Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sandbox: Fix regression that caused Sandbox::canAccess to fail #12457

Merged
merged 6 commits into from
Dec 22, 2023
Merged

Sandbox: Fix regression that caused Sandbox::canAccess to fail #12457

merged 6 commits into from
Dec 22, 2023

Conversation

fwcd
Copy link
Member

@fwcd fwcd commented Dec 22, 2023

Fixes #12137 (and #11552)

This fixes a regression with macOS sandboxing introduced in #3761 that caused Sandbox::canAccess to always fail and to wrongly present this dialog on every launch:

image

The issue was that the token is not assigned to a variable and thus immediately deinitialized (and invalidated):

bool Sandbox::canAccess(mixxx::FileInfo* pFileInfo) {
    ...
    openSecurityToken(pFileInfo, true); // Token is invalidated immediately
    return pFileInfo->isReadable();     // therefore this may wrongly return false!
}

See #3761 (comment) for details. To avoid regressing on this in the future, I have added a [[nodiscard]] to the openSecurityToken methods, which will generate a warning if used like this again.

fwcd added 2 commits December 22, 2023 03:16
@fwcd
Sandbox: Mark openSecurityToken methods as [[nodiscard]]
e1efae3
@fwcd
Sandbox: Keep security tokens alive in canAccess methods
3879183 
This fixes a regression introduced in 5111af7
and the corresponding issues (mixxxdj#11552 and mixxxdj#12137).

To prevent this from happening again, 8c6154e
marks `openSecurityToken` as `[[nodiscard]]`.
@fwcd fwcd added this to the 2.4.0 milestone Dec 22, 2023
@fwcd fwcd added the macos label Dec 22, 2023
@fwcd fwcd linked an issue Dec 22, 2023 that may be closed by this pull request
Mixxx seeking access permission form iTunes Media folder on every launch #12137
Closed
@JoergAtGithub
Copy link
Member

Doesn't the compiler optimize this unused variable away?

@Holzhaus
Copy link
Member

Doesn't the compiler optimize this unused variable away?

I think not. We also use RAII and there the unused variable is not optimized away either. But in any case we should probably mark the token with Q_UNUSED or something?

daschuer
daschuer requested changes Dec 22, 2023
View reviewed changes
src/util/sandbox.h Outdated Show resolved Hide resolved
@daschuer
Copy link
Member

I think we have no issue with the variable being unused. It is a QSharedPointer which has a scope until the end of the function.

@fwcd fwcd force-pushed the fix-sandbox-access-2.4 branch from a74a637 to a9f55c9 Compare December 22, 2023 10:09
uklotzde
uklotzde reviewed Dec 22, 2023
View reviewed changes
src/util/sandbox.h Outdated Show resolved Hide resolved
@fwcd fwcd changed the title Sandbox: Fix regression that caused Sandbox::canAccess to always fail Sandbox: Fix regression that caused Sandbox::canAccess to fail Dec 22, 2023
daschuer
daschuer approved these changes Dec 22, 2023
View reviewed changes
Copy link
Member

@daschuer daschuer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you. 2.4 is coming into sight!

@daschuer daschuer merged commit bbc610d into mixxxdj:2.4 Dec 22, 2023
13 checks passed
@fwcd fwcd deleted the fix-sandbox-access-2.4 branch December 22, 2023 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoergAtGithub JoergAtGithub JoergAtGithub left review comments

@uklotzde uklotzde uklotzde left review comments

@Swiftb0y Swiftb0y Swiftb0y approved these changes

@daschuer daschuer daschuer approved these changes

Assignees
No one assigned
Labels
macos sandboxing
Projects
None yet
Milestone
2.4.0
Development

Successfully merging this pull request may close these issues.

Mixxx seeking access permission form iTunes Media folder on every launch
6 participants
@fwcd @JoergAtGithub @Holzhaus @daschuer @uklotzde @Swiftb0y