// static
void Sandbox::initialize(const QString& permissionsFile) {
QMutexLocker locker(&s_mutex);
s_pSandboxPermissions = new ConfigObject<ConfigValue>(permissionsFile);
#ifdef Q_OS_MAC
#if __MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7
// If we are running on at least 10.7.0 and have the com.apple.security.app-sandbox
// entitlement, we are in a sandbox
SInt32 version = 0;
Gestalt(gestaltSystemVersion, &version);
SecCodeRef secCodeSelf;
if (version >= 0x1070 && SecCodeCopySelf(kSecCSDefaultFlags, &secCodeSelf) == errSecSuccess) {
SecRequirementRef sandboxReq;
CFStringRef entitlement = CFSTR("entitlement [\"com.apple.security.app-sandbox\"]");
if (SecRequirementCreateWithString(entitlement, kSecCSDefaultFlags,
&sandboxReq) == errSecSuccess) {
if (SecCodeCheckValidity(secCodeSelf, kSecCSDefaultFlags,
sandboxReq) == errSecSuccess) {
s_bInSandbox = true;
}
CFRelease(sandboxReq);
}
CFRelease(secCodeSelf);
}
#endif
#endif
}
//
// Produce an OSXCode for the currently running application.
//
// Note that we don't build the CFBundleRef here; we defer this to when we
// really need it for something more interesting than the base or executable paths.
// This is important because OSXCode::main() is called from various initialization
// scenarios (out of the securityd client layer), and CFBundle calls into some
// bizarrely high-level APIs to complete CFBundleGetMainBundle. Until that is fixed
// (if it ever is), this particular instance of laziness is mandatory.
//
RefPointer<OSXCode> OSXCode::main()
{
// return a code signing-aware OSXCode subclass if possible
CFRef<SecCodeRef> me;
if (!SecCodeCopySelf(kSecCSDefaultFlags, &me.aref()))
return new OSXCodeWrap(me);
// otherwise, follow the legacy path precisely - no point in messing with this, is there?
Boolean isRealBundle;
string path = cfStringRelease(_CFBundleCopyMainBundleExecutableURL(&isRealBundle));
if (isRealBundle) {
const char *cpath = path.c_str();
if (const char *slash = strrchr(cpath, '/'))
if (const char *contents = strstr(cpath, "/Contents/MacOS/"))
if (contents + 15 == slash)
return new Bundle(path.substr(0, contents-cpath).c_str());
secdebug("bundle", "OSXCode::main(%s) not recognized as bundle (treating as tool)", cpath);
}
return new ExecutableTool(path.c_str());
}
QSettingsPrivate *QSettingsPrivate::create(QSettings::Format format,
QSettings::Scope scope,
const QString &organization,
const QString &application)
{
#ifndef QT_BOOTSTRAPPED
static bool useAppLocalStorage = false;
static bool initialized = false;
if (!initialized) {
bool inSandbox = false;
#if __MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
// If we are running on at least 10.7.0 and have the com.apple.security.app-sandbox
// entitlement, we are in a sandbox
SInt32 version = 0;
Gestalt(gestaltSystemVersion, &version);
SecCodeRef secCodeSelf;
if (version >= 0x1070 && SecCodeCopySelf(kSecCSDefaultFlags, &secCodeSelf) == errSecSuccess) {
SecRequirementRef sandboxReq;
CFStringRef entitlement = CFSTR("entitlement [\"com.apple.security.app-sandbox\"]");
if (SecRequirementCreateWithString(entitlement, kSecCSDefaultFlags, &sandboxReq) == errSecSuccess) {
if (SecCodeCheckValidity(secCodeSelf, kSecCSDefaultFlags, sandboxReq) == errSecSuccess)
inSandbox = true;
CFRelease(sandboxReq);
}
CFRelease(secCodeSelf);
}
#endif
bool forAppStore = false;
if (!inSandbox) {
CFTypeRef val = CFBundleGetValueForInfoDictionaryKey(CFBundleGetMainBundle(), CFSTR("ForAppStore"));
forAppStore = (val &&
CFGetTypeID(val) == CFStringGetTypeID() &&
CFStringCompare(CFStringRef(val), CFSTR("yes"), kCFCompareCaseInsensitive) == 0);
}
useAppLocalStorage = inSandbox || forAppStore;
initialized = true;
}
if (useAppLocalStorage) {
// Ensure that the global and app-local settings go to the same file, since that's
// what we really want
if (organization == QLatin1String("Trolltech") ||
organization.isEmpty() ||
(organization == qApp->organizationDomain() && application == qApp->applicationName()) ||
(organization == qApp->organizationName()) && application == qApp->applicationName())
{
CFStringRef bundleIdentifier = CFBundleGetIdentifier(CFBundleGetMainBundle());
if (!bundleIdentifier) {
qWarning("QSettingsPrivate::create: You must set the bundle identifier when using ForAppStore");
} else {
QSettingsPrivate* settings = new QMacSettingsPrivate(bundleIdentifier);
if (organization == QLatin1String("Trolltech"))
settings->beginGroupOrArray(QSettingsGroup("QtLibrarySettings"));
return settings;
}
}
}
#endif
if (format == QSettings::NativeFormat) {
return new QMacSettingsPrivate(scope, organization, application);
} else {
return new QConfFileSettingsPrivate(format, scope, organization, application);
}
}
