Skip to content

Commit

Permalink
chore: remove unix ref
Browse files Browse the repository at this point in the history
  • Loading branch information
appflowy committed Jul 15, 2024
1 parent 0a31110 commit b803d8a
Showing 1 changed file with 40 additions and 39 deletions.
79 changes: 40 additions & 39 deletions appflowy-plugin/src/core/plugin.rs
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,8 @@ pub(crate) async fn start_plugin_process(
.name(format!("<{}> core host thread", &plugin_info.name))
.spawn(move || {
info!("Load {} plugin", &plugin_info.name);

#[cfg(target_os = "macos")]
handle_macos_security_check(&plugin_info);

let child = std::process::Command::new(&plugin_info.exec_path)
Expand Down Expand Up @@ -284,50 +286,49 @@ async fn ensure_executable(exec_path: &Path) -> Result<(), anyhow::Error> {
Ok(())
}

#[cfg(target_os = "macos")]
pub fn handle_macos_security_check(plugin_info: &PluginInfo) {
if cfg!(target_os = "macos") {
trace!("macos security check: {:?}", plugin_info.exec_path);
let mut open_manually = false;
match xattr::list(&plugin_info.exec_path) {
Ok(list) => {
let mut has_quarantine = false;
let mut has_lastuseddate = false;

// https://eclecticlight.co/2023/03/16/what-is-macos-ventura-doing-tracking-provenance/
// The com.apple.quarantine attribute is used by macOS to mark files that have been downloaded from
// the internet or received via other potentially unsafe methods. When this attribute is set, macOS
// employs additional security checks before allowing the file to be opened or executed
// The presence of this attribute can cause the system to display a permission error, such as:
// code: 1, kind: PermissionDenied, message: "Operation not permitted"
for attr in list {
if attr == "com.apple.quarantine" {
has_quarantine = true;
}
if attr == "com.apple.lastuseddate#PS" {
has_lastuseddate = true;
}
if cfg!(debug_assertions) {
trace!("{:?}: xattr: {:?}", plugin_info.exec_path, attr);
}
trace!("macos security check: {:?}", plugin_info.exec_path);
let mut open_manually = false;
match xattr::list(&plugin_info.exec_path) {
Ok(list) => {
let mut has_quarantine = false;
let mut has_lastuseddate = false;

// https://eclecticlight.co/2023/03/16/what-is-macos-ventura-doing-tracking-provenance/
// The com.apple.quarantine attribute is used by macOS to mark files that have been downloaded from
// the internet or received via other potentially unsafe methods. When this attribute is set, macOS
// employs additional security checks before allowing the file to be opened or executed
// The presence of this attribute can cause the system to display a permission error, such as:
// code: 1, kind: PermissionDenied, message: "Operation not permitted"
for attr in list {
if attr == "com.apple.quarantine" {
has_quarantine = true;
}

if has_quarantine && !has_lastuseddate {
open_manually = true;
if attr == "com.apple.lastuseddate#PS" {
has_lastuseddate = true;
}
},
Err(err) => {
error!("Failed to list xattr: {:?}", err);
open_manually = true;
},
}
if cfg!(debug_assertions) {
trace!("{:?}: xattr: {:?}", plugin_info.exec_path, attr);
}
}

if open_manually {
trace!("Open plugin file manually: {:?}", plugin_info.exec_path);
// Using 'open' to trigger the macOS security check. After the user allows opening the binary,
// any subsequent 'open' command will not trigger the security check and the binary will run with permission.
if let Err(err) = Command::new("open").arg(&plugin_info.exec_path).output() {
error!("Failed to open plugin file: {:?}", err);
if has_quarantine && !has_lastuseddate {
open_manually = true;
}
},
Err(err) => {
error!("Failed to list xattr: {:?}", err);
open_manually = true;
},
}

if open_manually {
trace!("Open plugin file manually: {:?}", plugin_info.exec_path);
// Using 'open' to trigger the macOS security check. After the user allows opening the binary,
// any subsequent 'open' command will not trigger the security check and the binary will run with permission.
if let Err(err) = Command::new("open").arg(&plugin_info.exec_path).output() {
error!("Failed to open plugin file: {:?}", err);
}
}
}

0 comments on commit b803d8a

Please sign in to comment.