kram - turn off App Sandbox in entitlements

This basically sets com.apple.quarantine on any files written or read by an app. This is problematic, since trying to write profile from kramv, open that, and have it show up in the profiler. Will revisit and assign runtime hardening, sandbox, and other items to only the app store build. It's confusing since Xcode also has an "App Sandbox" setting that is set to No.
alecazam · Sep 9, 2024 · 4e9d057 · 4e9d057
1 parent 5f3885b
commit 4e9d057
Show file tree

Hide file tree

Showing 8 changed files with 48 additions and 26 deletions.
diff --git a/kram-profile/kram-profile/kram_profile.entitlements b/kram-profile/kram-profile/kram_profile.entitlements
@@ -3,7 +3,7 @@
 <plist version="1.0">
 <dict>
 	<key>com.apple.security.app-sandbox</key>
-	<true/>
+	<false/>
 	<key>com.apple.security.files.user-selected.read-only</key>
 	<true/>
 	<key>com.apple.security.network.client</key>

diff --git a/kramv/KramViewerBase.cpp b/kramv/KramViewerBase.cpp
@@ -2548,11 +2548,9 @@ bool Data::handleEventAction(const Action* action, bool isShiftKeyDown, ActionSt
             if (perf->isRunning()) {
                 perf->stop();
 
-                // Calling this (using system call) probably
-                // violates app store, hardened runtime, and sandbox
-                // see if this can open to kram-profile
-                //if (!isCompressed)
-                //    perf->openPerftrace();
+                // TODO: Only do this in non-sandboxed builds, it calls system("open file")
+                if (!isCompressed)
+                    perf->openPerftrace();
             }
         }
 

diff --git a/kramv/KramViewerMain.mm b/kramv/KramViewerMain.mm
@@ -633,9 +633,9 @@ - (void)awakeFromNib
     // this is sandbox or root if not sandboxed
     // This is objC call...
     // This has to be in a .mm file to call
-    std::string traceDir = [NSHomeDirectory() UTF8String];
-    traceDir += "/Traces/";
-    _data.setPerfDirectory(traceDir.c_str());
+    //std::string traceDir = [NSHomeDirectory() UTF8String];
+    //traceDir += "/Traces/";
+    //_data.setPerfDirectory(traceDir.c_str());
 
     // TODO: see if can only open this
     // KLOGI("Viewer", "AwakeFromNIB");

diff --git a/kramv/kramv.entitlements b/kramv/kramv.entitlements
@@ -3,7 +3,7 @@
 <plist version="1.0">
 <dict>
 	<key>com.apple.security.app-sandbox</key>
-	<true/>
+	<false/>
 	<key>com.apple.security.files.user-selected.read-only</key>
 	<true/>
 </dict>

diff --git a/libkram/kram/KramTimer.cpp b/libkram/kram/KramTimer.cpp
@@ -138,6 +138,8 @@ void Perf::setPerfDirectory(const char* directoryName)
     _perfDirectory = directoryName;
 }
 
+static bool useTempFile = false;
+
 bool Perf::start(const char* name, bool isCompressed, uint32_t maxStackDepth)
 {
     mylock lock(_mutex);
@@ -153,9 +155,17 @@ bool Perf::start(const char* name, bool isCompressed, uint32_t maxStackDepth)
     _maxStackDepth = maxStackDepth;
 
     // write json as binary, so win doesn't replace \n with \r\n
-    if (!_fileHelper.openTemporaryFile("perf-", ext, "w+b")) {
-        KLOGW("Perf", "Could not open oerf temp file");
-        return false;
+    if (useTempFile) {
+        if (!_fileHelper.openTemporaryFile("perf-", ext, "w+b")) {
+            KLOGW("Perf", "Could not open perf temp file");
+            return false;
+        }
+    }
+    else {
+        if (!_fileHelper.open(_filename.c_str(), "w+b")) {
+            KLOGW("Perf", "Could not open perf file %s", _filename.c_str());
+            return false;
+        }
     }
 
     if (!_stream.open(&_fileHelper, !isCompressed)) {
@@ -207,9 +217,11 @@ void Perf::stop()
 
     _stream.close();
 
-    bool success = _fileHelper.copyTemporaryFileTo(_filename.c_str());
-    if (!success) {
-        KLOGW("Perf", "Couldn't move temp file");
+    if (useTempFile) {
+        bool success = _fileHelper.copyTemporaryFileTo(_filename.c_str());
+        if (!success) {
+            KLOGW("Perf", "Couldn't move temp file");
+        }
     }
 
     _fileHelper.close();

diff --git a/libkram/kram/KramZipStream.cpp b/libkram/kram/KramZipStream.cpp
@@ -155,6 +155,7 @@ Slice ZipStream::compressSlice(const Slice& in, bool finish) {
         KASSERT(status == MZ_STREAM_END);
     else
         KASSERT(status == MZ_OK);
+    (void)status;
 
     // TODO: would be nice to skip crc32 work
     _sourceSize += in.size();

diff --git a/libkram/zstd/zstd.cpp b/libkram/zstd/zstd.cpp
@@ -44,6 +44,12 @@
 #endif
 #define ZSTD_TRACE 0
 
+#if NDEBUG
+#define assert_or_fallthrough() [[fallthrough]]
+#else
+#define assert_or_fallthrough() assert(false)
+#endif
+
 /* Include zstd_deps.h first with all the options we need enabled. */
 #define ZSTD_DEPS_NEED_MALLOC
 #define ZSTD_DEPS_NEED_MATH64
@@ -18551,7 +18557,6 @@ static size_t ZSTD_compress_frameChunk(ZSTD_CCtx* cctx,
     return (size_t)(op-ostart);
 }
 
-
 static size_t ZSTD_writeFrameHeader(void* dst, size_t dstCapacity,
                                     const ZSTD_CCtx_params* params, U64 pledgedSrcSize, U32 dictID)
 {   BYTE* const op = (BYTE*)dst;
@@ -18579,15 +18584,15 @@ static size_t ZSTD_writeFrameHeader(void* dst, size_t dstCapacity,
     if (!singleSegment) op[pos++] = windowLogByte;
     switch(dictIDSizeCode)
     {
-        default:  assert(0); /* impossible */ [[fallthrough]];
+        default:  assert_or_fallthrough(); /* impossible */
         case 0 : break;
         case 1 : op[pos] = (BYTE)(dictID); pos++; break;
         case 2 : MEM_writeLE16(op+pos, (U16)dictID); pos+=2; break;
         case 3 : MEM_writeLE32(op+pos, dictID); pos+=4; break;
     }
     switch(fcsCode)
     {
-        default:  assert(0); /* impossible */ [[fallthrough]];
+        default:  assert_or_fallthrough(); /* impossible */
         case 0 : if (singleSegment) op[pos++] = (BYTE)(pledgedSrcSize); break;
         case 1 : MEM_writeLE16(op+pos, (U16)(pledgedSrcSize-256)); pos+=2; break;
         case 2 : MEM_writeLE32(op+pos, (U32)(pledgedSrcSize)); pos+=4; break;
@@ -23099,7 +23104,7 @@ ZSTD_VecMask_rotateRight(ZSTD_VecMask mask, U32 const rotation, U32 const totalB
     return mask;
   switch (totalBits) {
     default:
-          assert(0); [[fallthrough]];
+          assert_or_fallthrough();
     case 16:
       return (mask >> rotation) | (U16)(mask << (16 - rotation));
     case 32:
@@ -31936,15 +31941,15 @@ size_t ZSTD_getFrameHeader_advanced(ZSTD_frameHeader* zfhPtr, const void* src, s
         }
         switch(dictIDSizeCode)
         {
-            default: assert(0);  /* impossible */ [[fallthrough]];
+            default: assert_or_fallthrough();  /* impossible */
             case 0 : break;
             case 1 : dictID = ip[pos]; pos++; break;
             case 2 : dictID = MEM_readLE16(ip+pos); pos+=2; break;
             case 3 : dictID = MEM_readLE32(ip+pos); pos+=4; break;
         }
         switch(fcsID)
         {
-            default: assert(0);  /* impossible */ [[fallthrough]];
+            default: assert_or_fallthrough();  /* impossible */
             case 0 : if (singleSegment) frameContentSize = ip[pos]; break;
             case 1 : frameContentSize = MEM_readLE16(ip+pos)+256; break;
             case 2 : frameContentSize = MEM_readLE32(ip+pos); break;
@@ -32542,7 +32547,7 @@ ZSTD_nextInputType_e ZSTD_nextInputType(ZSTD_DCtx* dctx) {
     switch(dctx->stage)
     {
     default:   /* should not happen */
-            assert(0); [[fallthrough]];
+            assert_or_fallthrough();
     case ZSTDds_getFrameHeaderSize:
     case ZSTDds_decodeFrameHeader:
         return ZSTDnit_frameHeader;

diff --git a/libkram/zstd/zstddeclib.cpp b/libkram/zstd/zstddeclib.cpp
@@ -40,6 +40,12 @@
 #define ZSTD_STRIP_ERROR_STRINGS
 #define ZSTD_TRACE 0
 
+#if NDEBUG
+#define assert_or_fallthrough() [[fallthrough]]
+#else
+#define assert_or_fallthrough() assert(false)
+#endif
+
 /* Include zstd_deps.h first with all the options we need enabled. */
 #define ZSTD_DEPS_NEED_MALLOC
 /**** start inlining common/zstd_deps.h ****/
@@ -11891,15 +11897,15 @@ size_t ZSTD_getFrameHeader_advanced(ZSTD_frameHeader* zfhPtr, const void* src, s
         }
         switch(dictIDSizeCode)
         {
-            default: assert(0);  /* impossible */ [[fallthrough]];
+            default: assert_or_fallthrough();  /* impossible */
             case 0 : break;
             case 1 : dictID = ip[pos]; pos++; break;
             case 2 : dictID = MEM_readLE16(ip+pos); pos+=2; break;
             case 3 : dictID = MEM_readLE32(ip+pos); pos+=4; break;
         }
         switch(fcsID)
         {
-            default: assert(0);  /* impossible */ [[fallthrough]];
+            default: assert_or_fallthrough();  /* impossible */
             case 0 : if (singleSegment) frameContentSize = ip[pos]; break;
             case 1 : frameContentSize = MEM_readLE16(ip+pos)+256; break;
             case 2 : frameContentSize = MEM_readLE32(ip+pos); break;
@@ -12497,7 +12503,7 @@ ZSTD_nextInputType_e ZSTD_nextInputType(ZSTD_DCtx* dctx) {
     switch(dctx->stage)
     {
     default:   /* should not happen */
-            assert(0); [[fallthrough]];
+            assert_or_fallthrough();
     case ZSTDds_getFrameHeaderSize:
     case ZSTDds_decodeFrameHeader:
         return ZSTDnit_frameHeader;