
SAL_CALL osl_openFilePath( const char *cpFilePath, oslFileHandle* pHandle, sal_uInt32 uFlags )
{
@@ -906,8 +916,42 @@ SAL_CALL osl_openFilePath( const char *cpFilePath, oslFileHandle* pHandle, sal_u
flags = osl_file_adjustLockFlags (cpFilePath, flags);
}
+#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+ static pthread_once_t once = PTHREAD_ONCE_INIT;
+ pthread_once(&once, &get_user_defaults);
+ NSURL *fileURL = NULL;
+ NSData *data = NULL;
+ NSURL *scopeURL = NULL;
+ BOOL stale;
+
+ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
+
+ if (userDefaults != NULL)
+ fileURL = [NSURL fileURLWithPath:[NSString stringWithUTF8String:cpFilePath]];
+
+ if (fileURL != NULL)
+ data = [userDefaults dataForKey:[@"bookmarkFor:" stringByAppendingString:[fileURL absoluteString]]];
+
+ if (data != NULL)
+ scopeURL = [NSURL URLByResolvingBookmarkData:data
+ options:NSURLBookmarkResolutionWithSecurityScope
+ relativeToURL:nil
+ bookmarkDataIsStale:&stale
+ error:nil];
+ if (scopeURL != NULL)
+ [scopeURL startAccessingSecurityScopedResource];
+#endif
+
/* open the file */
int fd = open( cpFilePath, flags, mode );
+
+
+#if defined(MACOSX) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 && HAVE_FEATURE_MACOSX_SANDBOX
+ if (scopeURL != NULL)
+ [scopeURL stopAccessingSecurityScopedResource];
+ [pool release];
+#endif
+
#ifdef IOS
/* Horrible hack: If opening for RDWR and getting EPERM, just try
* again for RDONLY. Quicker this way than to figure out why
commit 943f165d9517468657e70747ce610543fedca649
Author: Tor Lillqvist <tml at iki.fi>
Date: Thu Aug 22 18:27:19 2013 +0300
The AppleRemote code is blocked by sandboxing so bypass it in that case
Change-Id: I0e86c82fb81732468cf0a60eb8ff1d0579986767
diff --git a/apple_remote/Module_apple_remote.mk b/apple_remote/Module_apple_remote.mk
index 68cc7f1..5313df3 100644
--- a/apple_remote/Module_apple_remote.mk
+++ b/apple_remote/Module_apple_remote.mk
@@ -10,10 +10,12 @@
$(eval $(call gb_Module_Module,apple_remote))
ifeq ($(OS),MACOSX)
+ifneq ($(ENABLE_MACOSX_SANDBOX),YES)
$(eval $(call gb_Module_add_targets,apple_remote,\
Library_AppleRemote \
))
endif
+endif
# vim: set noet sw=4 ts=4:
diff --git a/vcl/Library_vcl.mk b/vcl/Library_vcl.mk
index 6694e8d..b8a1f97 100644
--- a/vcl/Library_vcl.mk
+++ b/vcl/Library_vcl.mk
@@ -466,9 +466,6 @@ $(eval $(call gb_Library_add_exception_objects,vcl,\
vcl/aqua/source/window/salmenu \
vcl/aqua/source/window/salobj \
))
-$(eval $(call gb_Library_use_libraries,vcl,\
- AppleRemote \
-))
$(eval $(call gb_Library_use_system_darwin_frameworks,vcl,\
$(if $(filter X86_64,$(CPUNAME)),,QuickTime) \
Cocoa \
@@ -476,11 +473,14 @@ $(eval $(call gb_Library_use_system_darwin_frameworks,vcl,\
CoreFoundation \
))
+ifneq ($(ENABLE_MACOSX_SANDBOX),YES)
$(eval $(call gb_Library_use_libraries,vcl,\
AppleRemote \
))
endif
+endif
+
vcl_really_generic_code= \
vcl/generic/app/gensys \
vcl/generic/app/geninst \
diff --git a/vcl/aqua/source/app/saldata.cxx b/vcl/aqua/source/app/saldata.cxx
index 185dd0b..4ec9506 100644
--- a/vcl/aqua/source/app/saldata.cxx
+++ b/vcl/aqua/source/app/saldata.cxx
@@ -17,6 +17,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
#include "aqua/saldata.hxx"
#include "aqua/salnsmenu.h"
@@ -47,7 +48,9 @@ SalData::SalData()
mxP50Pattern( NULL ),
maCursors( POINTER_COUNT, INVALID_CURSOR_PTR ),
mbIsScrollbarDoubleMax( false ),
+#if !HAVE_FEATURE_MACOSX_SANDBOX
mpMainController( NULL ),
+#endif
mpDockIconClickHandler( nil ),
mnDPIX( 0 ),
mnDPIY( 0 )
@@ -82,8 +85,10 @@ SalData::~SalData()
osl_destroyThreadKey( s_aAutoReleaseKey );
s_aAutoReleaseKey = 0;
}
+#if !HAVE_FEATURE_MACOSX_SANDBOX
if ( mpMainController )
[mpMainController release];
+#endif
}
void SalData::ensureThreadAutoreleasePool()
diff --git a/vcl/aqua/source/app/salinst.cxx b/vcl/aqua/source/app/salinst.cxx
index 360ff7b..424b734 100644
--- a/vcl/aqua/source/app/salinst.cxx
+++ b/vcl/aqua/source/app/salinst.cxx
@@ -17,6 +17,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
#include <stdio.h>
@@ -167,7 +168,7 @@ static void initNSApp()
selector: @selector(scrollbarSettingsChanged:)
name: @"AppleNoRedisplayAppearancePreferenceChanged"
object: nil ];
-
+#if !HAVE_FEATURE_MACOSX_SANDBOX
// Initialize Apple Remote
GetSalData()->mpMainController = [[MainController alloc] init];
@@ -180,6 +181,7 @@ static void initNSApp()
selector: @selector(applicationWillResignActive:)
name: @"AppleRemoteWillResignActive"
object: nil ];
+#endif
}
sal_Bool ImplSVMainHook( int * pnInit )
diff --git a/vcl/aqua/source/app/vclnsapp.mm b/vcl/aqua/source/app/vclnsapp.mm
index 4970036..2298895 100644
--- a/vcl/aqua/source/app/vclnsapp.mm
+++ b/vcl/aqua/source/app/vclnsapp.mm
@@ -17,6 +17,8 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
+
#include "sal/config.h"
#include <vector>
@@ -439,8 +441,7 @@
// for Apple Remote implementation
-#pragma mark -
-#pragma mark NSApplication Delegates
+#if !HAVE_FEATURE_MACOSX_SANDBOX
- (void)applicationWillBecomeActive:(NSNotification *)pNotification
{
(void)pNotification;
@@ -490,6 +491,7 @@
[(*it)->mpWindow setLevel: NSNormalWindowLevel];
}
}
+#endif
- (BOOL)applicationShouldHandleReopen: (NSApplication*)pApp hasVisibleWindows: (BOOL) bWinVisible
{
diff --git a/vcl/inc/aqua/saldata.hxx b/vcl/inc/aqua/saldata.hxx
index b0f91d8..ef6c8d2 100644
--- a/vcl/inc/aqua/saldata.hxx
+++ b/vcl/inc/aqua/saldata.hxx
@@ -20,6 +20,8 @@
#ifndef _SV_SALDATA_HXX
#define _SV_SALDATA_HXX
+#include <config_features.h>
+
#include "premac.h"
#include <Cocoa/Cocoa.h>
#include "postmac.h"
@@ -89,8 +91,9 @@ public:
static oslThreadKey s_aAutoReleaseKey;
bool mbIsScrollbarDoubleMax; // TODO: support DoubleMin and DoubleBoth too
+#if !HAVE_FEATURE_MACOSX_SANDBOX
MainController* mpMainController; // Apple Remote
-
+#endif
NSObject* mpDockIconClickHandler;
long mnDPIX; // #i100617# read DPI only once per office life
long mnDPIY; // #i100617# read DPI only once per office life
diff --git a/vcl/inc/aqua/vclnsapp.h b/vcl/inc/aqua/vclnsapp.h
index eeb8376..18114c2 100644
--- a/vcl/inc/aqua/vclnsapp.h
+++ b/vcl/inc/aqua/vclnsapp.h
@@ -20,6 +20,8 @@
#ifndef _VCL_VCLNSAPP_H
#define _VCL_VCLNSAPP_H
+#include <config_features.h>
+
#include "premac.h"
#include "Cocoa/Cocoa.h"
#include "postmac.h"
@@ -51,8 +53,10 @@ class AquaSalFrame;
-(void)addFallbackMenuItem: (NSMenuItem*)pNewItem;
-(void)removeFallbackMenuItem: (NSMenuItem*)pOldItem;
-(void)addDockMenuItem: (NSMenuItem*)pNewItem;
+#if !HAVE_FEATURE_MACOSX_SANDBOX
-(void)applicationWillBecomeActive: (NSNotification *)pNotification;
-(void)applicationWillResignActive: (NSNotification *)pNotification;
+#endif
-(BOOL)applicationShouldHandleReopen: (NSApplication*)pApp hasVisibleWindows: (BOOL)bWinVisible;
-(void)setDockIconClickHandler: (NSObject*)pHandler;
-(void)cycleFrameForward: (AquaSalFrame*)pCurFrame;
commit 96d0eba1c8f10b06f8b9bf9bfc02e0e1be405552
Author: Tor Lillqvist <tml at iki.fi>
Date: Fri Aug 16 01:31:52 2013 +0300
Bypass the O_NONBLOCK resetting for now when sandboxed on OS X
The fcntl fails. Will have to check later whether we should also drop
using O_NONBLOCK when opening then.
Change-Id: I529a4d728563eb323e35487782f7fee88b2faa0c
diff --git a/sal/osl/unx/file.cxx b/sal/osl/unx/file.cxx
index 7a991e8..150a567 100644
--- a/sal/osl/unx/file.cxx
+++ b/sal/osl/unx/file.cxx
@@ -17,6 +17,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
#include "osl/file.hxx"
#include "osl/detail/file.h"
@@ -929,6 +930,7 @@ SAL_CALL osl_openFilePath( const char *cpFilePath, oslFileHandle* pHandle, sal_u
return oslTranslateFileError (OSL_FET_ERROR, saved_errno);
}
+#if !HAVE_FEATURE_MACOSX_SANDBOX
/* reset O_NONBLOCK flag */
if (flags & O_NONBLOCK)
{
@@ -958,7 +960,7 @@ SAL_CALL osl_openFilePath( const char *cpFilePath, oslFileHandle* pHandle, sal_u
return eRet;
}
}
-
+#endif
/* get file status (mode, size) */
struct stat aFileStat;
if (-1 == fstat (fd, &aFileStat))
commit dc430144935e84962e36065473ad0ce1c9ed5ae7
Author: Tor Lillqvist <tml at iki.fi>
Date: Fri Aug 16 01:30:21 2013 +0300
Actually the smoketest does not work for a sandboxed soffice on OS X
We can't create and bind Unix domain sockets, it seems, so bypass this
for now.
Change-Id: I85b84099f2d8afe860e0bc866e3ced3cb922ca63
diff --git a/smoketest/Module_smoketest.mk b/smoketest/Module_smoketest.mk
index 30ed698..6f10900 100644
--- a/smoketest/Module_smoketest.mk
+++ b/smoketest/Module_smoketest.mk
@@ -32,9 +32,11 @@ $(eval $(call gb_Module_add_check_targets,smoketest,\
))
endif
+ifneq (MACOSX/YES,$(OS)/$(ENABLE_MACOSX_SANDBOX))
$(eval $(call gb_Module_add_subsequentcheck_targets,smoketest,\
CppunitTest_smoketest \
))
+endif
endif
commit dbda18c1303b191e09ba2d316d4022d8ac7020dd
Author: Tor Lillqvist <tml at iki.fi>
Date: Fri Aug 16 01:28:24 2013 +0300
Use a proper folder as "user installation" when sandboxed
A sandboxed soffice process (runnin smoketest) has no access to workdir.
Change-Id: I62ef94282df37ea710735f1305c1d95dd2b0a304
diff --git a/smoketest/CppunitTest_smoketest.mk b/smoketest/CppunitTest_smoketest.mk
index 702c612..17d71de 100644
--- a/smoketest/CppunitTest_smoketest.mk
+++ b/smoketest/CppunitTest_smoketest.mk
@@ -32,9 +32,15 @@ $(eval $(call gb_CppunitTest_use_libraries,smoketest,\
$(eval $(call gb_CppunitTest_use_ure,smoketest))
+ifeq ($(ENABLE_MACOSX_SANDBOX),YES)
+userinstallation=$(shell $(gb_DEVINSTALLROOT)/MacOS/soffice --nstemporarydirectory)
+else
+userinstallation=$(WORKDIR)/CustomTarget/smoketest
+endif
+
$(eval $(call gb_CppunitTest_add_arguments,smoketest,\
-env:arg-soffice=$(gb_JunitTest_SOFFICEARG) \
- -env:arg-user=$(WORKDIR)/CustomTarget/smoketest \
+ -env:arg-user=$(userinstallation) \
-env:arg-env=$(gb_Helper_LIBRARY_PATH_VAR)"$$$${$(gb_Helper_LIBRARY_PATH_VAR)+=$$$$$(gb_Helper_LIBRARY_PATH_VAR)}" \
-env:arg-testarg.smoketest.doc=$(OUTDIR)/bin/smoketestdoc.sxw \
))
commit 32635fc72a692f481f0aec4118cc26bc5e8297a1
Author: Tor Lillqvist <tml at iki.fi>
Date: Sun Aug 11 17:19:00 2013 +0300
Add a --nstemporarydirectory switch for potential use when sandboxed
Intentionally very brutally just exit after printing out what
NSTemporaryDirectory() returns, as this is for use only in unit testing, so
that makefiles can learn the app-specific sandboxed temp dir.
Change-Id: I96fba1399ffc43b09fe317c1b9db5af76432f4e0
diff --git a/desktop/Library_sofficeapp.mk b/desktop/Library_sofficeapp.mk
index 451c1d8..0179476 100644
--- a/desktop/Library_sofficeapp.mk
+++ b/desktop/Library_sofficeapp.mk
@@ -50,6 +50,18 @@ $(eval $(call gb_Library_use_libraries,sofficeapp,\
$(gb_UWINAPI) \
))
+ifeq ($(OS),MACOSX)
+
+$(eval $(call gb_Library_add_cxxflags,sofficeapp,\
+ $(gb_OBJCXXFLAGS) \
+))
+
+$(eval $(call gb_Library_use_system_darwin_frameworks,sofficeapp,\
+ Foundation \
+))
+
+endif
+
ifeq ($(OS),IOS)
$(eval $(call gb_Library_add_cflags,sofficeapp,\
$(gb_OBJCFLAGS) \
diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
index f9baa07..0831e44 100644
--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
@@ -19,6 +19,12 @@
#include <config_features.h>
+#if HAVE_FEATURE_MACOSX_SANDBOX
+#include <premac.h>
+#include <Foundation/Foundation.h>
+#include <postmac.h>
+#endif
+
#include <cmdlineargs.hxx>
#include <vcl/svapp.hxx>
#include <rtl/uri.hxx>
@@ -503,6 +509,13 @@ bool CommandLineArgs::InterpretCommandLineParameter( const OUString& aArg, OUStr
return true;
}
#endif
+#if HAVE_FEATURE_MACOSX_SANDBOX
+ else if ( oArg == "nstemporarydirectory" )
+ {
+ printf("%s\n", [NSTemporaryDirectory() UTF8String]);
+ exit(0);
+ }
+#endif
#ifdef WIN32
/* fdo#57203 ignore -Embedding on Windows
when LibreOffice is launched by COM+
commit 99b51cabd09d08dd8b15de25ff2af61162724093
Author: Tor Lillqvist <tml at iki.fi>
Date: Tue Jul 30 19:05:34 2013 +0300
Odd instability in what Bluetooth headers to include in OS X SDKs
Change-Id: Ia8e835373bea3287cf16f3d505dbb420c874fed3
diff --git a/sd/source/ui/remotecontrol/BluetoothServer.cxx b/sd/source/ui/remotecontrol/BluetoothServer.cxx
index c87f1b8..836c73e 100644
--- a/sd/source/ui/remotecontrol/BluetoothServer.cxx
+++ b/sd/source/ui/remotecontrol/BluetoothServer.cxx
@@ -39,7 +39,7 @@
#ifdef MACOSX
#include <osl/conditn.hxx> // Include this early to avoid error as check() gets defined by some SDK header to empty
#include <premac.h>
- #if MACOSX_SDK_VERSION >= 1070
+ #if MACOSX_SDK_VERSION == 1070 || MACOSX_SDK_VERSION == 1080
#import <IOBluetooth/IOBluetooth.h>
#else
#import <CoreFoundation/CoreFoundation.h>
commit f526834c701b015ece36df75b136aeb9b81293fc
Author: Tor Lillqvist <tml at iki.fi>
Date: Tue Jul 30 17:30:10 2013 +0300
Adapt to NSPrintInfo API change
Change-Id: Idce313b30b46a81847e116c380f6fe8eb2953a35
diff --git a/vcl/aqua/source/gdi/salprn.cxx b/vcl/aqua/source/gdi/salprn.cxx
index 6b61398..a71c8d6 100644
--- a/vcl/aqua/source/gdi/salprn.cxx
+++ b/vcl/aqua/source/gdi/salprn.cxx
@@ -69,7 +69,11 @@ AquaSalInfoPrinter::AquaSalInfoPrinter( const SalPrinterQueueInfo& i_rQueue ) :
mpPrintInfo = [pShared copy];
[mpPrintInfo setPrinter: mpPrinter];
mePageOrientation = ([mpPrintInfo orientation] == NSLandscapeOrientation) ? ORIENTATION_LANDSCAPE : ORIENTATION_PORTRAIT;
+#if MACOSX_SDK_VERSION >= 1090
+ [mpPrintInfo setOrientation: NSPaperOrientationPortrait];
+#else
[mpPrintInfo setOrientation: NSPortraitOrientation];
+#endif
}
mpGraphics = new AquaSalGraphics();
commit 66d6c6e1001b40a0a43b84939b88b45cfc41d83a
Author: Tor Lillqvist <tml at iki.fi>
Date: Tue Jul 30 11:36:18 2013 +0300
Use sandboxing when requested also for the app bundle in the dmg
Change-Id: I612be680e7aea2b098894aa4e11b10b471d34144
diff --git a/solenv/bin/modules/installer/simplepackage.pm b/solenv/bin/modules/installer/simplepackage.pm
index 9d579be..ec4826a 100644
--- a/solenv/bin/modules/installer/simplepackage.pm
+++ b/solenv/bin/modules/installer/simplepackage.pm
@@ -424,7 +424,10 @@ sub create_package
# participate in the signing and their validity can be
# guaranteed.
- $systemcall = "codesign --sign $ENV{'MACOSX_CODESIGNING_IDENTITY'} --force -v -v -v $localtempdir/$folder/$volume_name_classic_app.app";
+ $entitlements = '';
+ $entitlements = "--entitlements $ENV{'BUILDDIR'}/lo.xcent" if defined($ENV{'ENABLE_MACOSX_SANDBOX'});
+
+ $systemcall = "codesign --sign $ENV{'MACOSX_CODESIGNING_IDENTITY'} --force $entitlements -v -v -v $localtempdir/$folder/$volume_name_classic_app.app";
print "... $systemcall ...\n";
my $returnvalue = system($systemcall);
$infoline = "Systemcall: $systemcall\n";
commit 04e706a026c29bee3b71b9f465433489b5f4e644
Author: Tor Lillqvist <tml at iki.fi>
Date: Tue Jul 30 10:57:50 2013 +0300
Be a bit more lax when resolving bookmarks when sandboxed
Change-Id: I6ada3e660ee58f7937425eea40a4bbd82754f4b1
diff --git a/sal/osl/unx/system.c b/sal/osl/unx/system.c
index add62c9..d18aab4 100644
--- a/sal/osl/unx/system.c
+++ b/sal/osl/unx/system.c
@@ -17,6 +17,8 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
+
#include "system.h"
#ifdef NO_PTHREAD_RTL
@@ -140,7 +142,19 @@ struct hostent *gethostbyname_r(const char *name, struct hostent *result,
*/
int macxp_resolveAlias(char *path, int buflen)
{
+#if HAVE_FEATURE_MACOSX_SANDBOX
+ /* Avoid unnecessary messages in the system.log:
+ *
+ * kernel[0]: Sandbox: soffice(57342) deny file-read-data /Users
+ * kernel[0]: Sandbox: soffice(57342) deny file-read-data /Users/tml
+ *
+ * etc. It is quite unlikely anyway, I hope, that anything except
+ * the last component of a path name would be a bookmark.
+ */
+ char *unprocessedPath = path + strlen(path) - 1;
+#else
char *unprocessedPath = path;
+#endif
if ( *unprocessedPath == '/' )
unprocessedPath++;
commit 5b416da0bbd762d93d1f812acbce599efbb0ec36
Author: Tor Lillqvist <tml at iki.fi>
Date: Wed Jun 19 00:02:44 2013 +0300
Avoid deprecated API
Change-Id: I703e94b999382f52331a61050eaf3d31073f5a9c
diff --git a/fpicker/source/aqua/SalAquaPicker.mm b/fpicker/source/aqua/SalAquaPicker.mm
index b4a39d4..5b155fa 100644
--- a/fpicker/source/aqua/SalAquaPicker.mm
+++ b/fpicker/source/aqua/SalAquaPicker.mm
@@ -165,30 +165,27 @@ int SalAquaPicker::run()
int retVal = 0;
- NSString *startDirectory;
+ NSURL *startDirectory;
if (m_sDisplayDirectory.getLength() > 0) {
NSString *temp = [NSString stringWithOUString:m_sDisplayDirectory];
- NSURL *url = [NSURL URLWithString:temp];
- startDirectory = [url path];
+ startDirectory = [NSURL URLWithString:temp];
- OSL_TRACE("start dir: %s", [startDirectory UTF8String]);
- // NSLog(@"%@", startDirectory);
+ OSL_TRACE("start dir: %s", [startDirectory path]);
}
else {
- startDirectory = NSHomeDirectory();
+ startDirectory = [NSURL fileURLWithPath:NSHomeDirectory() isDirectory:YES];
}
-#if HAVE_GCC_PRAGMA_DIAGNOSTIC_MODIFY && HAVE_GCC_PRAGMA_DIAGNOSTIC_SCOPE
-#pragma GCC diagnostic push
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
-#endif
switch(m_nDialogType) {
case NAVIGATIONSERVICES_DIRECTORY:
case NAVIGATIONSERVICES_OPEN:
- retVal = [(NSOpenPanel*)m_pDialog runModalForDirectory:startDirectory file:nil types:nil];
+ [m_pDialog setDirectoryURL:startDirectory];
+ retVal = [(NSOpenPanel*)m_pDialog runModal];
break;
case NAVIGATIONSERVICES_SAVE:
- retVal = [m_pDialog runModalForDirectory:startDirectory file:[NSString stringWithOUString:((SalAquaFilePicker*)this)->getSaveFileName()]/*[m_pDialog saveFilename]*/];
+ [m_pDialog setDirectoryURL:startDirectory];
+ [m_pDialog setNameFieldStringValue:[NSString stringWithOUString:((SalAquaFilePicker*)this)->getSaveFileName()]];
+ retVal = [m_pDialog runModal];
break;
// [m_pDialog beginSheetForDirectory:startDirectory file:[m_pDialog saveFilename] modalForWindow:[NSApp keyWindow] modalDelegate:((SalAquaFilePicker*)this)->getDelegate() didEndSelector:@selector(savePanelDidEnd:returnCode:contextInfo:) contextInfo:nil];
default:
@@ -196,14 +193,11 @@ int SalAquaPicker::run()
}
if (retVal == NSFileHandlingPanelOKButton) {
- NSString* pDir = [m_pDialog directory];
+ NSURL* pDir = [m_pDialog directoryURL];
if (pDir) {
- implsetDisplayDirectory([[NSURL fileURLWithPath:pDir] OUStringForInfo:FULLPATH]);
+ implsetDisplayDirectory([pDir OUStringForInfo:FULLPATH]);
}
}
-#if HAVE_GCC_PRAGMA_DIAGNOSTIC_MODIFY && HAVE_GCC_PRAGMA_DIAGNOSTIC_SCOPE
-#pragma GCC diagnostic pop
-#endif
DBG_PRINT_EXIT(CLASS_NAME, __func__, retVal);
[pool release];
commit 054a8ff9fa698dc649ee3ede6e9747a8ae523a25
Author: Tor Lillqvist <tml at iki.fi>
Date: Tue Jun 18 23:19:28 2013 +0300
Avoid deprecated API
Change-Id: I2537721bd6b0214c25590504751c39fb4661e2fe
diff --git a/fpicker/source/aqua/SalAquaFilePicker.mm b/fpicker/source/aqua/SalAquaFilePicker.mm
index e64c422..b8241dc 100644
--- a/fpicker/source/aqua/SalAquaFilePicker.mm
+++ b/fpicker/source/aqua/SalAquaFilePicker.mm
@@ -743,14 +743,7 @@ void SalAquaFilePicker::updateSaveFileNameExtension() {
rtl::OUString suffix = (*(aStringList.begin())).copy(1);
NSString *requiredFileType = [NSString stringWithOUString:suffix];
-#if HAVE_GCC_PRAGMA_DIAGNOSTIC_MODIFY && HAVE_GCC_PRAGMA_DIAGNOSTIC_SCOPE
-#pragma GCC diagnostic push
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
-#endif
- [m_pDialog setRequiredFileType:requiredFileType];
-#if HAVE_GCC_PRAGMA_DIAGNOSTIC_MODIFY && HAVE_GCC_PRAGMA_DIAGNOSTIC_SCOPE
-#pragma GCC diagnostic pop
-#endif
+ [m_pDialog setAllowedFileTypes:[NSArray arrayWithObjects:requiredFileType, nil]];
OSL_TRACE("disallowing other file types");
[m_pDialog setAllowsOtherFileTypes:NO];
commit ea027c320b5be693d4407f3f3bdd65569f0bee09
Author: Tor Lillqvist <tml at iki.fi>
Date: Mon Jun 17 22:12:07 2013 +0300
The PICT format was formally deprecated already in OS X v10.4
The documentation says: "The PICT format was formally deprecated in OS
X v10.4 along with QuickDraw. You should not be explicitly providing
or looking for PICT data on the pasteboard."
Change-Id: I01cc600286f9a2933a91e19bb611df08944ab997
diff --git a/vcl/aqua/source/dtrans/DataFlavorMapping.cxx b/vcl/aqua/source/dtrans/DataFlavorMapping.cxx
index 4d07185..4773296 100644
--- a/vcl/aqua/source/dtrans/DataFlavorMapping.cxx
+++ b/vcl/aqua/source/dtrans/DataFlavorMapping.cxx
@@ -107,15 +107,6 @@ namespace // private
bool DataTypeOUString; // sequence<byte> otherwise
};
-// NSPICTPboardType is deprecated in 10.6 and later
-
-// Make deprecation warnings just warnings even in a -Werror
-// compilation.
-
-#if HAVE_GCC_PRAGMA_DIAGNOSTIC_MODIFY
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
-#endif
-
/* At the moment it appears as if only MS Office pastes "public.html" to the clipboard.
*/
FlavorMap flavorMap[] =
@@ -123,7 +114,6 @@ namespace // private
{ NSStringPboardType, "text/plain;charset=utf-16", "Unicode Text (UTF-16)", true },
{ NSRTFPboardType, "text/richtext", "Rich Text Format", false },
{ NSTIFFPboardType, "image/bmp", "Windows Bitmap", false },
- { NSPICTPboardType, "image/bmp", "Windows Bitmap", false },
{ NSHTMLPboardType, "text/html", "Plain Html", false },
{ NSFilenamesPboardType, "application/x-openoffice-filelist;windows_formatname=\"FileList\"", "FileList", false },
{ PBTYPE_SESX, FLAVOR_SESX, "Star Embed Source (XML)", false },
@@ -576,7 +566,7 @@ NSString* DataFlavorMapper::openOfficeToSystemFlavor(const DataFlavor& oOOFlavor
NSString* DataFlavorMapper::openOfficeImageToSystemFlavor(NSPasteboard* pPasteboard) const
{
- NSArray *supportedTypes = [NSArray arrayWithObjects: NSTIFFPboardType, NSPICTPboardType, nil];
+ NSArray *supportedTypes = [NSArray arrayWithObjects: NSTIFFPboardType, nil];
NSString *sysFlavor = [pPasteboard availableTypeFromArray:supportedTypes];
return sysFlavor;
}
@@ -605,11 +595,7 @@ DataProviderPtr_t DataFlavorMapper::getDataProvider(NSString* systemFlavor, Refe
}
else
*/
- if ([systemFlavor caseInsensitiveCompare: NSPICTPboardType] == NSOrderedSame)
- {
- dp = DataProviderPtr_t(new BMPDataProvider(data, PICTImageFileType));
- }
- else if ([systemFlavor caseInsensitiveCompare: NSTIFFPboardType] == NSOrderedSame)
+ if ([systemFlavor caseInsensitiveCompare: NSTIFFPboardType] == NSOrderedSame)
{
dp = DataProviderPtr_t(new BMPDataProvider(data, NSTIFFFileType));
}
@@ -656,10 +642,6 @@ DataProviderPtr_t DataFlavorMapper::getDataProvider(const NSString* systemFlavor
{
dp = DataProviderPtr_t(new HTMLFormatDataProvider(systemData));
}
- else if ([systemFlavor caseInsensitiveCompare: NSPICTPboardType] == NSOrderedSame)
- {
- dp = DataProviderPtr_t(new BMPDataProvider(systemData, PICTImageFileType));
- }
else if ([systemFlavor caseInsensitiveCompare: NSTIFFPboardType] == NSOrderedSame)
{
dp = DataProviderPtr_t(new BMPDataProvider(systemData, NSTIFFFileType));
@@ -702,7 +684,6 @@ NSArray* DataFlavorMapper::flavorSequenceToTypesArray(const com::sun::star::uno:
if( flavors[i].MimeType.startsWith("image/bmp") )
{
[array addObject: NSTIFFPboardType];
- [array addObject: NSPICTPboardType];
}
else
{
diff --git a/vcl/aqua/source/dtrans/PictToBmpFlt.cxx b/vcl/aqua/source/dtrans/PictToBmpFlt.cxx
index 0bbb33b..426d3bf 100644
--- a/vcl/aqua/source/dtrans/PictToBmpFlt.cxx
+++ b/vcl/aqua/source/dtrans/PictToBmpFlt.cxx
@@ -17,154 +17,20 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
-/* This is a work-around to prevent 'deprecated' warning for 'KillPicture' API
- Hopefully we can get rid of this whole code again when the OOo PICT filter
- are good enough to be used see #i78953 thus this hack would vanish to again.
- */
#include <premac.h>
-#include <AvailabilityMacros.h>
-#undef DEPRECATED_ATTRIBUTE
-#define DEPRECATED_ATTRIBUTE
-
#include <Carbon/Carbon.h>
#include <QuickTime/QuickTime.h>
#include <postmac.h>
+
#include <string.h>
#include "PictToBmpFlt.hxx"
-bool PICTtoBMP(com::sun::star::uno::Sequence<sal_Int8>& aPict,
- com::sun::star::uno::Sequence<sal_Int8>& aBmp)
-{
-
- bool result = false;
-
-#ifdef __LP64__
- // FIXME
- (void) aPict;
- (void) aBmp;
-#else
- ComponentInstance bmpExporter;
- if (OpenADefaultComponent(GraphicsExporterComponentType,
- kQTFileTypeBMP,
- &bmpExporter) != noErr)
- {
- return result;
- }
-
- Handle hPict;
- if (PtrToHand(aPict.getArray(), &hPict, aPict.getLength()) != noErr)
- {
- return result;
- }
-
- Handle hBmp;
- if ((GraphicsExportSetInputPicture(bmpExporter, (PicHandle)hPict) != noErr) ||
- ((hBmp = NewHandleClear(0)) == NULL))
- {
- CloseComponent(bmpExporter);
- DisposeHandle(hPict);
- return result;
- }
-
- if ((GraphicsExportSetOutputHandle(bmpExporter, hBmp) == noErr) &&
- (GraphicsExportDoExport(bmpExporter, NULL) == noErr))
- {
- size_t sz = GetHandleSize(hBmp);
- aBmp.realloc(sz);
-
- HLock(hBmp);
- memcpy(aBmp.getArray(), ((sal_Int8*)*hBmp), sz);
- HUnlock(hBmp);
-
- result = true;
- }
-
- DisposeHandle(hPict);
- DisposeHandle(hBmp);
- CloseComponent(bmpExporter);
-#endif
- return result;
-}
-
-#if MACOSX_SDK_VERSION >= 1070
-
-// This whole thing needs to be rewritten I guess. Or does this code
-// even get invoked on current OSes? Given that KillPicture() was
-// deprecated already in 10.4, back when somebody was actually working
-// on this code, hopefully knowing what he/she was doing, did he/she
-// really not pay attention and notice that this stuff is going to go
-// away?
-
-extern "C" {
-extern void KillPicture(PicHandle myPicture);
-}
-
-#endif
-
-bool BMPtoPICT(com::sun::star::uno::Sequence<sal_Int8>& aBmp,
- com::sun::star::uno::Sequence<sal_Int8>& aPict)
-{
- bool result = false;
-
- Handle hBmp;
- if ((PtrToHand(aBmp.getArray(), &hBmp, aBmp.getLength()) != noErr))
- {
- return result;
- }
-
-#ifdef __LP64__
- // FIXME
- (void) aPict;
-#else
- ComponentInstance pictExporter;
-
- if (OpenADefaultComponent(GraphicsImporterComponentType,
- kQTFileTypeBMP,
- &pictExporter) != noErr)
- {
- DisposeHandle(hBmp);
- return result;
- }
-
- if (GraphicsImportSetDataHandle(pictExporter, hBmp) != noErr)
- {
- DisposeHandle(hBmp);
- CloseComponent(pictExporter);
- return result;
- }
-
- PicHandle hPict;
- if (GraphicsImportGetAsPicture(pictExporter, &hPict) == noErr)
- {
- size_t sz = GetHandleSize((Handle)hPict);
- aPict.realloc(sz);
-
- HLock((Handle)hPict);
- memcpy(aPict.getArray(), ((sal_Int8*)*hPict), sz);
- HUnlock((Handle)hPict);
-
- // Release the data associated with the picture
- // Note: This function is deprecated in Mac OS X
- // 10.4.
-
- KillPicture(hPict);
-
- result = true;
- }
-
- DisposeHandle(hBmp);
- CloseComponent(pictExporter);
-#endif
- return result;
-}
-
bool ImageToBMP( com::sun::star::uno::Sequence<sal_Int8>& aPict,
com::sun::star::uno::Sequence<sal_Int8>& aBmp,
NSBitmapImageFileType eInFormat)
{
- if( eInFormat == PICTImageFileType )
- return PICTtoBMP( aPict, aBmp );
+ (void) eInFormat; // Really not needed? Weird.
bool bResult = false;
@@ -192,9 +58,6 @@ bool BMPToImage( com::sun::star::uno::Sequence<sal_Int8>& aBmp,
NSBitmapImageFileType eOutFormat
)
{
- if( eOutFormat == PICTImageFileType )
- return BMPtoPICT( aBmp, aPict );
-
bool bResult = false;
NSData* pData = [NSData dataWithBytesNoCopy: const_cast<sal_Int8*>(aBmp.getConstArray()) length: aBmp.getLength() freeWhenDone: 0];
diff --git a/vcl/aqua/source/dtrans/PictToBmpFlt.hxx b/vcl/aqua/source/dtrans/PictToBmpFlt.hxx
index 50ee8c4..6f18a49 100644
--- a/vcl/aqua/source/dtrans/PictToBmpFlt.hxx
+++ b/vcl/aqua/source/dtrans/PictToBmpFlt.hxx
@@ -26,24 +26,6 @@
#include <Cocoa/Cocoa.h>
#include <postmac.h>
-/* Transform PICT into the a Window BMP.
-
- Returns true if the conversion was successful false
- otherwise.
- */
-bool PICTtoBMP(com::sun::star::uno::Sequence<sal_Int8>& aPict,
- com::sun::star::uno::Sequence<sal_Int8>& aBmp);
-
-/* Transform a Windows BMP to a PICT.
-
- Returns true if the conversion was successful false
- otherwise.
- */
-bool BMPtoPICT(com::sun::star::uno::Sequence<sal_Int8>& aBmp,
- com::sun::star::uno::Sequence<sal_Int8>& aPict);
-
-#define PICTImageFileType ((NSBitmapImageFileType)~0)
-
bool ImageToBMP( com::sun::star::uno::Sequence<sal_Int8>& aPict,
com::sun::star::uno::Sequence<sal_Int8>& aBmp,
NSBitmapImageFileType eInFormat);
commit b37e935ad02ade4f994fa8b041f56355bf6a8be2
Author: Tor Lillqvist <tml at iki.fi>
Date: Sun Jun 16 23:22:29 2013 +0300
Don't use deprecated API
Change-Id: I1dfc8998eeeda31648a4b4fe95d40117686a866b
diff --git a/fpicker/source/aqua/FilterHelper.mm b/fpicker/source/aqua/FilterHelper.mm
index fd0e47b..3371730 100644
--- a/fpicker/source/aqua/FilterHelper.mm
+++ b/fpicker/source/aqua/FilterHelper.mm
@@ -375,11 +375,6 @@ throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::
DBG_PRINT_EXIT(CLASS_NAME, __func__);
}
-// 'fileAttributesAtPath:traverseLink:' is deprecated
-#if HAVE_GCC_PRAGMA_DIAGNOSTIC_MODIFY
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
-#endif
-
sal_Bool FilterHelper::filenameMatchesFilter(NSString* sFilename)
{
DBG_PRINT_ENTRY(CLASS_NAME, __func__);
@@ -390,7 +385,7 @@ sal_Bool FilterHelper::filenameMatchesFilter(NSString* sFilename)
}
NSFileManager *manager = [NSFileManager defaultManager];
- NSDictionary* pAttribs = [manager fileAttributesAtPath: sFilename traverseLink: NO];
+ NSDictionary* pAttribs = [manager attributesOfItemAtPath: sFilename error: nil];
if( pAttribs )
{
NSObject* pType = [pAttribs objectForKey: NSFileType];
@@ -436,10 +431,6 @@ sal_Bool FilterHelper::filenameMatchesFilter(NSString* sFilename)
return sal_False;
}
-#if HAVE_GCC_PRAGMA_DIAGNOSTIC_MODIFY
-#pragma GCC diagnostic error "-Wdeprecated-declarations"
-#endif
-
FilterList* FilterHelper::getFilterList() {
DBG_PRINT_ENTRY(CLASS_NAME, __func__);
DBG_PRINT_EXIT(CLASS_NAME, __func__);
commit 0e42e9f0b875d8d69764214bb09613ceb6150544
Author: Tor Lillqvist <tml at iki.fi>
Date: Sun Jun 16 23:01:05 2013 +0300
WaE: 'FSResolveAliasFile' is deprecated: first deprecated in OS X 10.8
Use the bookmark API instead.
Change-Id: I61fe91ea2c7287c52d45ddfee772ecfcfb5498b6
diff --git a/fpicker/source/aqua/NSURL_OOoAdditions.mm b/fpicker/source/aqua/NSURL_OOoAdditions.mm
index c4567eb..858eb27 100644
--- a/fpicker/source/aqua/NSURL_OOoAdditions.mm
+++ b/fpicker/source/aqua/NSURL_OOoAdditions.mm
@@ -83,23 +83,25 @@ NSString* resolveAlias( NSString* i_pSystemPath )
kCFURLPOSIXPathStyle, false);
if( rUrl != NULL )
{
- FSRef rFS;
- if( CFURLGetFSRef( rUrl, &rFS ) )
+ CFErrorRef rError;
+ CFDataRef rBookmark = CFURLCreateBookmarkDataFromFile( NULL, rUrl, &rError );
+ CFRelease( rUrl );
+ if( rBookmark != NULL )
{
- Boolean bIsFolder = false;
- Boolean bAlias = false;
- OSErr err = FSResolveAliasFile( &rFS, true, &bIsFolder, &bAlias);
- if( (err == noErr) && bAlias )
+ Boolean bIsStale;
+ CFURLRef rResolvedUrl = CFURLCreateByResolvingBookmarkData( kCFAllocatorDefault, rBookmark, kCFBookmarkResolutionWithoutUIMask,
+ NULL, NULL, &bIsStale, &rError );
+ CFRelease( rBookmark );
+ if( rResolvedUrl == NULL )
{
- CFURLRef rResolvedUrl = CFURLCreateFromFSRef( kCFAllocatorDefault, &rFS );
- if( rResolvedUrl != NULL )
- {
- pResolvedPath = (NSString*)CFURLCopyFileSystemPath( rResolvedUrl, kCFURLPOSIXPathStyle );
- CFRelease( rResolvedUrl );
- }
+ CFRelease( rError );
+ }
+ else
+ {
+ pResolvedPath = (NSString*)CFURLCopyFileSystemPath( rResolvedUrl, kCFURLPOSIXPathStyle );
+ CFRelease( rResolvedUrl );
}
}
- CFRelease( rUrl );
}
return pResolvedPath;
commit 92628ac170985dbf846507dbabcd4f4a73a27043
Author: Tor Lillqvist <tml at iki.fi>
Date: Sun Jun 16 22:50:24 2013 +0300
Need the IOKit library now
Change-Id: Ib98fc2f683729d1c9fe6768c63a1d1a6614ba567
diff --git a/vcl/Library_vcl.mk b/vcl/Library_vcl.mk
index ad59af9..6694e8d 100644
--- a/vcl/Library_vcl.mk
+++ b/vcl/Library_vcl.mk
@@ -79,6 +79,7 @@ $(eval $(call gb_Library_use_libraries,vcl,\
ifeq ($(OS),MACOSX)
$(eval $(call gb_Library_add_libs,vcl,\
+ -lIOKit \
-lobjc \
))
endif
commit 3b4eeca04d20bcb3ce83d37dc499cebcf936c684
Author: Tor Lillqvist <tml at iki.fi>
Date: Sun Jun 16 20:19:07 2013 +0300
WaE: 'UpdateSystemActivity' is deprecated: first deprecated in OS X 10.8
Instead use IOKit as described in
http://developer.apple.com/library/mac/#qa/qa1340/_index.html , said
to work in 10.6 or later, thus fine for us.
Change-Id: I1bfcc2b9bce6cdf5d7274e89f96b1739898fa735
diff --git a/vcl/aqua/source/window/salframe.cxx b/vcl/aqua/source/window/salframe.cxx
index c2a66e3..d33d251 100644
--- a/vcl/aqua/source/window/salframe.cxx
+++ b/vcl/aqua/source/window/salframe.cxx
@@ -26,14 +26,12 @@
#include "vcl/svapp.hxx"
#include "vcl/window.hxx"
-#include "vcl/timer.hxx"
#include "vcl/syswin.hxx"
#include "aqua/saldata.hxx"
#include "aqua/salgdi.h"
#include "aqua/salframe.h"
#include "aqua/salmenu.h"
-#include "aqua/saltimer.h"
#include "aqua/salinst.h"
#include "aqua/salframeview.h"
#include "aqua/aqua11yfactory.h"
@@ -831,25 +829,6 @@ void AquaSalFrame::ShowFullScreen( sal_Bool bFullScreen, sal_Int32 nDisplay )
// -----------------------------------------------------------------------
-class PreventSleepTimer : public AutoTimer
-{
-public:
- PreventSleepTimer()
- {
- SetTimeout( 30000 );
- Start();
- }
-
- virtual ~PreventSleepTimer()
- {
- }
-
- virtual void Timeout()
- {
- UpdateSystemActivity(OverallAct);
- }
-};
-
void AquaSalFrame::StartPresentation( sal_Bool bStart )
{
if ( !mpWindow )
@@ -861,7 +840,10 @@ void AquaSalFrame::StartPresentation( sal_Bool bStart )
if( bStart )
{
GetSalData()->maPresentationFrames.push_back( this );
- mpActivityTimer.reset( new PreventSleepTimer() );
+ IOPMAssertionCreateWithName(kIOPMAssertionTypeNoDisplaySleep,
+ kIOPMAssertionLevelOn,
+ CFSTR("LibreOffice presentation running"),
+ &mnAssertionID);
[mpWindow setLevel: NSPopUpMenuWindowLevel];
if( mbShown )
[mpWindow makeMainWindow];
@@ -869,7 +851,7 @@ void AquaSalFrame::StartPresentation( sal_Bool bStart )
else
{
GetSalData()->maPresentationFrames.remove( this );
- mpActivityTimer.reset();
+ IOPMAssertionRelease(mnAssertionID);
[mpWindow setLevel: NSNormalWindowLevel];
}
}
diff --git a/vcl/inc/aqua/salframe.h b/vcl/inc/aqua/salframe.h
index ade5438..e7c122a 100644
--- a/vcl/inc/aqua/salframe.h
+++ b/vcl/inc/aqua/salframe.h
@@ -20,6 +20,10 @@
#ifndef _SV_SALFRAME_H
#define _SV_SALFRAME_H
+#include <premac.h>
+#include <IOKit/pwr_mgt/IOPMLib.h>
+#include <postmac.h>
+
#include "vcl/sysdata.hxx"
#include "aqua/salmenu.h"
@@ -32,8 +36,6 @@
#include <utility>
#include <stdexcept>
-#include <boost/shared_ptr.hpp>
-
class AquaSalGraphics;
class AquaSalFrame;
class AquaSalTimer;
@@ -92,7 +94,9 @@ public:
sal_uLong mnICOptions;
- boost::shared_ptr< Timer > mpActivityTimer; // Timer to prevent system sleep during presentation
+ // To prevent display sleep during presentation
+ IOPMAssertionID mnAssertionID;
+
public:
/** Constructor
commit b005a3e76b659252b7e78ced4a4d38da868fa110
Author: Tor Lillqvist <tml at iki.fi>
Date: Sun Jun 16 12:17:26 2013 +0300
We only support 10.6 or later
No need to check whether running on 10.5 ("Leopard") or later.
Besides, Gestalt() is deprecated in 10.8.
Change-Id: I8d20d1e4d208eef8fbe980cbed4d70662cf4bb0d
diff --git a/vcl/aqua/source/app/saldata.cxx b/vcl/aqua/source/app/saldata.cxx
index dcbd350..185dd0b 100644
--- a/vcl/aqua/source/app/saldata.cxx
+++ b/vcl/aqua/source/app/saldata.cxx
@@ -47,7 +47,6 @@ SalData::SalData()
mxP50Pattern( NULL ),
maCursors( POINTER_COUNT, INVALID_CURSOR_PTR ),
mbIsScrollbarDoubleMax( false ),
- mnSystemVersion( VER_TIGER ),
mpMainController( NULL ),
mpDockIconClickHandler( nil ),
mnDPIX( 0 ),
diff --git a/vcl/aqua/source/app/salinst.cxx b/vcl/aqua/source/app/salinst.cxx
index 6ac7094..360ff7b 100644
--- a/vcl/aqua/source/app/salinst.cxx
+++ b/vcl/aqua/source/app/salinst.cxx
@@ -168,20 +168,7 @@ static void initNSApp()
name: @"AppleNoRedisplayAppearancePreferenceChanged"
object: nil ];
- // get System Version and store the value in GetSalData()->mnSystemVersion
- OSErr err = noErr;
- SInt32 systemVersion = VER_TIGER; // Initialize with minimal requirement
- if( (err = Gestalt(gestaltSystemVersion, &systemVersion)) == noErr )
- {
- GetSalData()->mnSystemVersion = systemVersion;
-#if OSL_DEBUG_LEVEL > 1
- fprintf( stderr, "System Version %x\n", (unsigned int)systemVersion);
-#endif
- }
- else
- NSLog(@"Unable to obtain system version: %ld", (long)err);
-
- // Initialize Apple Remote
+ // Initialize Apple Remote
GetSalData()->mpMainController = [[MainController alloc] init];
[[NSDistributedNotificationCenter defaultCenter] addObserver: NSApp
diff --git a/vcl/aqua/source/app/vclnsapp.mm b/vcl/aqua/source/app/vclnsapp.mm
index 9b68b55..4970036 100644
--- a/vcl/aqua/source/app/vclnsapp.mm
+++ b/vcl/aqua/source/app/vclnsapp.mm
@@ -195,18 +195,6 @@
}
}
}
- else if( eType == NSScrollWheel && ( GetSalData()->mnSystemVersion < VER_LEOPARD /* fixed in Leopard and above */ ) )
- {
-
- NSWindow* pWin = [pEvent window];
- // on Tiger wheel events do not reach non key windows
- // which probably should be considered a bug
- if( [pWin isKindOfClass: [SalFrameWindow class]] && [pWin canBecomeKeyWindow] == NO )
- {
- [[pWin contentView] scrollWheel: pEvent];
- return;
- }
- }
[super sendEvent: pEvent];
}
diff --git a/vcl/aqua/source/window/salmenu.cxx b/vcl/aqua/source/window/salmenu.cxx
index 0bdf9ed..350be25 100644
--- a/vcl/aqua/source/window/salmenu.cxx
+++ b/vcl/aqua/source/window/salmenu.cxx
@@ -872,9 +872,6 @@ void AquaSalMenu::RemoveMenuBarButton( sal_uInt16 i_nId )
Rectangle AquaSalMenu::GetMenuBarButtonRectPixel( sal_uInt16 i_nItemId, SalFrame* i_pReferenceFrame )
{
- if( GetSalData()->mnSystemVersion < VER_LEOPARD )
- return Rectangle( Point( -1, -1 ), Size( 1, 1 ) );
-
if( ! i_pReferenceFrame || ! AquaSalFrame::isAlive( static_cast<AquaSalFrame*>(i_pReferenceFrame) ) )
return Rectangle();
diff --git a/vcl/inc/aqua/saldata.hxx b/vcl/inc/aqua/saldata.hxx
index d26e616..b0f91d8 100644
--- a/vcl/inc/aqua/saldata.hxx
+++ b/vcl/inc/aqua/saldata.hxx
@@ -89,7 +89,6 @@ public:
static oslThreadKey s_aAutoReleaseKey;
bool mbIsScrollbarDoubleMax; // TODO: support DoubleMin and DoubleBoth too
- SInt32 mnSystemVersion; // Store System Version
MainController* mpMainController; // Apple Remote
NSObject* mpDockIconClickHandler;
commit dd977b6fe1a8c3c9c608f0a9848d40e10623be99
Author: Tor Lillqvist <tml at iki.fi>
Date: Sun Jun 16 11:02:32 2013 +0300
Don't use deprecated API for OS X alias resolving
Change-Id: Ifaaec1863f12cd73d0a77c3367935f57675157e2
diff --git a/sal/osl/unx/system.c b/sal/osl/unx/system.c
index 8c8280d..add62c9 100644
--- a/sal/osl/unx/system.c
+++ b/sal/osl/unx/system.c
@@ -135,14 +135,11 @@ struct hostent *gethostbyname_r(const char *name, struct hostent *result,
#if defined(MACOSX)
/*
* Add support for resolving Mac native alias files (not the same as unix alias files)
+ * (what are "unix alias files"?)
* returns 0 on success.
*/
int macxp_resolveAlias(char *path, int buflen)
{
- FSRef aFSRef;
- OSStatus nErr;
- Boolean bFolder;
- Boolean bAliased;
char *unprocessedPath = path;
if ( *unprocessedPath == '/' )
@@ -155,50 +152,65 @@ int macxp_resolveAlias(char *path, int buflen)
if ( unprocessedPath )
*unprocessedPath = '\0';
- nErr = noErr;
- bFolder = FALSE;
- bAliased = FALSE;
- if ( FSPathMakeRef( (const UInt8 *)path, &aFSRef, 0 ) == noErr )
+ CFStringRef cfpath = CFStringCreateWithCString( NULL, path, kCFStringEncodingUTF8 );
+ CFURLRef cfurl = CFURLCreateWithFileSystemPath( NULL, cfpath, kCFURLPOSIXPathStyle, false );
+ CFRelease( cfpath );
+ CFErrorRef cferror;
+ CFDataRef cfbookmark = CFURLCreateBookmarkDataFromFile( NULL, cfurl, &cferror );
+ CFRelease( cfurl );
+ if ( cfbookmark == NULL )
{
- nErr = FSResolveAliasFileWithMountFlags( &aFSRef, TRUE, &bFolder, &bAliased, kResolveAliasFileNoUI );
- if ( nErr == nsvErr )
+ CFRelease( cferror );
+ }
+ else
+ {
+ Boolean isStale;
+ cfurl = CFURLCreateByResolvingBookmarkData( NULL, cfbookmark, kCFBookmarkResolutionWithoutUIMask,
+ NULL, NULL, &isStale, &cferror );
+ CFRelease( cfbookmark );
+ if ( cfurl == NULL )
{
- errno = ENOENT;
- nRet = -1;
+ CFRelease( cferror );
}
- else if ( nErr == noErr && bAliased )
+ else
{
- char tmpPath[ PATH_MAX ];
- if ( FSRefMakePath( &aFSRef, (UInt8 *)tmpPath, PATH_MAX ) == noErr )
+ cfpath = CFURLCopyFileSystemPath( cfurl, kCFURLPOSIXPathStyle );
+ CFRelease( cfurl );
+ if ( cfpath != NULL )
{
- int nLen = strlen( tmpPath ) + ( unprocessedPath ? strlen( unprocessedPath + 1 ) + 1 : 0 );
- if ( nLen < buflen && nLen < PATH_MAX )
+ char tmpPath[ PATH_MAX ];
+ if ( CFStringGetCString( cfpath, tmpPath, PATH_MAX, kCFStringEncodingUTF8 ) )
{
- if ( unprocessedPath )
+ int nLen = strlen( tmpPath ) + ( unprocessedPath ? strlen( unprocessedPath + 1 ) + 1 : 0 );
+ if ( nLen < buflen && nLen < PATH_MAX )
{
- int nTmpPathLen = strlen( tmpPath );
- strcat( tmpPath, "/" );
- strcat( tmpPath, unprocessedPath + 1 );
- strcpy( path, tmpPath);
- unprocessedPath = path + nTmpPathLen;
+ if ( unprocessedPath )
+ {
+ int nTmpPathLen = strlen( tmpPath );
+ strcat( tmpPath, "/" );
+ strcat( tmpPath, unprocessedPath + 1 );
+ strcpy( path, tmpPath);
+ unprocessedPath = path + nTmpPathLen;
+ }
+ else if ( !unprocessedPath )
+ {
+ strcpy( path, tmpPath );
+ }
}
- else if ( !unprocessedPath )
+ else
{
- strcpy( path, tmpPath);
+ errno = ENAMETOOLONG;
+ nRet = -1;
}
}
- else
- {
- errno = ENAMETOOLONG;
- nRet = -1;
- }
+ CFRelease( cfpath );
}
}
}
if ( unprocessedPath )
*unprocessedPath++ = '/';
- }
+ }
return nRet;
}
commit e3da12010316cad9873c6b841eb173ca7f426e7f
Author: Tor Lillqvist <tml at iki.fi>
Date: Fri Jul 26 13:41:10 2013 +0300
Move OS X sandbox flag to config_features.h
Change-Id: I189fa06d13a78bcaa8e17b32756076473ced3641
diff --git a/config_host/config_features.h.in b/config_host/config_features.h.in
index e288eef..690e148 100644
--- a/config_host/config_features.h.in
+++ b/config_host/config_features.h.in
@@ -59,4 +59,12 @@
#define HAVE_FEATURE_MULTIUSER_ENVIRONMENT 0
+/* MACOSX_SANDBOX - whether LibreOffice runs in an OS X sandbox
+ *
+ * When building LibreOffice for distribution through the Mac App Store,
+ * it must be sandboxed.
+ */
+
+#define HAVE_FEATURE_MACOSX_SANDBOX 0
+
#endif
diff --git a/configure.ac b/configure.ac
index 4432d37..f047e08 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2619,6 +2619,7 @@ if test "$_os" = "Darwin"; then
AC_MSG_ERROR([OS X sandboxing requires code signing])
elif test -n "$MACOSX_CODESIGNING_IDENTITY" -a "$enable_macosx_sandbox" = yes; then
ENABLE_MACOSX_SANDBOX=YES
+ AC_DEFINE(HAVE_FEATURE_MACOSX_SANDBOX)
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
diff --git a/desktop/source/app/app.cxx b/desktop/source/app/app.cxx
index 5bda373..6724991 100644
--- a/desktop/source/app/app.cxx
+++ b/desktop/source/app/app.cxx
@@ -609,7 +609,7 @@ void Desktop::Init()
OfficeIPCThread::Status aStatus = OfficeIPCThread::EnableOfficeIPCThread();
if ( aStatus == OfficeIPCThread::IPC_STATUS_PIPE_ERROR )
{
-#ifdef MACOSX
+#if HAVE_FEATURE_MACOSX_SANDBOX
// In a sandboxed LO, on 10.8.2 at least, creating the
// Unix domain socket fails. Ignore that as hopefully
// people running a sandboxed LO won't attempt starting it
@@ -1170,7 +1170,7 @@ namespace {
void restartOnMac(bool passArguments) {
#if defined MACOSX
OfficeIPCThread::DisableOfficeIPCThread();
-#ifdef ENABLE_MACOSX_SANDBOX
+#if HAVE_FEATURE_MACOSX_SANDBOX
(void) passArguments; // avoid warnings
ResMgr *resMgr = Desktop::GetDesktopResManager();
OUString aMessage = OUString( String( ResId( STR_LO_MUST_BE_RESTARTED, *resMgr )));
diff --git a/solenv/gbuild/gbuild.mk b/solenv/gbuild/gbuild.mk
index 2797522..d09fe17 100644
--- a/solenv/gbuild/gbuild.mk
+++ b/solenv/gbuild/gbuild.mk
@@ -261,7 +261,6 @@ gb_GLOBALDEFS += \
DISABLE_DYNLOADING \
DISABLE_EXPORT \
DISABLE_SCRIPTING \
- ENABLE_MACOSX_SANDBOX \
ENABLE_READONLY_INSTALLSET \
)
More information about the Libreoffice-commits
mailing list