Skip to content

Commit cf9e485

Browse files
akien-mgaakien-mga
committed
Merge pull request #94518 from bruvzg/mac_net_non_sandboxed_sign
[macOS] Fix codesigning of .NET helper executables when sandboxing is disabled.
2 parents 2549205 + 975ee76 commit cf9e485

File tree

2 files changed

+11
-10
lines changed

2 files changed

+11
-10
lines changed

platform/macos/export/export_plugin.cpp

+9-8
Original file line numberDiff line numberDiff line change
@@ -1213,6 +1213,7 @@ Error EditorExportPlatformMacOS::_code_sign_directory(const Ref<EditorExportPres
12131213
const String &p_ent_path, const String &p_helper_ent_path, bool p_should_error_on_non_code) {
12141214
static Vector<String> extensions_to_sign;
12151215

1216+
bool sandbox = p_preset->get("codesign/entitlements/app_sandbox/enabled");
12161217
if (extensions_to_sign.is_empty()) {
12171218
extensions_to_sign.push_back("dylib");
12181219
extensions_to_sign.push_back("framework");
@@ -1239,7 +1240,7 @@ Error EditorExportPlatformMacOS::_code_sign_directory(const Ref<EditorExportPres
12391240
if (extensions_to_sign.has(current_file.get_extension())) {
12401241
String ent_path = p_ent_path;
12411242
bool set_bundle_id = false;
1242-
if (FileAccess::exists(current_file_path)) {
1243+
if (sandbox && FileAccess::exists(current_file_path)) {
12431244
int ftype = MachO::get_filetype(current_file_path);
12441245
if (ftype == 2 || ftype == 5) {
12451246
ent_path = p_helper_ent_path;
@@ -1274,7 +1275,7 @@ Error EditorExportPlatformMacOS::_copy_and_sign_files(Ref<DirAccess> &dir_access
12741275
const String &p_in_app_path, bool p_sign_enabled,
12751276
const Ref<EditorExportPreset> &p_preset, const String &p_ent_path,
12761277
const String &p_helper_ent_path,
1277-
bool p_should_error_on_non_code_sign) {
1278+
bool p_should_error_on_non_code_sign, bool p_sandbox) {
12781279
static Vector<String> extensions_to_sign;
12791280

12801281
if (extensions_to_sign.is_empty()) {
@@ -1368,7 +1369,7 @@ Error EditorExportPlatformMacOS::_copy_and_sign_files(Ref<DirAccess> &dir_access
13681369
if (extensions_to_sign.has(p_in_app_path.get_extension())) {
13691370
String ent_path = p_ent_path;
13701371
bool set_bundle_id = false;
1371-
if (FileAccess::exists(p_in_app_path)) {
1372+
if (p_sandbox && FileAccess::exists(p_in_app_path)) {
13721373
int ftype = MachO::get_filetype(p_in_app_path);
13731374
if (ftype == 2 || ftype == 5) {
13741375
ent_path = p_helper_ent_path;
@@ -1389,13 +1390,13 @@ Error EditorExportPlatformMacOS::_copy_and_sign_files(Ref<DirAccess> &dir_access
13891390
Error EditorExportPlatformMacOS::_export_macos_plugins_for(Ref<EditorExportPlugin> p_editor_export_plugin,
13901391
const String &p_app_path_name, Ref<DirAccess> &dir_access,
13911392
bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset,
1392-
const String &p_ent_path, const String &p_helper_ent_path) {
1393+
const String &p_ent_path, const String &p_helper_ent_path, bool p_sandbox) {
13931394
Error error{ OK };
13941395
const Vector<String> &macos_plugins{ p_editor_export_plugin->get_macos_plugin_files() };
13951396
for (int i = 0; i < macos_plugins.size(); ++i) {
13961397
String src_path{ ProjectSettings::get_singleton()->globalize_path(macos_plugins[i]) };
13971398
String path_in_app{ p_app_path_name + "/Contents/PlugIns/" + src_path.get_file() };
1398-
error = _copy_and_sign_files(dir_access, src_path, path_in_app, p_sign_enabled, p_preset, p_ent_path, p_helper_ent_path, false);
1399+
error = _copy_and_sign_files(dir_access, src_path, path_in_app, p_sign_enabled, p_preset, p_ent_path, p_helper_ent_path, false, p_sandbox);
13991400
if (error != OK) {
14001401
break;
14011402
}
@@ -2168,11 +2169,11 @@ Error EditorExportPlatformMacOS::export_project(const Ref<EditorExportPreset> &p
21682169
String src_path = ProjectSettings::get_singleton()->globalize_path(shared_objects[i].path);
21692170
if (shared_objects[i].target.is_empty()) {
21702171
String path_in_app = tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file();
2171-
err = _copy_and_sign_files(da, src_path, path_in_app, sign_enabled, p_preset, ent_path, hlp_ent_path, true);
2172+
err = _copy_and_sign_files(da, src_path, path_in_app, sign_enabled, p_preset, ent_path, hlp_ent_path, true, sandbox);
21722173
} else {
21732174
String path_in_app = tmp_app_path_name.path_join(shared_objects[i].target);
21742175
tmp_app_dir->make_dir_recursive(path_in_app);
2175-
err = _copy_and_sign_files(da, src_path, path_in_app.path_join(src_path.get_file()), sign_enabled, p_preset, ent_path, hlp_ent_path, false);
2176+
err = _copy_and_sign_files(da, src_path, path_in_app.path_join(src_path.get_file()), sign_enabled, p_preset, ent_path, hlp_ent_path, false, sandbox);
21762177
}
21772178
if (err != OK) {
21782179
break;
@@ -2181,7 +2182,7 @@ Error EditorExportPlatformMacOS::export_project(const Ref<EditorExportPreset> &p
21812182

21822183
Vector<Ref<EditorExportPlugin>> export_plugins{ EditorExport::get_singleton()->get_export_plugins() };
21832184
for (int i = 0; i < export_plugins.size(); ++i) {
2184-
err = _export_macos_plugins_for(export_plugins[i], tmp_app_path_name, da, sign_enabled, p_preset, ent_path, hlp_ent_path);
2185+
err = _export_macos_plugins_for(export_plugins[i], tmp_app_path_name, da, sign_enabled, p_preset, ent_path, hlp_ent_path, sandbox);
21852186
if (err != OK) {
21862187
break;
21872188
}

platform/macos/export/export_plugin.h

+2-2
Original file line numberDiff line numberDiff line change
@@ -94,10 +94,10 @@ class EditorExportPlatformMacOS : public EditorExportPlatform {
9494
Error _code_sign_directory(const Ref<EditorExportPreset> &p_preset, const String &p_path, const String &p_ent_path, const String &p_helper_ent_path, bool p_should_error_on_non_code = true);
9595
Error _copy_and_sign_files(Ref<DirAccess> &dir_access, const String &p_src_path, const String &p_in_app_path,
9696
bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset, const String &p_ent_path, const String &p_helper_ent_path,
97-
bool p_should_error_on_non_code_sign);
97+
bool p_should_error_on_non_code_sign, bool p_sandbox);
9898
Error _export_macos_plugins_for(Ref<EditorExportPlugin> p_editor_export_plugin, const String &p_app_path_name,
9999
Ref<DirAccess> &dir_access, bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset,
100-
const String &p_ent_path, const String &p_helper_ent_path);
100+
const String &p_ent_path, const String &p_helper_ent_path, bool p_sandbox);
101101
Error _create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name);
102102
Error _create_pkg(const Ref<EditorExportPreset> &p_preset, const String &p_pkg_path, const String &p_app_path_name);
103103
Error _export_debug_script(const Ref<EditorExportPreset> &p_preset, const String &p_app_name, const String &p_pkg_name, const String &p_path);

0 commit comments

Comments
 (0)