lo.xcent | 2 ++ sal/osl/unx/process_impl.cxx | 12 ++++++++++++ 2 files changed, 14 insertions(+)
New commits: commit 4db9852e73d9e9d662fc8a2783bace79addf1805 Author: Tor Lillqvist <[email protected]> AuthorDate: Wed Apr 29 03:17:52 2020 +0300 Commit: Tor Lillqvist <[email protected]> CommitDate: Wed Apr 29 11:28:03 2020 +0300 Fix problems when running a sandboxed LO as instdir/.../soffice on macOS The argv[0] passed to osl_setCommandArgs will then be the relative path and osl::realpath() will fail. Instead, use bootstrap_getExecutableFile() which calls _NSGetExecutablePath() to get the executable's pathname for g_command_args. Change-Id: I1345afe158d7b64871f6340733fb5490d5ca6bd8 diff --git a/sal/osl/unx/process_impl.cxx b/sal/osl/unx/process_impl.cxx index 35a5b90ece0d..0d58c98f6367 100644 --- a/sal/osl/unx/process_impl.cxx +++ b/sal/osl/unx/process_impl.cxx @@ -17,6 +17,8 @@ * the License at http://www.apache.org/licenses/LICENSE-2.0 . */ +#include <config_features.h> + #include <osl/process.h> #include <limits.h> @@ -220,6 +222,15 @@ void SAL_CALL osl_setCommandArgs (int argc, char ** argv) } if (ppArgs[0] != nullptr) { +#if HAVE_FEATURE_MACOSX_SANDBOX + // If we are called with a relative path in argv[0] in a sandboxed process + // osl::realpath() fails. So just use bootstrap_getExecutableFile() instead. + // Somewhat silly to use argv[0] and tediously figure out the absolute path from it + // anyway. + bootstrap_getExecutableFile(&ppArgs[0]); + OUString pArg0(ppArgs[0]); + osl_getFileURLFromSystemPath (pArg0.pData, &(ppArgs[0])); +#else #if !defined(ANDROID) && !defined(IOS) // No use searching PATH on Android or iOS /* see @ osl_getExecutableFile(). */ if (rtl_ustr_indexOfChar (rtl_uString_getStr(ppArgs[0]), '/') == -1) @@ -246,6 +257,7 @@ void SAL_CALL osl_setCommandArgs (int argc, char ** argv) { osl_getFileURLFromSystemPath (pArg0.pData, &(ppArgs[0])); } +#endif // !HAVE_FEATURE_MACOSX_SANDBOX } g_command_args.m_nCount = argc; g_command_args.m_ppArgs = ppArgs; commit 3591307dc4d5cf07c8bd5d42d476f0305fe01815 Author: Tor Lillqvist <[email protected]> AuthorDate: Wed Apr 29 03:16:02 2020 +0300 Commit: Tor Lillqvist <[email protected]> CommitDate: Wed Apr 29 11:27:39 2020 +0300 Add the com.apple.security.cs.disable-executable-page-protection here, too It was added in the hardened_runtime.xcent that is used for LibreOffice distribution for macOS outside the App Store already last year. Note that it is plausible that the mention of the extension manager in the comment in hardened_runtime.xcent is a red herring, and that it is just a coincidence that some extension manager code runs early on when LibreOffice is starting is the first code to make use of the dynamic machine code generation in the C++/UNO bridge. Change-Id: I90a48d585efee27a215d77e5db45d3cda5c8fedc diff --git a/lo.xcent b/lo.xcent index 02d892940d68..d0e3b5ce3f8e 100644 --- a/lo.xcent +++ b/lo.xcent @@ -20,5 +20,7 @@ <true/> <key>com.apple.security.print</key> <true/> + <key>com.apple.security.cs.disable-executable-page-protection</key> + <true/> </dict> </plist> _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
