// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "base/mac/mac_util.h" #import #include #import #include #include #include #include #include #include #include #include #include #include #include "base/apple/bridging.h" #include "base/apple/bundle_locations.h" #include "base/apple/foundation_util.h" #include "base/apple/osstatus_logging.h" #include "base/apple/scoped_cftyperef.h" #include "base/check.h" #include "base/files/file_path.h" #include "base/logging.h" #include "base/mac/scoped_aedesc.h" #include "base/mac/scoped_ioobject.h" #include "base/posix/sysctl.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "base/strings/sys_string_conversions.h" #include "base/threading/scoped_blocking_call.h" #include "build/build_config.h" namespace base::mac { namespace { class LoginItemsFileList { public: LoginItemsFileList() = default; LoginItemsFileList(const LoginItemsFileList&) = delete; LoginItemsFileList& operator=(const LoginItemsFileList&) = delete; ~LoginItemsFileList() = default; [[nodiscard]] bool Initialize() { DCHECK(!login_items_) << __func__ << " called more than once."; // The LSSharedFileList suite of functions has been deprecated. Instead, // a LoginItems helper should be registered with SMLoginItemSetEnabled() // https://crbug.com/1154377. #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wdeprecated-declarations" login_items_.reset(LSSharedFileListCreate( nullptr, kLSSharedFileListSessionLoginItems, nullptr)); #pragma clang diagnostic pop DLOG_IF(ERROR, !login_items_.get()) << "Couldn't get a Login Items list."; return login_items_.get(); } LSSharedFileListRef GetLoginFileList() { DCHECK(login_items_) << "Initialize() failed or not called."; return login_items_.get(); } // Looks into Shared File Lists corresponding to Login Items for the item // representing the specified bundle. If such an item is found, returns a // retained reference to it. Caller is responsible for releasing the // reference. apple::ScopedCFTypeRef GetLoginItemForApp( NSURL* url) { DCHECK(login_items_) << "Initialize() failed or not called."; #pragma clang diagnostic push // https://crbug.com/1154377 #pragma clang diagnostic ignored "-Wdeprecated-declarations" apple::ScopedCFTypeRef login_items_array( LSSharedFileListCopySnapshot(login_items_.get(), /*inList=*/nullptr)); #pragma clang diagnostic pop for (CFIndex i = 0; i < CFArrayGetCount(login_items_array.get()); ++i) { LSSharedFileListItemRef item = (LSSharedFileListItemRef)CFArrayGetValueAtIndex( login_items_array.get(), i); #pragma clang diagnostic push // https://crbug.com/1154377 #pragma clang diagnostic ignored "-Wdeprecated-declarations" // kLSSharedFileListDoNotMountVolumes is used so that we don't trigger // mounting when it's not expected by a user. Just listing the login // items should not cause any side-effects. NSURL* item_url = apple::CFToNSOwnershipCast(LSSharedFileListItemCopyResolvedURL( item, kLSSharedFileListDoNotMountVolumes, /*outError=*/nullptr)); #pragma clang diagnostic pop if (item_url && [item_url isEqual:url]) { return apple::ScopedCFTypeRef( item, base::scoped_policy::RETAIN); } } return apple::ScopedCFTypeRef(); } apple::ScopedCFTypeRef GetLoginItemForMainApp() { NSURL* url = [NSURL fileURLWithPath:base::apple::MainBundle().bundlePath]; return GetLoginItemForApp(url); } private: apple::ScopedCFTypeRef login_items_; }; bool IsHiddenLoginItem(LSSharedFileListItemRef item) { #pragma clang diagnostic push // https://crbug.com/1154377 #pragma clang diagnostic ignored "-Wdeprecated-declarations" apple::ScopedCFTypeRef hidden( reinterpret_cast(LSSharedFileListItemCopyProperty( item, kLSSharedFileListLoginItemHidden))); #pragma clang diagnostic pop return hidden && hidden.get() == kCFBooleanTrue; } } // namespace CGColorSpaceRef GetSRGBColorSpace() { // Leaked. That's OK, it's scoped to the lifetime of the application. static CGColorSpaceRef g_color_space_sRGB = CGColorSpaceCreateWithName(kCGColorSpaceSRGB); DLOG_IF(ERROR, !g_color_space_sRGB) << "Couldn't get the sRGB color space"; return g_color_space_sRGB; } void AddToLoginItems(const FilePath& app_bundle_file_path, bool hide_on_startup) { LoginItemsFileList login_items; if (!login_items.Initialize()) { return; } NSURL* app_bundle_url = base::apple::FilePathToNSURL(app_bundle_file_path); apple::ScopedCFTypeRef item = login_items.GetLoginItemForApp(app_bundle_url); if (item.get() && (IsHiddenLoginItem(item.get()) == hide_on_startup)) { return; // There already is a login item with required hide flag. } // Remove the old item, it has wrong hide flag, we'll create a new one. if (item.get()) { #pragma clang diagnostic push // https://crbug.com/1154377 #pragma clang diagnostic ignored "-Wdeprecated-declarations" LSSharedFileListItemRemove(login_items.GetLoginFileList(), item.get()); #pragma clang diagnostic pop } #pragma clang diagnostic push // https://crbug.com/1154377 #pragma clang diagnostic ignored "-Wdeprecated-declarations" BOOL hide = hide_on_startup ? YES : NO; NSDictionary* properties = @{apple::CFToNSPtrCast(kLSSharedFileListLoginItemHidden) : @(hide)}; apple::ScopedCFTypeRef new_item( LSSharedFileListInsertItemURL( login_items.GetLoginFileList(), kLSSharedFileListItemLast, /*inDisplayName=*/nullptr, /*inIconRef=*/nullptr, apple::NSToCFPtrCast(app_bundle_url), apple::NSToCFPtrCast(properties), /*inPropertiesToClear=*/nullptr)); #pragma clang diagnostic pop if (!new_item.get()) { DLOG(ERROR) << "Couldn't insert current app into Login Items list."; } } void RemoveFromLoginItems(const FilePath& app_bundle_file_path) { LoginItemsFileList login_items; if (!login_items.Initialize()) { return; } NSURL* app_bundle_url = base::apple::FilePathToNSURL(app_bundle_file_path); apple::ScopedCFTypeRef item = login_items.GetLoginItemForApp(app_bundle_url); if (!item.get()) { return; } #pragma clang diagnostic push // https://crbug.com/1154377 #pragma clang diagnostic ignored "-Wdeprecated-declarations" LSSharedFileListItemRemove(login_items.GetLoginFileList(), item.get()); #pragma clang diagnostic pop } bool WasLaunchedAsLoginOrResumeItem() { ProcessSerialNumber psn = {0, kCurrentProcess}; ProcessInfoRec info = {}; info.processInfoLength = sizeof(info); // GetProcessInformation has been deprecated since macOS 10.9, but there is no // replacement that provides the information we need. See // https://crbug.com/650854. #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wdeprecated-declarations" if (GetProcessInformation(&psn, &info) == noErr) { #pragma clang diagnostic pop ProcessInfoRec parent_info = {}; parent_info.processInfoLength = sizeof(parent_info); #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wdeprecated-declarations" if (GetProcessInformation(&info.processLauncher, &parent_info) == noErr) { #pragma clang diagnostic pop return parent_info.processSignature == 'lgnw'; } } return false; } bool WasLaunchedAsLoginItemRestoreState() { // "Reopen windows..." option was added for 10.7. Prior OS versions should // not have this behavior. if (!WasLaunchedAsLoginOrResumeItem()) { return false; } CFStringRef app = CFSTR("com.apple.loginwindow"); CFStringRef save_state = CFSTR("TALLogoutSavesState"); apple::ScopedCFTypeRef plist( CFPreferencesCopyAppValue(save_state, app)); // According to documentation, com.apple.loginwindow.plist does not exist on a // fresh installation until the user changes a login window setting. The // "reopen windows" option is checked by default, so the plist would exist had // the user unchecked it. // https://developer.apple.com/library/mac/documentation/macosx/conceptual/bpsystemstartup/chapters/CustomLogin.html if (!plist) { return true; } if (CFBooleanRef restore_state = base::apple::CFCast(plist.get())) { return CFBooleanGetValue(restore_state); } return false; } bool WasLaunchedAsHiddenLoginItem() { if (!WasLaunchedAsLoginOrResumeItem()) { return false; } LoginItemsFileList login_items; if (!login_items.Initialize()) { return false; } apple::ScopedCFTypeRef item( login_items.GetLoginItemForMainApp()); if (!item.get()) { // The OS itself can launch items, usually for the resume feature. return false; } return IsHiddenLoginItem(item.get()); } bool RemoveQuarantineAttribute(const FilePath& file_path) { const char kQuarantineAttrName[] = "com.apple.quarantine"; int status = removexattr(file_path.value().c_str(), kQuarantineAttrName, 0); return status == 0 || errno == ENOATTR; } void SetFileTags(const FilePath& file_path, const std::vector& file_tags) { if (file_tags.empty()) { return; } NSMutableArray* tag_array = [NSMutableArray array]; for (const auto& tag : file_tags) { [tag_array addObject:SysUTF8ToNSString(tag)]; } NSURL* file_url = apple::FilePathToNSURL(file_path); [file_url setResourceValue:tag_array forKey:NSURLTagNamesKey error:nil]; } namespace { int ParseOSProductVersion(const std::string_view& version) { int macos_version = 0; // The number of parts that need to be a part of the return value // (major/minor/bugfix). int parts = 3; // When a Rapid Security Response is applied to a system, the UI will display // an additional letter (e.g. "13.4.1 (a)"). That extra letter should not be // present in `version_string`; in fact, the version string should not contain // any spaces. However, take the first space-delimited "word" for parsing. std::vector words = base::SplitStringPiece( version, " ", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); CHECK_GE(words.size(), 1u); // There are expected to be either two or three numbers separated by a dot. // Walk through them, and add them to the version string. for (const auto& value_str : base::SplitStringPiece( words[0], ".", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL)) { int value; bool success = base::StringToInt(value_str, &value); CHECK(success); macos_version *= 100; macos_version += value; if (--parts == 0) { break; } } // While historically the string has comprised exactly two or three numbers // separated by a dot, it's not inconceivable that it might one day be only // one number. Therefore, only check to see that at least one number was found // and processed. CHECK_LE(parts, 2); // Tack on as many '00 digits as needed to be sure that exactly three version // numbers are returned. for (int i = 0; i < parts; ++i) { macos_version *= 100; } // Checks that the value is within expected bounds corresponding to released // OS version numbers. The most important bit is making sure that the "10.16" // compatibility mode isn't engaged. CHECK(macos_version >= 10'00'00); CHECK(macos_version < 10'16'00 || macos_version >= 11'00'00); return macos_version; } } // namespace int ParseOSProductVersionForTesting(const std::string_view& version) { return ParseOSProductVersion(version); } int MacOSVersion() { static int macos_version = ParseOSProductVersion( StringSysctlByName("kern.osproductversion").value()); return macos_version; } namespace { #if defined(ARCH_CPU_X86_64) // https://developer.apple.com/documentation/apple_silicon/about_the_rosetta_translation_environment#3616845 bool ProcessIsTranslated() { int ret = 0; size_t size = sizeof(ret); if (sysctlbyname("sysctl.proc_translated", &ret, &size, nullptr, 0) == -1) { return false; } return ret; } #endif // ARCH_CPU_X86_64 } // namespace CPUType GetCPUType() { #if defined(ARCH_CPU_ARM64) return CPUType::kArm; #elif defined(ARCH_CPU_X86_64) return ProcessIsTranslated() ? CPUType::kTranslatedIntel : CPUType::kIntel; #else #error Time for another chip transition? #endif // ARCH_CPU_* } std::string GetOSDisplayName() { std::string version_string = base::SysNSStringToUTF8( NSProcessInfo.processInfo.operatingSystemVersionString); return "macOS " + version_string; } std::string GetPlatformSerialNumber() { base::mac::ScopedIOObject expert_device( IOServiceGetMatchingService(kIOMasterPortDefault, IOServiceMatching("IOPlatformExpertDevice"))); if (!expert_device) { DLOG(ERROR) << "Error retrieving the machine serial number."; return std::string(); } apple::ScopedCFTypeRef serial_number( IORegistryEntryCreateCFProperty(expert_device.get(), CFSTR(kIOPlatformSerialNumberKey), kCFAllocatorDefault, 0)); CFStringRef serial_number_cfstring = base::apple::CFCast(serial_number.get()); if (!serial_number_cfstring) { DLOG(ERROR) << "Error retrieving the machine serial number."; return std::string(); } return base::SysCFStringRefToUTF8(serial_number_cfstring); } void OpenSystemSettingsPane(SystemSettingsPane pane, const std::string& id_param) { NSString* url = nil; NSString* pane_file = nil; NSData* subpane_data = nil; // On macOS 13 and later, System Settings are implemented with app extensions // found at /System/Library/ExtensionKit/Extensions/. URLs to open them are // constructed with a scheme of "x-apple.systempreferences" and a body of the // the bundle ID of the app extension. (In the Info.plist there is an // EXAppExtensionAttributes dictionary with legacy identifiers, but given that // those are explicitly named "legacy", this code prefers to use the bundle // IDs for the URLs it uses.) It is not yet known how to definitively identify // the query string used to open sub-panes; the ones used below were // determined from historical usage, disassembly of related code, and // guessing. Clarity was requested from Apple in FB11753405. The current best // guess is to analyze the method named -revealElementForKey:, but because // the extensions are all written in Swift it's hard to confirm this is // correct or to use this knowledge. // // For macOS 12 and earlier, to determine the `subpane_data`, find a method // named -handleOpenParameter: which takes an AEDesc as a parameter. switch (pane) { case SystemSettingsPane::kAccessibility_Captions: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.Accessibility-Settings." @"extension?Captioning"; } else { url = @"x-apple.systempreferences:com.apple.preference.universalaccess?" @"Captioning"; } break; case SystemSettingsPane::kDateTime: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.Date-Time-Settings.extension"; } else { pane_file = @"/System/Library/PreferencePanes/DateAndTime.prefPane"; } break; case SystemSettingsPane::kNetwork_Proxies: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.Network-Settings.extension?" @"Proxies"; } else { pane_file = @"/System/Library/PreferencePanes/Network.prefPane"; subpane_data = [@"Proxies" dataUsingEncoding:NSASCIIStringEncoding]; } break; case SystemSettingsPane::kNotifications: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.Notifications-Settings." @"extension"; if (!id_param.empty()) { url = [url stringByAppendingFormat:@"?id=%s", id_param.c_str()]; } } else { pane_file = @"/System/Library/PreferencePanes/Notifications.prefPane"; NSDictionary* subpane_dict = @{ @"command" : @"show", @"identifier" : SysUTF8ToNSString(id_param) }; subpane_data = [NSPropertyListSerialization dataWithPropertyList:subpane_dict format:NSPropertyListXMLFormat_v1_0 options:0 error:nil]; } break; case SystemSettingsPane::kPrintersScanners: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.Print-Scan-Settings." @"extension"; } else { pane_file = @"/System/Library/PreferencePanes/PrintAndFax.prefPane"; } break; case SystemSettingsPane::kPrivacySecurity_Accessibility: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.settings.PrivacySecurity." @"extension?Privacy_Accessibility"; } else { url = @"x-apple.systempreferences:com.apple.preference.security?" @"Privacy_Accessibility"; } break; case SystemSettingsPane::kPrivacySecurity_Bluetooth: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.settings.PrivacySecurity." @"extension?Privacy_Bluetooth"; } else { url = @"x-apple.systempreferences:com.apple.preference.security?" @"Privacy_Bluetooth"; } break; case SystemSettingsPane::kPrivacySecurity_Camera: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.settings.PrivacySecurity." @"extension?Privacy_Camera"; } else { url = @"x-apple.systempreferences:com.apple.preference.security?" @"Privacy_Camera"; } break; case SystemSettingsPane::kPrivacySecurity_Extensions_Sharing: if (MacOSMajorVersion() >= 13) { // See ShareKit, -[SHKSharingServicePicker openAppExtensionsPrefpane]. url = @"x-apple.systempreferences:com.apple.ExtensionsPreferences?" @"Sharing"; } else { // This is equivalent to the implementation of AppKit's // +[NSSharingServicePicker openAppExtensionsPrefPane]. pane_file = @"/System/Library/PreferencePanes/Extensions.prefPane"; NSDictionary* subpane_dict = @{ @"action" : @"revealExtensionPoint", @"protocol" : @"com.apple.share-services" }; subpane_data = [NSPropertyListSerialization dataWithPropertyList:subpane_dict format:NSPropertyListXMLFormat_v1_0 options:0 error:nil]; } break; case SystemSettingsPane::kPrivacySecurity_LocationServices: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.settings.PrivacySecurity." @"extension?Privacy_LocationServices"; } else { url = @"x-apple.systempreferences:com.apple.preference.security?" @"Privacy_LocationServices"; } break; case SystemSettingsPane::kPrivacySecurity_Microphone: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.settings.PrivacySecurity." @"extension?Privacy_Microphone"; } else { url = @"x-apple.systempreferences:com.apple.preference.security?" @"Privacy_Microphone"; } break; case SystemSettingsPane::kPrivacySecurity_ScreenRecording: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.settings.PrivacySecurity." @"extension?Privacy_ScreenCapture"; } else { url = @"x-apple.systempreferences:com.apple.preference.security?" @"Privacy_ScreenCapture"; } break; case SystemSettingsPane::kTrackpad: if (MacOSMajorVersion() >= 13) { url = @"x-apple.systempreferences:com.apple.Trackpad-Settings." @"extension"; } else { pane_file = @"/System/Library/PreferencePanes/Trackpad.prefPane"; } break; } DCHECK(url != nil ^ pane_file != nil); if (url) { [NSWorkspace.sharedWorkspace openURL:[NSURL URLWithString:url]]; return; } NSAppleEventDescriptor* subpane_descriptor; NSArray* pane_file_urls = @[ [NSURL fileURLWithPath:pane_file] ]; LSLaunchURLSpec launchSpec = {0}; launchSpec.itemURLs = apple::NSToCFPtrCast(pane_file_urls); if (subpane_data) { subpane_descriptor = [[NSAppleEventDescriptor alloc] initWithDescriptorType:'ptru' data:subpane_data]; launchSpec.passThruParams = subpane_descriptor.aeDesc; } launchSpec.launchFlags = kLSLaunchAsync | kLSLaunchDontAddToRecents; LSOpenFromURLSpec(&launchSpec, nullptr); } } // namespace base::mac