chore: ensure executable

AppFlowy-IO · Jul 13, 2024 · 15dda4d · 15dda4d
1 parent 2cca673
commit 15dda4d
Showing 1 changed file with 31 additions and 29 deletions.
diff --git a/appflowy-plugin/src/core/plugin.rs b/appflowy-plugin/src/core/plugin.rs
@@ -190,35 +190,7 @@ pub(crate) async fn start_plugin_process(
     .spawn(move || {
       info!("Load {} plugin", &plugin_info.name);
       if cfg!(target_os = "macos") {
-        let mut open_manually = false;
-        match xattr::list(&plugin_info.exec_path) {
-          Ok(mut list) => {
-            // https://eclecticlight.co/2023/03/16/what-is-macos-ventura-doing-tracking-provenance/
-            // The com.apple.quarantine attribute is used by macOS to mark files that have been downloaded from
-            // the internet or received via other potentially unsafe methods. When this attribute is set, macOS
-            // employs additional security checks before allowing the file to be opened or executed
-            // The presence of this attribute can cause the system to display a permission error, such as:
-            // code: 1, kind: PermissionDenied, message: "Operation not permitted"
-            if list.find(|attr| attr == "com.apple.quarantine").is_some()
-              && list
-                .find(|attr| attr == "com.apple.lastuseddate#PS")
-                .is_none()
-            {
-              open_manually = true;
-            }
-            for attr in list {
-              trace!("xattr: {:?}", attr);
-            }
-          },
-          Err(_) => open_manually = true,
-        }
-        if open_manually {
-          // Using 'open' to trigger the macOS security check. After the user allows opening the binary,
-          // any subsequent 'open' command will not trigger the security check and the binary will run with permission.
-          if let Err(err) = Command::new("open").arg(&plugin_info.exec_path).output() {
-            error!("Failed to open plugin file: {:?}", err);
-          }
-        }
+        handle_macos_security_check(&plugin_info);
       }
 
       let child = std::process::Command::new(&plugin_info.exec_path)
@@ -296,3 +268,33 @@ pub async fn clear_extended_attributes(exec_path: &Path) -> Result<(), anyhow::E
   xattr::set(exec_path, "com.apple.provenance", "true".as_bytes()).unwrap();
   Ok(())
 }
+
+fn handle_macos_security_check(plugin_info: &PluginInfo) {
+  if cfg!(target_os = "macos") {
+    let mut open_manually = false;
+    match xattr::list(&plugin_info.exec_path) {
+      Ok(mut list) => {
+        let has_quarantine = list.any(|attr| attr == "com.apple.quarantine");
+        let has_lastuseddate = list.any(|attr| attr == "com.apple.lastuseddate#PS");
+        if has_quarantine && !has_lastuseddate {
+          open_manually = true;
+        }
+
+        if cfg!(debug_assertions) {
+          list.for_each(|attr| {
+            trace!("{:?}: xattr: {:?}", plugin_info.exec_path, attr);
+          });
+        }
+      },
+      Err(_) => open_manually = true,
+    }
+
+    if open_manually {
+      // Using 'open' to trigger the macOS security check. After the user allows opening the binary,
+      // any subsequent 'open' command will not trigger the security check and the binary will run with permission.
+      if let Err(err) = Command::new("open").arg(&plugin_info.exec_path).output() {
+        error!("Failed to open plugin file: {:?}", err);
+      }
+    }
+  }
+}