[Libreoffice-commits] core.git: Branch 'distro/collabora/lov-6.4' - 2 commits - lo.xcent sal/osl
Tor Lillqvist (via logerrit)
logerrit at kemper.freedesktop.org
Wed Apr 29 08:28:53 UTC 2020
lo.xcent | 2 ++
sal/osl/unx/process_impl.cxx | 12 ++++++++++++
2 files changed, 14 insertions(+)
New commits:
commit 4db9852e73d9e9d662fc8a2783bace79addf1805
Author: Tor Lillqvist <tml at collabora.com>
AuthorDate: Wed Apr 29 03:17:52 2020 +0300
Commit: Tor Lillqvist <tml at collabora.com>
CommitDate: Wed Apr 29 11:28:03 2020 +0300
Fix problems when running a sandboxed LO as instdir/.../soffice on macOS
The argv[0] passed to osl_setCommandArgs will then be the relative
path and osl::realpath() will fail. Instead, use
bootstrap_getExecutableFile() which calls _NSGetExecutablePath() to
get the executable's pathname for g_command_args.
Change-Id: I1345afe158d7b64871f6340733fb5490d5ca6bd8
diff --git a/sal/osl/unx/process_impl.cxx b/sal/osl/unx/process_impl.cxx
index 35a5b90ece0d..0d58c98f6367 100644
--- a/sal/osl/unx/process_impl.cxx
+++ b/sal/osl/unx/process_impl.cxx
@@ -17,6 +17,8 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <config_features.h>
+
#include <osl/process.h>
#include <limits.h>
@@ -220,6 +222,15 @@ void SAL_CALL osl_setCommandArgs (int argc, char ** argv)
}
if (ppArgs[0] != nullptr)
{
+#if HAVE_FEATURE_MACOSX_SANDBOX
+ // If we are called with a relative path in argv[0] in a sandboxed process
+ // osl::realpath() fails. So just use bootstrap_getExecutableFile() instead.
+ // Somewhat silly to use argv[0] and tediously figure out the absolute path from it
+ // anyway.
+ bootstrap_getExecutableFile(&ppArgs[0]);
+ OUString pArg0(ppArgs[0]);
+ osl_getFileURLFromSystemPath (pArg0.pData, &(ppArgs[0]));
+#else
#if !defined(ANDROID) && !defined(IOS) // No use searching PATH on Android or iOS
/* see @ osl_getExecutableFile(). */
if (rtl_ustr_indexOfChar (rtl_uString_getStr(ppArgs[0]), '/') == -1)
@@ -246,6 +257,7 @@ void SAL_CALL osl_setCommandArgs (int argc, char ** argv)
{
osl_getFileURLFromSystemPath (pArg0.pData, &(ppArgs[0]));
}
+#endif // !HAVE_FEATURE_MACOSX_SANDBOX
}
g_command_args.m_nCount = argc;
g_command_args.m_ppArgs = ppArgs;
commit 3591307dc4d5cf07c8bd5d42d476f0305fe01815
Author: Tor Lillqvist <tml at collabora.com>
AuthorDate: Wed Apr 29 03:16:02 2020 +0300
Commit: Tor Lillqvist <tml at collabora.com>
CommitDate: Wed Apr 29 11:27:39 2020 +0300
Add the com.apple.security.cs.disable-executable-page-protection here, too
It was added in the hardened_runtime.xcent that is used for
LibreOffice distribution for macOS outside the App Store already last
year.
Note that it is plausible that the mention of the extension manager in
the comment in hardened_runtime.xcent is a red herring, and that it is
just a coincidence that some extension manager code runs early on when
LibreOffice is starting is the first code to make use of the dynamic
machine code generation in the C++/UNO bridge.
Change-Id: I90a48d585efee27a215d77e5db45d3cda5c8fedc
diff --git a/lo.xcent b/lo.xcent
index 02d892940d68..d0e3b5ce3f8e 100644
--- a/lo.xcent
+++ b/lo.xcent
@@ -20,5 +20,7 @@
<true/>
<key>com.apple.security.print</key>
<true/>
+ <key>com.apple.security.cs.disable-executable-page-protection</key>
+ <true/>
</dict>
</plist>
More information about the Libreoffice-commits
mailing list