summaryrefslogtreecommitdiff
path: root/src/pal/inc/pal.h
diff options
context:
space:
mode:
authorOded Hanson <odhanson@microsoft.com>2018-11-06 18:31:49 +0200
committerJan Vorlicek <janvorli@microsoft.com>2018-11-06 17:31:49 +0100
commit5c566d470db2f1be687e6da5f9935960d482bf72 (patch)
treea7ef4ac46b3da2a6469516432af3f11b68a22fc2 /src/pal/inc/pal.h
parentb1b424f741af16a5df052ef11609c65d99686435 (diff)
downloadcoreclr-5c566d470db2f1be687e6da5f9935960d482bf72.tar.gz
coreclr-5c566d470db2f1be687e6da5f9935960d482bf72.tar.bz2
coreclr-5c566d470db2f1be687e6da5f9935960d482bf72.zip
Added support for running in a sandbox on Mac (#20735)
* Added support for running in a sandbox on Mac When running in a sandbox, the Mac operating system will limit access to resources, esp. the file system. Right now both Mutex and SharedMemory in the PAL are accessing the /tmp folder for which Mac does not provide the application permissions to access. Instead, the sandbox provides the ability to share information between applications by using a shared container folder. This is done by registering the application with an Application Group ID. Using this ID, we can access the shared folder and read/write from it. Since the .Net runtime can be loaded in multiple ways, we decided that the easiest way to let the runtime know what the application group ID is via an environment variable. Thus, if the NETCOREAPP_SANDBOX_APPLICATION_GROUP_ID environment variable is set (on Mac), the runtime will assume we are sandboxed, and will use the value provided as the application group ID. Note that due to limitations on semaphore file lengths, we will not allow application group IDs longer than 13 characters. This gives us 10 characters for the developer ID, and 3 extra characters for the group name. When sandbox is disabled (the environment variable is empty) then the folder for Mutex and SharedMemory will continue to be rooted in /tmp. However when the sandbox is enabled, these files will be created under /user/{loginname}/Library/Group Containers/{AppGroupId}/. Fixes #20473 * Made gApplicationContainerPath a pointer so it does not get automatically deleted by the c runtime * Made s_runtimeTempDirectoryPath and s_sharedMemoryDirectoryPath pointers so they are not automatically deleted by the c runtime * Renamed gApplicationContainerPath to gSharedFilesPath * Renamed NETCOREAPP_SANDBOX_APPLICATION_GROUP_ID to DOTNET_SANDBOX_APPLICATION_GROUP_ID * Fixed usage of VerifyStringOperation * Replaced new with InternalNew * Wrapped Apple specific code with #ifdef * Added exception handling during close * Moved VerifyStringOperation macro into SharedMemoryManager * Moved PathCharString variable declarations before AutoCleanup is declared. * Fixed initialization functions not to throw * Renamed CopyPath to BuildSharedFilesPath * Fixed misc nits * Fixed implicit conversions from BOOL to bool * Moved MAX_APPLICATION_GROUP_ID_LENGTH inside ifdef APPLE * Removed PAL_IsApplicationSandboxed
Diffstat (limited to 'src/pal/inc/pal.h')
-rw-r--r--src/pal/inc/pal.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/pal/inc/pal.h b/src/pal/inc/pal.h
index a7f0ff5d74..2a51d584ad 100644
--- a/src/pal/inc/pal.h
+++ b/src/pal/inc/pal.h
@@ -442,6 +442,13 @@ BOOL
PALAPI
PAL_NotifyRuntimeStarted(VOID);
+#ifdef __APPLE__
+PALIMPORT
+LPCSTR
+PALAPI
+PAL_GetApplicationGroupId();
+#endif // __APPLE__
+
static const int MAX_DEBUGGER_TRANSPORT_PIPE_NAME_LENGTH = MAX_PATH;
PALIMPORT