fix(macOS): Relocated socket files into sandboxed containers.

Content of sandboxed apps must not be created on the root level of a container but lower in the hierarchy of it.

Signed-off-by: Iva Horn <[email protected]>

Author: i2h3

shell_integration/MacOSX/NextcloudIntegration/FinderSyncExt/FinderSync.m

@@ -57,7 +57,9 @@ - (instancetype)init
         // https://developer.apple.com/library/mac/documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW24
 
         NSURL *container = [[NSFileManager defaultManager] containerURLForSecurityApplicationGroupIdentifier:socketApiPrefix];
-        NSURL *socketPath = [container URLByAppendingPathComponent:@".socket" isDirectory:NO];
+        NSURL *library = [container URLByAppendingPathComponent:@"Library" isDirectory:true];
+        NSURL *applicationSupport = [library URLByAppendingPathComponent:@"Application Support" isDirectory:true];
+        NSURL *socketPath = [applicationSupport URLByAppendingPathComponent:@".socket" isDirectory:NO];
 
         NSLog(@"Socket path: %@", socketPath.path);
 

src/gui/macOS/fileprovidersocketserver_mac.mm

@@ -16,14 +16,13 @@
 
 QString fileProviderSocketPath()
 {
-    // This must match the code signing Team setting of the extension
-    // Example for developer builds (with ad-hoc signing identity): "" "com.owncloud.desktopclient" ".fileprovidersocket"
-    // Example for official signed packages: "9B5WD74GWJ." "com.owncloud.desktopclient" ".fileprovidersocket"
-    NSString *appGroupId = @SOCKETAPI_TEAM_IDENTIFIER_PREFIX APPLICATION_REV_DOMAIN;
-
+    NSString *appGroupId = [NSString stringWithFormat:@"group.%@", @APPLICATION_REV_DOMAIN];
     NSURL *container = [[NSFileManager defaultManager] containerURLForSecurityApplicationGroupIdentifier:appGroupId];
-    NSURL *socketPath = [container URLByAppendingPathComponent:@".fileprovidersocket" isDirectory:false];
-    return QString::fromNSString(socketPath.path);
+    NSURL *library = [container URLByAppendingPathComponent:@"Library" isDirectory:true];
+    NSURL *applicationSupport = [library URLByAppendingPathComponent:@"Application Support" isDirectory:true];
+    NSURL *socket = [applicationSupport URLByAppendingPathComponent:@".fileprovidersocket" isDirectory:false];
+
+    return QString::fromNSString(socket.path);
 }
 
 } // namespace Mac

src/gui/macOS/fileproviderutils_mac.mm

@@ -209,10 +209,12 @@ QDir fileProviderDomainSupportDirectory(const QString domainIdentifier)
 QString groupContainerPath()
 {
     NSString *const groupId = (NSString *)[NSBundle.mainBundle objectForInfoDictionaryKey:@"NCFPKAppGroupIdentifier"];
+
     if (groupId == nil) {
         qCWarning(lcMacFileProviderUtils) << "No app group identifier found in Info.plist, cannot determine group container path.";
         return QString();
     }
+
     return QString::fromNSString([NSFileManager.defaultManager containerURLForSecurityApplicationGroupIdentifier:groupId].path);
 }
 

src/gui/socketapi/socketapi_mac.mm

@@ -13,14 +13,13 @@
 
 QString socketApiSocketPath()
 {
-    // This must match the code signing Team setting of the extension
-    // Example for developer builds (with ad-hoc signing identity): "" "com.owncloud.desktopclient" ".socket"
-    // Example for official signed packages: "9B5WD74GWJ." "com.owncloud.desktopclient" ".socket"
-    NSString *appGroupId = @SOCKETAPI_TEAM_IDENTIFIER_PREFIX APPLICATION_REV_DOMAIN;
-
+    NSString *appGroupId = [NSString stringWithFormat:@"group.%@", @APPLICATION_REV_DOMAIN];
     NSURL *container = [[NSFileManager defaultManager] containerURLForSecurityApplicationGroupIdentifier:appGroupId];
-    NSURL *socketPath = [container URLByAppendingPathComponent:@".socket" isDirectory:false];
-    return QString::fromNSString(socketPath.path);
+    NSURL *library = [container URLByAppendingPathComponent:@"Library" isDirectory:true];
+    NSURL *applicationSupport = [library URLByAppendingPathComponent:@"Application Support" isDirectory:true];
+    NSURL *socket = [applicationSupport URLByAppendingPathComponent:@".socket" isDirectory:false];
+
+    return QString::fromNSString(socket.path);
 }
 
 }