electron/atom/browser/ui/cocoa/atom_bundle_mover.mm

426 lines
14 KiB
Text
Raw Normal View History

// Copyright (c) 2017 GitHub, Inc.
// Use of this source code is governed by the MIT license that can be
// found in the LICENSE file.
#import "atom/browser/ui/cocoa/atom_bundle_mover.h"
#include <string>
#import <AppKit/AppKit.h>
#import <Foundation/Foundation.h>
#import <Security/Security.h>
#import <dlfcn.h>
#import <sys/mount.h>
2018-04-20 18:47:04 +00:00
#import <sys/param.h>
#import "atom/browser/browser.h"
namespace atom {
namespace ui {
namespace cocoa {
bool AtomBundleMover::Move(mate::Arguments* args) {
// Path of the current bundle
NSString* bundlePath = [[NSBundle mainBundle] bundlePath];
// Skip if the application is already in the Applications folder
2018-04-20 18:47:04 +00:00
if (IsInApplicationsFolder(bundlePath))
return true;
NSFileManager* fileManager = [NSFileManager defaultManager];
NSString* diskImageDevice = ContainingDiskImageDevice(bundlePath);
2018-04-20 18:47:04 +00:00
NSString* applicationsDirectory = [[NSSearchPathForDirectoriesInDomains(
NSApplicationDirectory, NSLocalDomainMask, true) lastObject]
stringByResolvingSymlinksInPath];
NSString* bundleName = [bundlePath lastPathComponent];
NSString* destinationPath =
[applicationsDirectory stringByAppendingPathComponent:bundleName];
// Check if we can write to the applications directory
// and then make sure that if the app already exists we can overwrite it
2018-04-20 18:47:04 +00:00
bool needAuthorization =
![fileManager isWritableFileAtPath:applicationsDirectory] |
([fileManager fileExistsAtPath:destinationPath] &&
![fileManager isWritableFileAtPath:destinationPath]);
2018-04-20 18:47:04 +00:00
// Activate app -- work-around for focus issues related to "scary file from
// internet" OS dialog.
if (![NSApp isActive]) {
[NSApp activateIgnoringOtherApps:true];
}
// Move to applications folder
if (needAuthorization) {
bool authorizationCanceled;
2018-04-20 18:47:04 +00:00
if (!AuthorizedInstall(bundlePath, destinationPath,
&authorizationCanceled)) {
if (authorizationCanceled) {
// User rejected the authorization request
args->ThrowError("User rejected the authorization request");
return false;
2018-04-20 18:47:04 +00:00
} else {
args->ThrowError(
"Failed to copy to applications directory even with authorization");
return false;
}
}
} else {
// If a copy already exists in the Applications folder, put it in the Trash
if ([fileManager fileExistsAtPath:destinationPath]) {
// But first, make sure that it's not running
if (IsApplicationAtPathRunning(destinationPath)) {
// Give the running app focus and terminate myself
2018-04-20 18:47:04 +00:00
[[NSTask
launchedTaskWithLaunchPath:@"/usr/bin/open"
arguments:[NSArray
arrayWithObject:destinationPath]]
waitUntilExit];
atom::Browser::Get()->Quit();
return true;
} else {
2018-04-20 18:47:04 +00:00
if (!Trash([applicationsDirectory
stringByAppendingPathComponent:bundleName])) {
args->ThrowError("Failed to delete existing application");
return false;
}
}
}
if (!CopyBundle(bundlePath, destinationPath)) {
2018-04-20 18:47:04 +00:00
args->ThrowError(
"Failed to copy current bundle to the applications folder");
return false;
}
}
// Trash the original app. It's okay if this fails.
2018-04-20 18:47:04 +00:00
// NOTE: This final delete does not work if the source bundle is in a network
// mounted volume.
// Calling rm or file manager's delete method doesn't work either. It's
// unlikely to happen but it'd be great if someone could fix this.
if (diskImageDevice == nil && !DeleteOrTrash(bundlePath)) {
// Could not delete original but we just don't care
}
// Relaunch.
Relaunch(destinationPath);
2018-04-20 18:47:04 +00:00
// Launched from within a disk image? -- unmount (if no files are open after 5
// seconds, otherwise leave it mounted).
if (diskImageDevice) {
2018-04-20 18:47:04 +00:00
NSString* script = [NSString
stringWithFormat:@"(/bin/sleep 5 && /usr/bin/hdiutil detach %@) &",
ShellQuotedString(diskImageDevice)];
[NSTask launchedTaskWithLaunchPath:@"/bin/sh"
arguments:[NSArray arrayWithObjects:@"-c", script,
nil]];
}
atom::Browser::Get()->Quit();
return true;
}
bool AtomBundleMover::IsCurrentAppInApplicationsFolder() {
2018-04-20 18:47:04 +00:00
return IsInApplicationsFolder([[NSBundle mainBundle] bundlePath]);
}
bool AtomBundleMover::IsInApplicationsFolder(NSString* bundlePath) {
// Check all the normal Application directories
2018-04-20 18:47:04 +00:00
NSArray* applicationDirs = NSSearchPathForDirectoriesInDomains(
NSApplicationDirectory, NSAllDomainsMask, true);
for (NSString* appDir in applicationDirs) {
2018-04-20 18:47:04 +00:00
if ([bundlePath hasPrefix:appDir])
return true;
}
2018-04-20 18:47:04 +00:00
// Also, handle the case that the user has some other Application directory
// (perhaps on a separate data partition).
if ([[bundlePath pathComponents] containsObject:@"Applications"])
return true;
return false;
}
NSString* AtomBundleMover::ContainingDiskImageDevice(NSString* bundlePath) {
NSString* containingPath = [bundlePath stringByDeletingLastPathComponent];
struct statfs fs;
2018-04-20 18:47:04 +00:00
if (statfs([containingPath fileSystemRepresentation], &fs) ||
(fs.f_flags & MNT_ROOTFS))
return nil;
2018-04-20 18:47:04 +00:00
NSString* device = [[NSFileManager defaultManager]
stringWithFileSystemRepresentation:fs.f_mntfromname
length:strlen(fs.f_mntfromname)];
2018-04-20 18:47:04 +00:00
NSTask* hdiutil = [[[NSTask alloc] init] autorelease];
[hdiutil setLaunchPath:@"/usr/bin/hdiutil"];
[hdiutil setArguments:[NSArray arrayWithObjects:@"info", @"-plist", nil]];
[hdiutil setStandardOutput:[NSPipe pipe]];
[hdiutil launch];
[hdiutil waitUntilExit];
2018-04-20 18:47:04 +00:00
NSData* data =
[[[hdiutil standardOutput] fileHandleForReading] readDataToEndOfFile];
NSDictionary* info =
[NSPropertyListSerialization propertyListWithData:data
options:NSPropertyListImmutable
format:NULL
error:NULL];
2018-04-20 18:47:04 +00:00
if (![info isKindOfClass:[NSDictionary class]])
return nil;
2018-04-20 18:47:04 +00:00
NSArray* images = (NSArray*)[info objectForKey:@"images"];
if (![images isKindOfClass:[NSArray class]])
return nil;
2018-04-20 18:47:04 +00:00
for (NSDictionary* image in images) {
if (![image isKindOfClass:[NSDictionary class]])
return nil;
id systemEntities = [image objectForKey:@"system-entities"];
2018-04-20 18:47:04 +00:00
if (![systemEntities isKindOfClass:[NSArray class]])
return nil;
2018-04-20 18:47:04 +00:00
for (NSDictionary* systemEntity in systemEntities) {
if (![systemEntity isKindOfClass:[NSDictionary class]])
return nil;
2018-04-20 18:47:04 +00:00
NSString* devEntry = [systemEntity objectForKey:@"dev-entry"];
if (![devEntry isKindOfClass:[NSString class]])
return nil;
if ([devEntry isEqualToString:device])
return device;
}
}
return nil;
}
2018-04-20 18:47:04 +00:00
bool AtomBundleMover::AuthorizedInstall(NSString* srcPath,
NSString* dstPath,
bool* canceled) {
if (canceled)
*canceled = false;
2018-04-20 18:47:04 +00:00
// Make sure that the destination path is an app bundle. We're essentially
// running 'sudo rm -rf' so we really don't want to screw this up.
if (![[dstPath pathExtension] isEqualToString:@"app"])
return false;
// Do some more checks
2018-04-20 18:47:04 +00:00
if ([[dstPath stringByTrimmingCharactersInSet:[NSCharacterSet
whitespaceCharacterSet]]
length] == 0)
return false;
if ([[srcPath stringByTrimmingCharactersInSet:[NSCharacterSet
whitespaceCharacterSet]]
length] == 0)
return false;
int pid, status;
AuthorizationRef myAuthorizationRef;
// Get the authorization
2018-04-20 18:47:04 +00:00
OSStatus err =
AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
kAuthorizationFlagDefaults, &myAuthorizationRef);
if (err != errAuthorizationSuccess)
return false;
AuthorizationItem myItems = {kAuthorizationRightExecute, 0, NULL, 0};
AuthorizationRights myRights = {1, &myItems};
2018-04-20 18:47:04 +00:00
AuthorizationFlags myFlags = (AuthorizationFlags)(
kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights |
kAuthorizationFlagPreAuthorize);
2018-04-20 18:47:04 +00:00
err = AuthorizationCopyRights(myAuthorizationRef, &myRights, NULL, myFlags,
NULL);
if (err != errAuthorizationSuccess) {
if (err == errAuthorizationCanceled && canceled)
*canceled = true;
goto fail;
}
2018-04-20 18:47:04 +00:00
static OSStatus (*security_AuthorizationExecuteWithPrivileges)(
AuthorizationRef authorization, const char* pathToTool,
AuthorizationFlags options, char* const* arguments,
FILE** communicationsPipe) = NULL;
if (!security_AuthorizationExecuteWithPrivileges) {
2018-04-20 18:47:04 +00:00
// On 10.7, AuthorizationExecuteWithPrivileges is deprecated. We want to
// still use it since there's no good alternative (without requiring code
// signing). We'll look up the function through dyld and fail if it is no
// longer accessible. If Apple removes the function entirely this will fail
// gracefully. If they keep the function and throw some sort of exception,
// this won't fail gracefully, but that's a risk we'll have to take for now.
security_AuthorizationExecuteWithPrivileges = (OSStatus(*)(
AuthorizationRef, const char*, AuthorizationFlags, char* const*,
FILE**))dlsym(RTLD_DEFAULT, "AuthorizationExecuteWithPrivileges");
}
2018-04-20 18:47:04 +00:00
if (!security_AuthorizationExecuteWithPrivileges)
goto fail;
// Delete the destination
{
char rf[] = "-rf";
2018-04-20 18:47:04 +00:00
char* args[] = {rf, (char*)[dstPath fileSystemRepresentation], NULL};
err = security_AuthorizationExecuteWithPrivileges(
myAuthorizationRef, "/bin/rm", kAuthorizationFlagDefaults, args, NULL);
if (err != errAuthorizationSuccess)
goto fail;
// Wait until it's done
pid = wait(&status);
2018-04-20 18:47:04 +00:00
if (pid == -1 || !WIFEXITED(status))
goto fail; // We don't care about exit status as the destination most
// likely does not exist
}
// Copy
{
char pR[] = "-pR";
2018-04-20 18:47:04 +00:00
char* args[] = {pR, (char*)[srcPath fileSystemRepresentation],
(char*)[dstPath fileSystemRepresentation], NULL};
err = security_AuthorizationExecuteWithPrivileges(
myAuthorizationRef, "/bin/cp", kAuthorizationFlagDefaults, args, NULL);
if (err != errAuthorizationSuccess)
goto fail;
// Wait until it's done
pid = wait(&status);
2018-04-20 18:47:04 +00:00
if (pid == -1 || !WIFEXITED(status) || WEXITSTATUS(status))
goto fail;
}
AuthorizationFree(myAuthorizationRef, kAuthorizationFlagDefaults);
return true;
fail:
AuthorizationFree(myAuthorizationRef, kAuthorizationFlagDefaults);
return false;
}
bool AtomBundleMover::CopyBundle(NSString* srcPath, NSString* dstPath) {
NSFileManager* fileManager = [NSFileManager defaultManager];
NSError* error = nil;
if ([fileManager copyItemAtPath:srcPath toPath:dstPath error:&error]) {
return true;
2018-04-20 18:47:04 +00:00
} else {
return false;
}
}
NSString* AtomBundleMover::ShellQuotedString(NSString* string) {
2018-04-20 18:47:04 +00:00
return [NSString
stringWithFormat:@"'%@'",
[string stringByReplacingOccurrencesOfString:@"'"
withString:@"'\\''"]];
}
void AtomBundleMover::Relaunch(NSString* destinationPath) {
// The shell script waits until the original app process terminates.
// This is done so that the relaunched app opens as the front-most app.
int pid = [[NSProcessInfo processInfo] processIdentifier];
// Command run just before running open /final/path
NSString* preOpenCmd = @"";
NSString* quotedDestinationPath = ShellQuotedString(destinationPath);
// Before we launch the new app, clear xattr:com.apple.quarantine to avoid
// duplicate "scary file from the internet" dialog.
2018-04-20 18:47:04 +00:00
preOpenCmd = [NSString
stringWithFormat:@"/usr/bin/xattr -d -r com.apple.quarantine %@",
quotedDestinationPath];
NSString* script =
[NSString stringWithFormat:
@"(while /bin/kill -0 %d >&/dev/null; do /bin/sleep 0.1; "
@"done; %@; /usr/bin/open %@) &",
pid, preOpenCmd, quotedDestinationPath];
[NSTask
launchedTaskWithLaunchPath:@"/bin/sh"
arguments:[NSArray arrayWithObjects:@"-c", script, nil]];
}
bool AtomBundleMover::IsApplicationAtPathRunning(NSString* bundlePath) {
bundlePath = [bundlePath stringByStandardizingPath];
2018-04-20 18:47:04 +00:00
for (NSRunningApplication* runningApplication in
[[NSWorkspace sharedWorkspace] runningApplications]) {
NSString* runningAppBundlePath =
[[[runningApplication bundleURL] path] stringByStandardizingPath];
if ([runningAppBundlePath isEqualToString:bundlePath]) {
return true;
}
}
return false;
}
bool AtomBundleMover::Trash(NSString* path) {
bool result = false;
if (floor(NSAppKitVersionNumber) >= NSAppKitVersionNumber10_8) {
2018-04-20 18:47:04 +00:00
result = [[NSFileManager defaultManager]
trashItemAtURL:[NSURL fileURLWithPath:path]
resultingItemURL:NULL
error:NULL];
}
if (!result) {
2018-04-20 18:47:04 +00:00
result = [[NSWorkspace sharedWorkspace]
performFileOperation:NSWorkspaceRecycleOperation
source:[path stringByDeletingLastPathComponent]
destination:@""
files:[NSArray arrayWithObject:[path lastPathComponent]]
tag:NULL];
}
2018-04-20 18:47:04 +00:00
// As a last resort try trashing with AppleScript.
2018-04-20 18:47:04 +00:00
// This allows us to trash the app in macOS Sierra even when the app is
// running inside an app translocation image.
if (!result) {
auto* code = R"str(
set theFile to POSIX file "%@"
tell application "Finder"
move theFile to trash
end tell
)str";
2018-04-20 18:47:04 +00:00
NSAppleScript* appleScript = [[[NSAppleScript alloc]
initWithSource:[NSString stringWithFormat:@(code), path]] autorelease];
NSDictionary* errorDict = nil;
2018-04-20 18:47:04 +00:00
NSAppleEventDescriptor* scriptResult =
[appleScript executeAndReturnError:&errorDict];
result = (scriptResult != nil);
}
return result;
}
bool AtomBundleMover::DeleteOrTrash(NSString* path) {
NSError* error;
if ([[NSFileManager defaultManager] removeItemAtPath:path error:&error]) {
return true;
} else {
return Trash(path);
}
}
} // namespace cocoa
} // namespace ui
} // namespace atom