safesocket: detect macsys from within tailscaled

Use the helper method from the version package to detect that we are
running the macsys network extension. This method does the same check
for the HOME environment variable (which works fine in most cases) as
well as the name of the executable (which is needed for the web client).

Updates tailscale/corp#16393

Signed-off-by: Will Norris <will@tailscale.com>
This commit is contained in:
Will Norris 2024-01-09 16:39:39 -08:00 committed by Will Norris
parent e7d52eb2f8
commit 84ab040f02

View File

@ -16,6 +16,8 @@
"strings" "strings"
"sync" "sync"
"time" "time"
"tailscale.com/version"
) )
func init() { func init() {
@ -72,7 +74,7 @@ func localTCPPortAndTokenDarwin() (port int, token string, err error) {
if dir := os.Getenv("TS_MACOS_CLI_SHARED_DIR"); dir != "" { if dir := os.Getenv("TS_MACOS_CLI_SHARED_DIR"); dir != "" {
// First see if we're running as the non-AppStore "macsys" variant. // First see if we're running as the non-AppStore "macsys" variant.
if strings.Contains(os.Getenv("HOME"), "/Containers/io.tailscale.ipn.macsys/") { if version.IsMacSysExt() {
if port, token, err := localTCPPortAndTokenMacsys(); err == nil { if port, token, err := localTCPPortAndTokenMacsys(); err == nil {
return port, token, nil return port, token, nil
} }