From 4e9d057bcaf7e88ab31e908157722e6dfc3c271d Mon Sep 17 00:00:00 2001 From: Alec Miller Date: Sun, 8 Sep 2024 21:57:34 -0700 Subject: [PATCH] kram - turn off App Sandbox in entitlements This basically sets com.apple.quarantine on any files written or read by an app. This is problematic, since trying to write profile from kramv, open that, and have it show up in the profiler. Will revisit and assign runtime hardening, sandbox, and other items to only the app store build. It's confusing since Xcode also has an "App Sandbox" setting that is set to No. --- .../kram-profile/kram_profile.entitlements | 2 +- kramv/KramViewerBase.cpp | 8 +++---- kramv/KramViewerMain.mm | 6 ++--- kramv/kramv.entitlements | 2 +- libkram/kram/KramTimer.cpp | 24 ++++++++++++++----- libkram/kram/KramZipStream.cpp | 1 + libkram/zstd/zstd.cpp | 19 +++++++++------ libkram/zstd/zstddeclib.cpp | 12 +++++++--- 8 files changed, 48 insertions(+), 26 deletions(-) diff --git a/kram-profile/kram-profile/kram_profile.entitlements b/kram-profile/kram-profile/kram_profile.entitlements index 625af03d..e00d8415 100644 --- a/kram-profile/kram-profile/kram_profile.entitlements +++ b/kram-profile/kram-profile/kram_profile.entitlements @@ -3,7 +3,7 @@ com.apple.security.app-sandbox - + com.apple.security.files.user-selected.read-only com.apple.security.network.client diff --git a/kramv/KramViewerBase.cpp b/kramv/KramViewerBase.cpp index 1bb893e4..819b3fbe 100644 --- a/kramv/KramViewerBase.cpp +++ b/kramv/KramViewerBase.cpp @@ -2548,11 +2548,9 @@ bool Data::handleEventAction(const Action* action, bool isShiftKeyDown, ActionSt if (perf->isRunning()) { perf->stop(); - // Calling this (using system call) probably - // violates app store, hardened runtime, and sandbox - // see if this can open to kram-profile - //if (!isCompressed) - // perf->openPerftrace(); + // TODO: Only do this in non-sandboxed builds, it calls system("open file") + if (!isCompressed) + perf->openPerftrace(); } } diff --git a/kramv/KramViewerMain.mm b/kramv/KramViewerMain.mm index f62ebac1..f27ea5ad 100644 --- a/kramv/KramViewerMain.mm +++ b/kramv/KramViewerMain.mm @@ -633,9 +633,9 @@ - (void)awakeFromNib // this is sandbox or root if not sandboxed // This is objC call... // This has to be in a .mm file to call - std::string traceDir = [NSHomeDirectory() UTF8String]; - traceDir += "/Traces/"; - _data.setPerfDirectory(traceDir.c_str()); + //std::string traceDir = [NSHomeDirectory() UTF8String]; + //traceDir += "/Traces/"; + //_data.setPerfDirectory(traceDir.c_str()); // TODO: see if can only open this // KLOGI("Viewer", "AwakeFromNIB"); diff --git a/kramv/kramv.entitlements b/kramv/kramv.entitlements index 18aff0ce..311b32bd 100644 --- a/kramv/kramv.entitlements +++ b/kramv/kramv.entitlements @@ -3,7 +3,7 @@ com.apple.security.app-sandbox - + com.apple.security.files.user-selected.read-only diff --git a/libkram/kram/KramTimer.cpp b/libkram/kram/KramTimer.cpp index 54c2f9f7..8e43a71d 100644 --- a/libkram/kram/KramTimer.cpp +++ b/libkram/kram/KramTimer.cpp @@ -138,6 +138,8 @@ void Perf::setPerfDirectory(const char* directoryName) _perfDirectory = directoryName; } +static bool useTempFile = false; + bool Perf::start(const char* name, bool isCompressed, uint32_t maxStackDepth) { mylock lock(_mutex); @@ -153,9 +155,17 @@ bool Perf::start(const char* name, bool isCompressed, uint32_t maxStackDepth) _maxStackDepth = maxStackDepth; // write json as binary, so win doesn't replace \n with \r\n - if (!_fileHelper.openTemporaryFile("perf-", ext, "w+b")) { - KLOGW("Perf", "Could not open oerf temp file"); - return false; + if (useTempFile) { + if (!_fileHelper.openTemporaryFile("perf-", ext, "w+b")) { + KLOGW("Perf", "Could not open perf temp file"); + return false; + } + } + else { + if (!_fileHelper.open(_filename.c_str(), "w+b")) { + KLOGW("Perf", "Could not open perf file %s", _filename.c_str()); + return false; + } } if (!_stream.open(&_fileHelper, !isCompressed)) { @@ -207,9 +217,11 @@ void Perf::stop() _stream.close(); - bool success = _fileHelper.copyTemporaryFileTo(_filename.c_str()); - if (!success) { - KLOGW("Perf", "Couldn't move temp file"); + if (useTempFile) { + bool success = _fileHelper.copyTemporaryFileTo(_filename.c_str()); + if (!success) { + KLOGW("Perf", "Couldn't move temp file"); + } } _fileHelper.close(); diff --git a/libkram/kram/KramZipStream.cpp b/libkram/kram/KramZipStream.cpp index fe6601e7..3f033163 100644 --- a/libkram/kram/KramZipStream.cpp +++ b/libkram/kram/KramZipStream.cpp @@ -155,6 +155,7 @@ Slice ZipStream::compressSlice(const Slice& in, bool finish) { KASSERT(status == MZ_STREAM_END); else KASSERT(status == MZ_OK); + (void)status; // TODO: would be nice to skip crc32 work _sourceSize += in.size(); diff --git a/libkram/zstd/zstd.cpp b/libkram/zstd/zstd.cpp index d84df3af..35fe8903 100644 --- a/libkram/zstd/zstd.cpp +++ b/libkram/zstd/zstd.cpp @@ -44,6 +44,12 @@ #endif #define ZSTD_TRACE 0 +#if NDEBUG +#define assert_or_fallthrough() [[fallthrough]] +#else +#define assert_or_fallthrough() assert(false) +#endif + /* Include zstd_deps.h first with all the options we need enabled. */ #define ZSTD_DEPS_NEED_MALLOC #define ZSTD_DEPS_NEED_MATH64 @@ -18551,7 +18557,6 @@ static size_t ZSTD_compress_frameChunk(ZSTD_CCtx* cctx, return (size_t)(op-ostart); } - static size_t ZSTD_writeFrameHeader(void* dst, size_t dstCapacity, const ZSTD_CCtx_params* params, U64 pledgedSrcSize, U32 dictID) { BYTE* const op = (BYTE*)dst; @@ -18579,7 +18584,7 @@ static size_t ZSTD_writeFrameHeader(void* dst, size_t dstCapacity, if (!singleSegment) op[pos++] = windowLogByte; switch(dictIDSizeCode) { - default: assert(0); /* impossible */ [[fallthrough]]; + default: assert_or_fallthrough(); /* impossible */ case 0 : break; case 1 : op[pos] = (BYTE)(dictID); pos++; break; case 2 : MEM_writeLE16(op+pos, (U16)dictID); pos+=2; break; @@ -18587,7 +18592,7 @@ static size_t ZSTD_writeFrameHeader(void* dst, size_t dstCapacity, } switch(fcsCode) { - default: assert(0); /* impossible */ [[fallthrough]]; + default: assert_or_fallthrough(); /* impossible */ case 0 : if (singleSegment) op[pos++] = (BYTE)(pledgedSrcSize); break; case 1 : MEM_writeLE16(op+pos, (U16)(pledgedSrcSize-256)); pos+=2; break; case 2 : MEM_writeLE32(op+pos, (U32)(pledgedSrcSize)); pos+=4; break; @@ -23099,7 +23104,7 @@ ZSTD_VecMask_rotateRight(ZSTD_VecMask mask, U32 const rotation, U32 const totalB return mask; switch (totalBits) { default: - assert(0); [[fallthrough]]; + assert_or_fallthrough(); case 16: return (mask >> rotation) | (U16)(mask << (16 - rotation)); case 32: @@ -31936,7 +31941,7 @@ size_t ZSTD_getFrameHeader_advanced(ZSTD_frameHeader* zfhPtr, const void* src, s } switch(dictIDSizeCode) { - default: assert(0); /* impossible */ [[fallthrough]]; + default: assert_or_fallthrough(); /* impossible */ case 0 : break; case 1 : dictID = ip[pos]; pos++; break; case 2 : dictID = MEM_readLE16(ip+pos); pos+=2; break; @@ -31944,7 +31949,7 @@ size_t ZSTD_getFrameHeader_advanced(ZSTD_frameHeader* zfhPtr, const void* src, s } switch(fcsID) { - default: assert(0); /* impossible */ [[fallthrough]]; + default: assert_or_fallthrough(); /* impossible */ case 0 : if (singleSegment) frameContentSize = ip[pos]; break; case 1 : frameContentSize = MEM_readLE16(ip+pos)+256; break; case 2 : frameContentSize = MEM_readLE32(ip+pos); break; @@ -32542,7 +32547,7 @@ ZSTD_nextInputType_e ZSTD_nextInputType(ZSTD_DCtx* dctx) { switch(dctx->stage) { default: /* should not happen */ - assert(0); [[fallthrough]]; + assert_or_fallthrough(); case ZSTDds_getFrameHeaderSize: case ZSTDds_decodeFrameHeader: return ZSTDnit_frameHeader; diff --git a/libkram/zstd/zstddeclib.cpp b/libkram/zstd/zstddeclib.cpp index 62d4b7d6..5068d2a9 100644 --- a/libkram/zstd/zstddeclib.cpp +++ b/libkram/zstd/zstddeclib.cpp @@ -40,6 +40,12 @@ #define ZSTD_STRIP_ERROR_STRINGS #define ZSTD_TRACE 0 +#if NDEBUG +#define assert_or_fallthrough() [[fallthrough]] +#else +#define assert_or_fallthrough() assert(false) +#endif + /* Include zstd_deps.h first with all the options we need enabled. */ #define ZSTD_DEPS_NEED_MALLOC /**** start inlining common/zstd_deps.h ****/ @@ -11891,7 +11897,7 @@ size_t ZSTD_getFrameHeader_advanced(ZSTD_frameHeader* zfhPtr, const void* src, s } switch(dictIDSizeCode) { - default: assert(0); /* impossible */ [[fallthrough]]; + default: assert_or_fallthrough(); /* impossible */ case 0 : break; case 1 : dictID = ip[pos]; pos++; break; case 2 : dictID = MEM_readLE16(ip+pos); pos+=2; break; @@ -11899,7 +11905,7 @@ size_t ZSTD_getFrameHeader_advanced(ZSTD_frameHeader* zfhPtr, const void* src, s } switch(fcsID) { - default: assert(0); /* impossible */ [[fallthrough]]; + default: assert_or_fallthrough(); /* impossible */ case 0 : if (singleSegment) frameContentSize = ip[pos]; break; case 1 : frameContentSize = MEM_readLE16(ip+pos)+256; break; case 2 : frameContentSize = MEM_readLE32(ip+pos); break; @@ -12497,7 +12503,7 @@ ZSTD_nextInputType_e ZSTD_nextInputType(ZSTD_DCtx* dctx) { switch(dctx->stage) { default: /* should not happen */ - assert(0); [[fallthrough]]; + assert_or_fallthrough(); case ZSTDds_getFrameHeaderSize: case ZSTDds_decodeFrameHeader: return ZSTDnit_frameHeader;