diff options
| author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2022-05-10 15:02:43 +0200 |
|---|---|---|
| committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2022-11-03 15:02:36 +0100 |
| commit | f0a7d74e1dd2c1d802aa09d7b8c144599f4a54ce (patch) | |
| tree | 31a684f2f8f63eaef4f07fee98ebe0bc4a6bd87d /mkspecs | |
| parent | 1c6bf3e09ea9722717caedcfcceaaf3d607615cf (diff) | |
Add permission API backend for macOS and iOS
When submitting applications to the iOS and macOS AppStore the
application goes through static analysis, which will trigger on
uses of various privacy protected APIs, unless the application
has a corresponding usage description for the permission in the
Info.plist file. This applies even if the application never
requests the given permission, but just links to a Qt library
that has the offending symbols or library dependencies.
To ensure that the application does not have to add usage
descriptions to their Info.plist for permissions they never
plan to use we split up the various permission implementations
into small static libraries that register with the Qt plugin
mechanism as permission backends. We can then inspect the
application's Info.plist at configure time and only add the
relevant static permission libraries.
Furthermore, since some permissions can be checked without any
usage description, we allow the implementation to be split up
into two separate translation units. By putting the request in
its own translation unit we can selectively include it during
linking by telling the linker to look for a special symbol.
This is useful for libraries such as Qt Multimedia who would
like to check the current permission status, but without
needing to request any permission of its own.
Done-with: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Change-Id: Ic2a43e1a0c45a91df6101020639f473ffd9454cc
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Diffstat (limited to 'mkspecs')
| -rw-r--r-- | mkspecs/features/permissions.prf | 25 | ||||
| -rw-r--r-- | mkspecs/features/qt.prf | 3 |
2 files changed, 28 insertions, 0 deletions
diff --git a/mkspecs/features/permissions.prf b/mkspecs/features/permissions.prf new file mode 100644 index 0000000000..d80df6d01e --- /dev/null +++ b/mkspecs/features/permissions.prf @@ -0,0 +1,25 @@ +isEmpty(QMAKE_INFO_PLIST): \ + return() + +for(plugin, QT_PLUGINS) { + !equals(QT_PLUGIN.$${plugin}.TYPE, permissions): \ + next() + + usage_descriptions = $$eval(QT_PLUGIN.$${plugin}.usage_descriptions) + for(usage_description_key, usage_descriptions) { + usage_description = $$system("/usr/libexec/PlistBuddy" \ + "-c 'print $$usage_description_key' $$QMAKE_INFO_PLIST 2>/dev/null") + !isEmpty(usage_description): \ + break() + } + + isEmpty(usage_description): \ + next() + + request_flag = $$eval(QT_PLUGIN.$${plugin}.request_flag) + + QTPLUGIN += $$plugin + QMAKE_LFLAGS += $$request_flag + + QMAKE_INTERNAL_INCLUDED_FILES *= $$QMAKE_INFO_PLIST +} diff --git a/mkspecs/features/qt.prf b/mkspecs/features/qt.prf index 71b6679af3..d8a8627d83 100644 --- a/mkspecs/features/qt.prf +++ b/mkspecs/features/qt.prf @@ -66,6 +66,9 @@ unix { } } +# Will automatically add plugins, so run first +contains(QT_CONFIG, permissions): load(permissions) + # qmake variables cannot contain dashes, so normalize the names first CLEAN_QT = $$replace(QT, -private$, _private) CLEAN_QT_PRIVATE = $$replace(QT_PRIVATE, -private$, _private) |