Skip to content

[macOS sandbox mode] Application group name mangling for semaphores #1167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Dec 21, 2022
Merged

[macOS sandbox mode] Application group name mangling for semaphores #1167

merged 19 commits into from
Dec 21, 2022

Conversation

DellaBitta
Copy link
Contributor

@DellaBitta DellaBitta commented Dec 10, 2022
edited
Loading

Description

Provide details of the change, and generalize the change in the PR title above.

When macOS Sandbox mode is enabled, macOS requires that semaphores have a name that is prefixed by the App's Group Name. If the semaphore's name doesn't match this convention then its creation fails.

Unfortunately there's no official way for the SDK to query the app's group name at runtime, so we can't automatically mangle the semaphore names.

Instead I've updated the SDK to use an Info.plist property named FBAppGroupEntitlementName on macOS. If that property is present then the SDK will use it's value to prefix the semaphore names.

As an additional issue, the SDK attempted to detect semaphore creation errors by comparing the semaphore handle to nil. But in the case of macOS, a semaphore creation error returns SEM_FAILED which is 0xFFFFFFFFFFFFFFFF, not nil. And on Linux, sem_init returns -1. I've updated the corresponding platform implementations to detect the correct  values for these errors.

Testing

Describe how you've tested these changes. Link any manually triggered Integration tests or CPP binary SDK Packaging Github Action workflows, if applicable.

Integration Test
Packaging -> Integration Test

Type of Change

Place an x the applicable box:

  • Bug fix. Add the issue # below if applicable.
  • New feature. A non-breaking change which adds functionality.
  • Other, such as a build process or documentation change.

Notes

  • Bug fixes and feature changes require an update to the Release Notes section of release_build_files/readme.md.
  • Read the contribution guidelines CONTRIBUTING.md.
  • Changes to the public API require an internal API review. If you'd like to help us make Firebase APIs better, please propose your change in a feature request so that we can discuss it together.

@DellaBitta DellaBitta marked this pull request as ready for review December 12, 2022 21:48
jonsimantov
jonsimantov approved these changes Dec 19, 2022
View reviewed changes
Copy link
Contributor

@jonsimantov jonsimantov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally approved, but I had a few comments - it would be okay to address some in a followup.

jonsimantov
jonsimantov reviewed Dec 20, 2022
View reviewed changes
@DellaBitta DellaBitta changed the title Semaphore Application Group name mangling for macOS sandbox mode [macOS sandbox mode] Application group name mangling for semaphores Dec 20, 2022
@DellaBitta DellaBitta merged commit 3095517 into main Dec 21, 2022
@DellaBitta DellaBitta deleted the ddb/mac_threading branch December 21, 2022 16:18
@github-actions github-actions bot added the tests: in-progress This PR's integration tests are in progress. label Dec 21, 2022
@github-actions
Copy link

github-actions bot commented Dec 21, 2022
edited
Loading

❌  Integration test FAILED

Requested by @DellaBitta on commit 3095517
Last updated: Wed Dec 21 10:39 PST 2022
View integration test log & download artifacts

Failures Configs
gma [TEST] [FAILURE] [Android] [1/3 os: macos] [1/2 android_device: android_target]
(1 failed tests)  FirebaseGmaTest.TestRewardedAdStress
[TEST] [FLAKINESS] [iOS] [macos] [1/2 ios_device: ios_target]
(2 failed tests)  FirebaseGmaTest.TestRewardedAdLoad
  FirebaseGmaTest.TestRewardedAdLoadEmptyRequest
messaging [TEST] [FLAKINESS] [Android] [1/3 os: ubuntu] [1/2 android_device: android_target]
(1 failed tests)  CRASH/TIMEOUT

Add flaky tests to go/fpl-cpp-flake-tracker

@github-actions github-actions bot added the tests: failed This PR's integration tests failed. label Dec 21, 2022
@firebase-workflow-trigger firebase-workflow-trigger bot removed the tests: in-progress This PR's integration tests are in progress. label Dec 21, 2022
@firebase firebase locked and limited conversation to collaborators Jan 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jonsimantov jonsimantov jonsimantov approved these changes

Assignees
No one assigned
Labels
tests: failed This PR's integration tests failed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DellaBitta @jonsimantov