-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MacOS sandboxing feature #16090
MacOS sandboxing feature #16090
Conversation
Might solve some rare/random issues with initial directory not being applied
…upposed to be true. Plain BCL doesn't provide files bookmarking.
You can test this PR using the following package version. |
What is wrong with BCL provider to have support for "fake" bookmarks? Weren't those supposed to make it easier to debug relevant code paths on Windows/Linux? |
Maybe we could return some mangled path that can't be used as a filename? i. e. just use base64 encoding. |
You can test this PR using the following package version. |
@kekekeks re-enabled BCL bookmarks, as base64 strings. |
You can test this PR using the following package version. |
You can test this PR using the following package version. |
Can we also prefix bookmarks, so we could distinguish between types of those if we make changes later? Since we already have to make behavioral breaking changes here, I'd like to future-proof this area. |
@kekekeks bookmarks are now prefixed on all platforms. |
You can test this PR using the following package version. |
You can test this PR using the following package version. |
You can test this PR using the following package version. |
{ | ||
private const int PrefixLength = 16; | ||
|
||
private static ReadOnlySpan<byte> FakeBclBookmarkPlatform => "avalonia-bcl"u8; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: won't it make more sense to have this prefix in the BCL provider itself?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I intended to make EncodeBclBookmark/TryDecodeBclBookmark methods visible outside of BclStorageProvider. Like it's used in macOS backend now:
https://github.com/AvaloniaUI/Avalonia/pull/16090/files/47c3e3cdfa3496a46240fd5141358c81b7b5f340#diff-01a97878717fd9596b20885a6a096cda57ec8f4b1c98d00961d5a1fa348d2c77R137-R140
Are prefixes separated via some character from the rest of the content? Would make more sense for it to be |
Currently, "platform" part of the bookmark length is const 16 bytes. |
return true; | ||
} | ||
|
||
localPath = null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably also check for the bookmark format created by older versions. Depending on the platform that would be a StartsWith("/")
/Regex.IsMatch(@"^[A-Za-z]:[\\/]")
check. Could also follow with a File.Exists
check to be sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Supporting older bookmarks would make this change much more difficult. Primarily because of iOS and Browser platforms, where bookmarks are the most important. We can't simply check if file exist there. And bookmarks there never been a file path.
BCL implementation of bookmarks is the least important.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, we are planning to break all apps that were previously using the API, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kekekeks pushed couple of changes.
- All bookmarks are now prefixed with "ava."
- All bookmarks now have bookmark version information prefixed as well, i.e. "ava.v1.bcl"
- If bookmark doesn't have a prefix, attempt to load it as if it's an old format bookmarks (i.e. 11.0, 11.1 state)
So should be better now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we will ever need to extend bookmarks format, i.e. add extra information or make header bigger or dynamic, v2 can be added without breaking v1.
You can test this PR using the following package version. |
What does the pull request do?
This PR resurrects idea of old PR - #6540.
In short, in order to make macOS app working with the AppStore sandbox, developers need to be careful with how they interact with the File System:
[NSURL startAccessingSecurityScopedResource]
+[NSURL stopAccessingSecurityScopedResource]
.bookmark
access to these files in order to reuse them between app sessions. Simply saving full file path won't work, as OS might not allow direct file access.Old PR was created when we didn't have a better idea how this API should look like. And later it was implemented for mobile and browser platforms with new StorageProvider API, where we fully support sandboxed bookmarks. macOS platform was temporary skipped due to complexity and chance of introducing bugs to the existing backend (+it was low priority).
How to test
Extra: use https://stackoverflow.com/questions/24947661/os-x-app-testing-for-sandbox-violations
Breaking changes
Two breaking changes:
[NSURL startAccessingSecurityScopedResource]
each time when user accesses file, including stream operations (we have a stream wrapper for that). It's not a breaking change by itself, but it's rather a big impact that might introduce unwanted bugs. It's possible to disable this behavior by passingAvaloniaNativePlatformOptions.AppSandboxEnabled = false
, which will revert to old non-sandboxed APIs.Fixed issues
Fixes #6537
Reopens #6540