From 5623dcda09f6a2717b54a28809e9f61d62b1588a Mon Sep 17 00:00:00 2001 From: ed Date: Fri, 24 Jan 2020 12:10:47 +0000 Subject: [PATCH] Projucer: Added an option to enable app sandbox inheritance in the Xcode exporter --- .../ProjectSaving/jucer_ProjectExport_Xcode.h | 41 ++++++++++++------- .../Source/Utility/Helpers/jucer_PresetIDs.h | 1 + 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/extras/Projucer/Source/ProjectSaving/jucer_ProjectExport_Xcode.h b/extras/Projucer/Source/ProjectSaving/jucer_ProjectExport_Xcode.h index 5f7c4fcbcc..a9107659c8 100644 --- a/extras/Projucer/Source/ProjectSaving/jucer_ProjectExport_Xcode.h +++ b/extras/Projucer/Source/ProjectSaving/jucer_ProjectExport_Xcode.h @@ -104,6 +104,7 @@ public: customXcodeResourceFoldersValue (settings, Ids::customXcodeResourceFolders, getUndoManager()), customXcassetsFolderValue (settings, Ids::customXcassetsFolder, getUndoManager()), appSandboxValue (settings, Ids::appSandbox, getUndoManager()), + appSandboxInheritanceValue (settings, Ids::appSandboxInheritance, getUndoManager()), appSandboxOptionsValue (settings, Ids::appSandboxOptions, getUndoManager(), Array(), ","), hardenedRuntimeValue (settings, Ids::hardenedRuntime, getUndoManager()), hardenedRuntimeOptionsValue (settings, Ids::hardenedRuntimeOptions, getUndoManager(), Array(), ","), @@ -177,6 +178,7 @@ public: Array getHardenedRuntimeOptions() const { return *hardenedRuntimeOptionsValue.get().getArray(); } bool isAppSandboxEnabled() const { return appSandboxValue.get(); } + bool isAppSandboxInhertianceEnabled() const { return appSandboxInheritanceValue.get(); } Array getAppSandboxOptions() const { return *appSandboxOptionsValue.get().getArray(); } bool isMicrophonePermissionEnabled() const { return microphonePermissionNeededValue.get(); } @@ -318,6 +320,11 @@ public: props.add (new ChoicePropertyComponent (appSandboxValue, "Use App Sandbox"), "Enable this to use the app sandbox."); + props.add (new ChoicePropertyComponentWithEnablement (appSandboxInheritanceValue, appSandboxValue, "App Sandbox Inheritance"), + "If app sandbox is enabled, this setting will configure a child process to inherit the sandbox of its parent. " + "Note that if you enable this and have specified any other app sandbox entitlements below, the child process " + "will fail to launch."); + std::vector> sandboxOptions { { "Network: Incoming Connections (Server)", "network.server" }, @@ -1189,7 +1196,7 @@ public: return true; if (owner.project.getProjectType().isAudioPlugin() - && ( (owner.isOSX() && type == Target::AudioUnitv3PlugIn) + && ((owner.isOSX() && type == Target::AudioUnitv3PlugIn) || (owner.isiOS() && type == Target::StandalonePlugIn && owner.getProject().shouldEnableIAA()))) return true; @@ -1983,7 +1990,7 @@ private: postbuildCommandValue, prebuildCommandValue, duplicateAppExResourcesFolderValue, iosDeviceFamilyValue, iPhoneScreenOrientationValue, iPadScreenOrientationValue, customXcodeResourceFoldersValue, customXcassetsFolderValue, - appSandboxValue, appSandboxOptionsValue, + appSandboxValue, appSandboxInheritanceValue, appSandboxOptionsValue, hardenedRuntimeValue, hardenedRuntimeOptionsValue, microphonePermissionNeededValue, microphonePermissionsTextValue, cameraPermissionNeededValue, cameraPermissionTextValue, iosBluetoothPermissionNeededValue, iosBluetoothPermissionTextValue, uiFileSharingEnabledValue, uiSupportsDocumentBrowserValue, uiStatusBarHiddenValue, documentExtensionsValue, iosInAppPurchasesValue, @@ -3109,15 +3116,8 @@ private: if (project.getProjectType().isAudioPlugin()) { - if (isiOS()) - { - if (project.shouldEnableIAA()) - entitlements.set ("inter-app-audio", ""); - } - else if (target.type == XcodeTarget::AudioUnitv3PlugIn) - { - entitlements.set ("com.apple.security.app-sandbox", ""); - } + if (isiOS() && project.shouldEnableIAA()) + entitlements.set ("inter-app-audio", ""); } else { @@ -3144,9 +3144,22 @@ private: for (auto& option : getHardenedRuntimeOptions()) entitlements.set (option, ""); - if (isAppSandboxEnabled()) - for (auto& option : getAppSandboxOptions()) - entitlements.set (option, ""); + if (isAppSandboxEnabled() || (project.getProjectType().isAudioPlugin() && target.type == XcodeTarget::AudioUnitv3PlugIn)) + { + entitlements.set ("com.apple.security.app-sandbox", ""); + + if (isAppSandboxInhertianceEnabled()) + { + // no other sandbox options can be specified if sandbox inheritance is enabled! + jassert (getAppSandboxOptions().isEmpty()); + + entitlements.set ("com.apple.inherit", ""); + } + + if (isAppSandboxEnabled()) + for (auto& option : getAppSandboxOptions()) + entitlements.set (option, ""); + } if (isiOS() && isiCloudPermissionsEnabled()) { diff --git a/extras/Projucer/Source/Utility/Helpers/jucer_PresetIDs.h b/extras/Projucer/Source/Utility/Helpers/jucer_PresetIDs.h index 5a3ef9cbc3..54012f3f34 100644 --- a/extras/Projucer/Source/Utility/Helpers/jucer_PresetIDs.h +++ b/extras/Projucer/Source/Utility/Helpers/jucer_PresetIDs.h @@ -187,6 +187,7 @@ namespace Ids DECLARE_ID (useLocalCopy); DECLARE_ID (overwriteOnSave); DECLARE_ID (appSandbox); + DECLARE_ID (appSandboxInheritance); DECLARE_ID (appSandboxOptions); DECLARE_ID (hardenedRuntime); DECLARE_ID (hardenedRuntimeOptions);