mirror of
https://github.com/tailscale/tailscale.git
synced 2025-04-08 01:05:35 +00:00
safesocket: correct logic for determining if we're a macOS GUI client (#15187)
fixes tailscale/corp#26806 This was still slightly incorrect. We care only if the caller is the macSys or macOs app. isSandBoxedMacOS doesn't give us the correct answer for macSys because technically, macsys isn't sandboxed. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
This commit is contained in:
parent
ce6ce81311
commit
5449aba94c
@ -37,16 +37,16 @@ type safesocketDarwin struct {
|
||||
sameuserproofFD *os.File // file descriptor for macos app store sameuserproof file
|
||||
sharedDir string // shared directory for location of sameuserproof file
|
||||
|
||||
checkConn bool // Check macsys safesocket port before returning it
|
||||
isMacSysExt func() bool // For testing only to force macsys
|
||||
isSandboxedMacos func() bool // For testing only to force macOS sandbox
|
||||
checkConn bool // Check macsys safesocket port before returning it
|
||||
isMacSysExt func() bool // For testing only to force macsys
|
||||
isMacGUIApp func() bool // For testing only to force macOS sandbox
|
||||
}
|
||||
|
||||
var ssd = safesocketDarwin{
|
||||
isMacSysExt: version.IsMacSysExt,
|
||||
isSandboxedMacos: version.IsSandboxedMacOS,
|
||||
checkConn: true,
|
||||
sharedDir: "/Library/Tailscale",
|
||||
isMacSysExt: version.IsMacSysExt,
|
||||
isMacGUIApp: func() bool { return version.IsMacAppStore() || version.IsMacSysApp() },
|
||||
checkConn: true,
|
||||
sharedDir: "/Library/Tailscale",
|
||||
}
|
||||
|
||||
// There are three ways a Darwin binary can be run: as the Mac App Store (macOS)
|
||||
@ -68,7 +68,7 @@ func localTCPPortAndTokenDarwin() (port int, token string, err error) {
|
||||
ssd.mu.Lock()
|
||||
defer ssd.mu.Unlock()
|
||||
|
||||
if !ssd.isSandboxedMacos() {
|
||||
if !ssd.isMacGUIApp() {
|
||||
return 0, "", ErrNoTokenOnOS
|
||||
}
|
||||
|
||||
|
@ -17,7 +17,7 @@ import (
|
||||
func TestSetCredentials(t *testing.T) {
|
||||
wantPort := 123
|
||||
wantToken := "token"
|
||||
tstest.Replace(t, &ssd.isSandboxedMacos, func() bool { return true })
|
||||
tstest.Replace(t, &ssd.isMacGUIApp, func() bool { return true })
|
||||
SetCredentials(wantToken, wantPort)
|
||||
|
||||
gotPort, gotToken, err := LocalTCPPortAndToken()
|
||||
@ -38,7 +38,7 @@ func TestSetCredentials(t *testing.T) {
|
||||
// returns a listener and a non-zero port and non-empty token.
|
||||
func TestInitListenerDarwin(t *testing.T) {
|
||||
temp := t.TempDir()
|
||||
tstest.Replace(t, &ssd.isSandboxedMacos, func() bool { return true })
|
||||
tstest.Replace(t, &ssd.isMacGUIApp, func() bool { return true })
|
||||
|
||||
ln, err := InitListenerDarwin(temp)
|
||||
if err != nil || ln == nil {
|
||||
|
Loading…
x
Reference in New Issue
Block a user