diff options
| author | Mark Mentovai <mark@chromium.org> | 2014-09-03 11:56:56 -0400 |
|---|---|---|
| committer | Mark Mentovai <mark@chromium.org> | 2014-09-03 16:03:18 +0000 |
| commit | 1bc56d577247e9ca6a029dd75571e79775e80343 (patch) | |
| tree | 16cea50ad76ac6a7caf1e5182ce147bd67a729e5 /chrome/installer | |
| parent | a6eeda8438c24c29f6ff17370c55255031be70f7 (diff) | |
| download | chromium_src-1bc56d577247e9ca6a029dd75571e79775e80343.zip chromium_src-1bc56d577247e9ca6a029dd75571e79775e80343.tar.gz chromium_src-1bc56d577247e9ca6a029dd75571e79775e80343.tar.bz2 | |
Update rules2 in app_resource_rules.plist.in to a set of rules that ought to work on 10.9.5 and 10.10, with the latest Gatekeeper policy changes.
This removes the “nested” tag from the live versioned directory, so that
it will be treated as data instead of code. There are problems with
“nested” validation of unversioned frameworks. There are other problems
with “nested” allowing components to be replaced, although these can be
overcome by creatively applying designated requirements to the nested
components. The non-“nested” version allows us to not version the
frameworks, which would introduce symbolic links and weaken v1 code
signature validation as done by pre-10.9 systems because v1 code
signatures do not consider symbolic links. This non-“nested” version is
also the simplest change to the existing set of resource rules that
works. The v2 rules2 dictionary is now identical to the v1 rules
dictionary.
In order for rules2 to be honored and for a v2 signature to be produced,
the app must be signed on 10.9 or later. (This will also produce a v1
signature to be validated on pre-10.9 systems.)
BUG=399276
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/533943003
Cr-Commit-Position: refs/heads/master@{#293142}
Diffstat (limited to 'chrome/installer')
| -rw-r--r-- | chrome/installer/mac/app_resource_rules.plist.in | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/chrome/installer/mac/app_resource_rules.plist.in b/chrome/installer/mac/app_resource_rules.plist.in index 6fc6246..f3d24cd 100644 --- a/chrome/installer/mac/app_resource_rules.plist.in +++ b/chrome/installer/mac/app_resource_rules.plist.in @@ -68,8 +68,6 @@ </dict> <key>^Versions/@VERSION_REGEX@/</key> <dict> - <key>nested</key> - <true/> <key>weight</key> <real>20</real> </dict> @@ -80,6 +78,20 @@ <key>weight</key> <real>30</real> </dict> + <key>^Versions/@VERSION_REGEX@/.+/Resources/.+\.lproj/</key> + <dict> + <key>optional</key> + <true/> + <key>weight</key> + <real>30</real> + </dict> + <key>^Versions/@VERSION_REGEX@/.+/Resources Disabled/</key> + <dict> + <key>omit</key> + <true/> + <key>weight</key> + <real>40</real> + </dict> <key>/\.DS_Store$</key> <dict> <key>omit</key> |