Support Mac OS X Sandboxing

build/depends.py

@@ -79,6 +79,23 @@ def configure(self, build, conf):
             raise Exception('Did not find GLU development files')
 
 
+class SecurityFramework(Dependence):
+    """The iOS/OS X security framework is used to implement sandboxing."""
+    def configure(self, build, conf):
+        if not build.platform_is_osx:
+            return
+        build.env.Append(CPPPATH='/System/Library/Frameworks/Security.framework/Headers/')
+        build.env.Append(LINKFLAGS='-framework Security')
+
+
+class CoreServices(Dependence):
+    def configure(self, build, conf):
+        if not build.platform_is_osx:
+            return
+        build.env.Append(CPPPATH='/System/Library/Frameworks/CoreServices.framework/Headers/')
+        build.env.Append(LINKFLAGS='-framework CoreServices')
+
+
 class OggVorbis(Dependence):
 
     def configure(self, build, conf):
@@ -844,6 +861,9 @@ def sources(self, build):
                    "util/version.cpp",
                    "util/rlimit.cpp",
                    "util/valuetransformer.cpp",
+                   "util/sandbox.cpp",
+                   "util/file.cpp",
+                   "util/mac.cpp",
 
                    '#res/mixxx.qrc'
                    ]
@@ -1034,7 +1054,7 @@ def configure(self, build, conf):
     def depends(self, build):
         return [SoundTouch, ReplayGain, PortAudio, PortMIDI, Qt,
                 FidLib, SndFile, FLAC, OggVorbis, OpenGL, TagLib, ProtoBuf,
-                Chromaprint, RubberBand]
+                Chromaprint, RubberBand, SecurityFramework, CoreServices]
 
     def post_dependency_check_configure(self, build, conf):
         """Sets up additional things in the Environment that must happen

build/osx/OSConsX.py

@@ -476,14 +476,16 @@ def do_codesign(target, source, env):
             # Don't descend.
             del dirs[:]
 
-        # Codesign binaries.
-        for root, dirs, files in os.walk(binary_path):
-            for filename in files:
-                codesign_path(application_identity, keychain, entitlements, os.path.join(root, filename))
         # Codesign plugins.
         for root, dirs, files in os.walk(plugins_path):
             for filename in files:
                 codesign_path(application_identity, keychain, entitlements, os.path.join(root, filename))
+
+        # Codesign binaries.
+        for root, dirs, files in os.walk(binary_path):
+            for filename in files:
+                codesign_path(application_identity, keychain, entitlements, os.path.join(root, filename))
+
         # Codesign the bundle.
         codesign_path(application_identity, keychain, entitlements, bundle)
 CodeSign = Builder(action = do_codesign)

build/osx/entitlements.plist

@@ -6,6 +6,8 @@
     <true/>
     <key>com.apple.security.assets.music.read-write</key>
     <true/>
+    <key>com.apple.security.files.downloads.read-write</key>
+    <true/>
     <key>com.apple.security.device.firewire</key>
     <true/>
     <key>com.apple.security.device.microphone</key>
@@ -16,9 +18,7 @@
     <true/>
     <key>com.apple.security.files.user-selected.read-write</key>
     <true/>
-    <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
-    <array>
-      <string>/</string>
-    </array>
+    <key>com.apple.security.files.bookmarks.app-scope</key>
+    <true/>
   </dict>
 </plist>

src/SConscript

@@ -425,8 +425,8 @@ if build.platform_is_osx and 'bundle' in COMMAND_LINE_TARGETS:
                 CODESIGN_KEYCHAIN=codesign_keychain,
                 CODESIGN_KEYCHAIN_PASSWORD=codesign_keychain_password,
                 CODESIGN_ENTITLEMENTS=codesign_entitlements)
-        env.Alias('sign', codesign)
         env.AlwaysBuild(codesign)
+        env.Alias('sign', codesign)
 
         package_name = 'mixxx'
         package_version = osx_construct_version(build, mixxx_version, branch_name, vcs_revision)

src/audiotagger.cpp

@@ -21,8 +21,10 @@
 #include <taglib/wavfile.h>
 #include <taglib/textidentificationframe.h>
 
-AudioTagger::AudioTagger(QString file)
-    : m_file(file) {
+AudioTagger::AudioTagger(const QString& file, SecurityTokenPointer pToken)
+        : m_file(file),
+          m_pSecurityToken(pToken.isNull() ? Sandbox::openSecurityToken(
+                  m_file, true) : pToken) {
 }
 
 AudioTagger::~AudioTagger() {
@@ -79,8 +81,11 @@ void AudioTagger::setTracknumber(QString tracknumber) {
 bool AudioTagger::save() {
     TagLib::File* file = NULL;
 
-    if (m_file.endsWith(".mp3", Qt::CaseInsensitive)) {
-        file = new TagLib::MPEG::File(m_file.toLocal8Bit().constData());
+    const QString& filePath = m_file.canonicalFilePath();
+    QByteArray fileBA = filePath.toLocal8Bit();
+
+    if (filePath.endsWith(".mp3", Qt::CaseInsensitive)) {
+        file = new TagLib::MPEG::File(fileBA.constData());
         // process special ID3 fields, APEv2 fiels, etc
 
         // If the mp3 has no ID3v2 tag, we create a new one and add the TBPM and TKEY frame
@@ -89,35 +94,36 @@ bool AudioTagger::save() {
         addAPETag(((TagLib::MPEG::File*) file)->APETag(false));
     }
 
-    if (m_file.endsWith(".m4a", Qt::CaseInsensitive)) {
-        file = new TagLib::MP4::File(m_file.toLocal8Bit().constData());
+    if (filePath.endsWith(".m4a", Qt::CaseInsensitive)) {
+        file = new TagLib::MP4::File(fileBA.constData());
         // process special ID3 fields, APEv2 fiels, etc
         processMP4Tag(((TagLib::MP4::File*) file)->tag());
 
     }
-    if (m_file.endsWith(".ogg", Qt::CaseInsensitive)) {
-        file = new TagLib::Ogg::Vorbis::File(m_file.toLocal8Bit().constData());
+    if (filePath.endsWith(".ogg", Qt::CaseInsensitive)) {
+        file = new TagLib::Ogg::Vorbis::File(fileBA.constData());
         // process special ID3 fields, APEv2 fiels, etc
         addXiphComment(((TagLib::Ogg::Vorbis::File*)file)->tag());
 
     }
-    if (m_file.endsWith(".wav", Qt::CaseInsensitive)) {
-        file = new TagLib::RIFF::WAV::File(m_file.toLocal8Bit().constData());
+    if (filePath.endsWith(".wav", Qt::CaseInsensitive)) {
+        file = new TagLib::RIFF::WAV::File(fileBA.constData());
         //If the flac has no ID3v2 tag, we create a new one and add the TBPM and TKEY frame
         addID3v2Tag(((TagLib::RIFF::WAV::File*)file)->tag());
 
     }
-    if (m_file.endsWith(".flac", Qt::CaseInsensitive)) {
-        file = new TagLib::FLAC::File(m_file.toLocal8Bit().constData());
+    if (filePath.endsWith(".flac", Qt::CaseInsensitive)) {
+        file = new TagLib::FLAC::File(fileBA.constData());
 
         //If the flac has no ID3v2 tag, we create a new one and add the TBPM and TKEY frame
         addID3v2Tag(((TagLib::FLAC::File*)file)->ID3v2Tag(true) );
         //If the flac has no APE tag, we create a new one and add the TBPM and TKEY frame
         addXiphComment(((TagLib::FLAC::File*) file)->xiphComment(true));
 
     }
-    if (m_file.endsWith(".aif", Qt::CaseInsensitive) || m_file.endsWith(".aiff", Qt::CaseInsensitive)) {
-        file =  new TagLib::RIFF::AIFF::File(m_file.toLocal8Bit().constData());
+    if (filePath.endsWith(".aif", Qt::CaseInsensitive) ||
+            filePath.endsWith(".aiff", Qt::CaseInsensitive)) {
+        file = new TagLib::RIFF::AIFF::File(fileBA.constData());
         //If the flac has no ID3v2 tag, we create a new one and add the TBPM and TKEY frame
         addID3v2Tag(((TagLib::RIFF::AIFF::File*)file)->tag());
 
@@ -143,9 +149,9 @@ bool AudioTagger::save() {
         //write audio tags to file
         int success = file->save();
         if (success) {
-            qDebug() << "Successfully updated metadata of track " << m_file;
+            qDebug() << "Successfully updated metadata of track " << filePath;
         } else {
-             qDebug() << "Could not update metadata of track " << m_file;
+            qDebug() << "Could not update metadata of track " << filePath;
         }
         //delete file and return
         delete file;

src/audiotagger.h

@@ -3,20 +3,19 @@
 #define AUDIOTAGGER_H
 
 #include <QString>
+#include <QFileInfo>
 #include <taglib/apetag.h>
 #include <taglib/id3v2tag.h>
 #include <taglib/xiphcomment.h>
 #include <taglib/mp4tag.h>
 
+#include "util/sandbox.h"
 
-
-class AudioTagger
-{
-public:
-
-
-    AudioTagger (QString file);
+class AudioTagger {
+  public:
+    AudioTagger(const QString& file, SecurityTokenPointer pToken);
     virtual ~AudioTagger ( );
+
     void setArtist (QString artist );
     void setTitle (QString title );
     void setAlbum (QString album );
@@ -31,8 +30,7 @@ class AudioTagger
     void setTracknumber (QString tracknumber );
     bool save();
 
-
-private:
+  private:
     QString m_artist;
     QString m_title;
     QString m_albumArtist;
@@ -46,7 +44,8 @@ class AudioTagger
     QString m_bpm;
     QString m_tracknumber;
 
-    QString m_file;
+    QFileInfo m_file;
+    SecurityTokenPointer m_pSecurityToken;
 
     /** adds or modifies the ID3v2 tag to include BPM and KEY information **/
     void addID3v2Tag(TagLib::ID3v2::Tag* id3v2);

src/basetrackplayer.cpp

@@ -14,6 +14,7 @@
 #include "track/beatgrid.h"
 #include "waveform/renderers/waveformwidgetrenderer.h"
 #include "analyserqueue.h"
+#include "util/sandbox.h"
 
 BaseTrackPlayer::BaseTrackPlayer(QObject* pParent,
                                  ConfigObject<ConfigValue>* pConfig,
@@ -101,6 +102,12 @@ BaseTrackPlayer::~BaseTrackPlayer()
 }
 
 void BaseTrackPlayer::slotLoadTrack(TrackPointer track, bool bPlay) {
+    // Before loading the track, ensure we have access. This uses lazy
+    // evaluation to make sure track isn't NULL before we dereference it.
+    if (!track.isNull() && !Sandbox::askForAccess(track->getCanonicalLocation())) {
+        // We don't have access.
+        return;
+    }
 
     //Disconnect the old track's signals.
     if (m_pLoadedTrack) {

src/dlgprefrecord.cpp

@@ -23,6 +23,7 @@
 #include "controlobject.h"
 #include "encoder/encoder.h"
 #include "controlobjectthread.h"
+#include "util/sandbox.h"
 
 DlgPrefRecord::DlgPrefRecord(QWidget* parent, ConfigObject<ConfigValue>* pConfig)
         : DlgPreferencePage(parent),
@@ -231,10 +232,19 @@ void DlgPrefRecord::slotUpdate() {
 }
 
 void DlgPrefRecord::slotBrowseRecordingsDir() {
-    QString fd = QFileDialog::getExistingDirectory(this, tr("Choose recordings directory"),
-                                            m_pConfig->getValueString(
-                                                        ConfigKey(RECORDING_PREF_KEY, "Directory")));
+    QString fd = QFileDialog::getExistingDirectory(
+            this, tr("Choose recordings directory"),
+            m_pConfig->getValueString(ConfigKey(RECORDING_PREF_KEY,
+                                                "Directory")));
+
     if (fd != "") {
+        // The user has picked a new directory via a file dialog. This means the
+        // system sandboxer (if we are sandboxed) has granted us permission to
+        // this folder. Create a security bookmark while we have permission so
+        // that we can access the folder on future runs. We need to canonicalize
+        // the path so we first wrap the directory string with a QDir.
+        QDir directory(fd);
+        Sandbox::createSecurityToken(directory);
         LineEditRecordings->setText(fd);
     }
 }

src/dlgtrackinfo.cpp

@@ -367,7 +367,8 @@ void DlgTrackInfo::slotBpmTap() {
 
 void DlgTrackInfo::reloadTrackMetadata() {
     if (m_pLoadedTrack) {
-        TrackPointer pTrack(new TrackInfoObject(m_pLoadedTrack->getLocation()));
+        TrackPointer pTrack(new TrackInfoObject(m_pLoadedTrack->getLocation(),
+                                                m_pLoadedTrack->getSecurityToken()));
         populateFields(pTrack);
     }
 }

src/library/analysisfeature.cpp

@@ -12,6 +12,7 @@
 #include "mixxxkeyboard.h"
 #include "analyserqueue.h"
 #include "soundsourceproxy.h"
+#include "util/dnd.h"
 
 const QString AnalysisFeature::m_sAnalysisViewName = QString("Analysis");
 
@@ -134,15 +135,7 @@ void AnalysisFeature::cleanupAnalyser() {
 
 bool AnalysisFeature::dropAccept(QList<QUrl> urls, QObject* pSource) {
     Q_UNUSED(pSource);
-    QList<QFileInfo> files;
-    foreach (QUrl url, urls) {
-        // XXX: Possible WTF alert - Previously we thought we needed toString() here
-        // but what you actually want in any case when converting a QUrl to a file
-        // system path is QUrl::toLocalFile(). This is the second time we have
-        // flip-flopped on this, but I think toLocalFile() should work in any
-        // case. toString() absolutely does not work when you pass the result to a
-        files.append(url.toLocalFile());
-    }
+    QList<QFileInfo> files = DragAndDropHelper::supportedTracksFromUrls(urls, false, true);
     // Adds track, does not insert duplicates, handles unremoving logic.
     QList<int> trackIds = m_pTrackCollection->getTrackDAO().addTracks(files, true);
     analyzeTracks(trackIds);

src/library/autodjfeature.cpp

@@ -15,6 +15,7 @@
 #include "widget/wlibrary.h"
 #include "mixxxkeyboard.h"
 #include "soundsourceproxy.h"
+#include "util/dnd.h"
 
 const QString AutoDJFeature::m_sAutoDJViewName = QString("Auto DJ");
 
@@ -119,17 +120,10 @@ bool AutoDJFeature::dropAccept(QList<QUrl> urls, QObject* pSource) {
     //TODO: Filter by supported formats regex and reject anything that doesn't match.
     TrackDAO &trackDao = m_pTrackCollection->getTrackDAO();
 
-    //If a track is dropped onto a playlist's name, but the track isn't in the library,
-    //then add the track to the library before adding it to the playlist.
-    QList<QFileInfo> files;
-    foreach (QUrl url, urls) {
-        //XXX: See the note in PlaylistFeature::dropAccept() about using QUrl::toLocalFile()
-        //     instead of toString()
-        QFileInfo file = url.toLocalFile();
-        if (SoundSourceProxy::isFilenameSupported(file.fileName())) {
-            files.append(file);
-        }
-    }
+    // If a track is dropped onto a playlist's name, but the track isn't in the
+    // library, then add the track to the library before adding it to the
+    // playlist.
+    QList<QFileInfo> files = DragAndDropHelper::supportedTracksFromUrls(urls, false, true);
     QList<int> trackIds;
     if (pSource) {
         trackIds = trackDao.getTrackIds(files);

src/library/baseplaylistfeature.cpp

@@ -304,6 +304,11 @@ void BasePlaylistFeature::slotImportPlaylist() {
     m_pConfig->set(ConfigKey("[Library]","LastImportExportPlaylistDirectory"),
                 ConfigValue(fileName.dir().absolutePath()));
 
+    // The user has picked a new directory via a file dialog. This means the
+    // system sandboxer (if we are sandboxed) has granted us permission to this
+    // folder. We don't need access to this file on a regular basis so we do not
+    // register a security bookmark.
+
     Parser* playlist_parser = NULL;
 
     if (playlist_file.endsWith(".m3u", Qt::CaseInsensitive) ||
@@ -357,6 +362,11 @@ void BasePlaylistFeature::slotExportPlaylist() {
     m_pConfig->set(ConfigKey("[Library]","LastImportExportPlaylistDirectory"),
                 ConfigValue(fileName.dir().absolutePath()));
 
+    // The user has picked a new directory via a file dialog. This means the
+    // system sandboxer (if we are sandboxed) has granted us permission to this
+    // folder. We don't need access to this file on a regular basis so we do not
+    // register a security bookmark.
+
     // Create a new table model since the main one might have an active search.
     // This will only export songs that we think exist on default
     QScopedPointer<PlaylistTableModel> pPlaylistTableModel(

src/library/basesqltablemodel.cpp

@@ -16,6 +16,7 @@
 #include "playerinfo.h"
 #include "track/keyutils.h"
 #include "util/time.h"
+#include "util/dnd.h"
 
 const bool sDebug = false;
 
@@ -852,7 +853,7 @@ QMimeData* BaseSqlTableModel::mimeData(const QModelIndexList &indexes) const {
             continue;
         }
         rows.insert(index.row());
-        QUrl url = QUrl::fromLocalFile(getTrackLocation(index));
+        QUrl url = DragAndDropHelper::urlFromLocation(getTrackLocation(index));
         if (!url.isValid()) {
             qDebug() << this << "ERROR: invalid url" << url;
             continue;