diff --git a/Signal/src/ViewControllers/ConversationView/ConversationViewController.m b/Signal/src/ViewControllers/ConversationView/ConversationViewController.m index bc101e9c8..35988cf29 100644 --- a/Signal/src/ViewControllers/ConversationView/ConversationViewController.m +++ b/Signal/src/ViewControllers/ConversationView/ConversationViewController.m @@ -3607,7 +3607,7 @@ typedef enum : NSUInteger { [self.audioAttachmentPlayer stop]; self.audioAttachmentPlayer = nil; - NSString *temporaryDirectory = NSTemporaryDirectory(); + NSString *temporaryDirectory = OWSTemporaryDirectory(); NSString *filename = [NSString stringWithFormat:@"%lld.m4a", [NSDate ows_millisecondTimeStamp]]; NSString *filepath = [temporaryDirectory stringByAppendingPathComponent:filename]; NSURL *fileURL = [NSURL fileURLWithPath:filepath]; diff --git a/Signal/src/ViewControllers/DebugUI/DebugUIMessagesAssetLoader.m b/Signal/src/ViewControllers/DebugUI/DebugUIMessagesAssetLoader.m index 6b3bb79d0..021ea0514 100644 --- a/Signal/src/ViewControllers/DebugUI/DebugUIMessagesAssetLoader.m +++ b/Signal/src/ViewControllers/DebugUI/DebugUIMessagesAssetLoader.m @@ -47,7 +47,7 @@ NS_ASSUME_NONNULL_BEGIN } // Use a predictable file path so that we reuse the cache between app launches. - NSString *temporaryDirectory = NSTemporaryDirectory(); + NSString *temporaryDirectory = OWSTemporaryDirectory(); NSString *cacheDirectory = [temporaryDirectory stringByAppendingPathComponent:@"cached_random_files"]; [OWSFileSystem ensureDirectoryExists:cacheDirectory]; NSString *filePath = [cacheDirectory stringByAppendingPathComponent:self.filename]; diff --git a/Signal/src/network/GiphyDownloader.swift b/Signal/src/network/GiphyDownloader.swift index 1d3765d7b..0556ff6cc 100644 --- a/Signal/src/network/GiphyDownloader.swift +++ b/Signal/src/network/GiphyDownloader.swift @@ -780,7 +780,7 @@ extension URLSessionTask { // We write assets to the temporary directory so that iOS can clean them up. // We try to eagerly clean up these assets when they are no longer in use. - let tempDirPath = NSTemporaryDirectory() + let tempDirPath = OWSTemporaryDirectory() let dirPath = (tempDirPath as NSString).appendingPathComponent("GIFs") do { let fileManager = FileManager.default diff --git a/Signal/src/util/OWSBackupJob.m b/Signal/src/util/OWSBackupJob.m index 1633f07b0..38180e1f7 100644 --- a/Signal/src/util/OWSBackupJob.m +++ b/Signal/src/util/OWSBackupJob.m @@ -79,7 +79,7 @@ NSString *const kOWSBackup_KeychainService = @"kOWSBackup_KeychainService"; // TODO: Exports should use a new directory each time, but imports // might want to use a predictable directory so that repeated // import attempts can reuse downloads from previous attempts. - NSString *temporaryDirectory = NSTemporaryDirectory(); + NSString *temporaryDirectory = OWSTemporaryDirectory(); self.jobTempDirPath = [temporaryDirectory stringByAppendingPathComponent:[NSUUID UUID].UUIDString]; if (![OWSFileSystem ensureDirectoryExists:self.jobTempDirPath]) { diff --git a/Signal/src/util/OWSBackupLazyRestoreJob.swift b/Signal/src/util/OWSBackupLazyRestoreJob.swift index 42b26ef31..184572823 100644 --- a/Signal/src/util/OWSBackupLazyRestoreJob.swift +++ b/Signal/src/util/OWSBackupLazyRestoreJob.swift @@ -39,7 +39,7 @@ public class OWSBackupLazyRestoreJob: NSObject { } private func restoreAttachments() { - let temporaryDirectory = NSTemporaryDirectory() + let temporaryDirectory = OWSTemporaryDirectory() let jobTempDirPath = (temporaryDirectory as NSString).appendingPathComponent(NSUUID().uuidString) guard OWSFileSystem.ensureDirectoryExists(jobTempDirPath) else { diff --git a/Signal/src/util/OWSOrphanDataCleaner.m b/Signal/src/util/OWSOrphanDataCleaner.m index 0c576cfaa..75257b02e 100644 --- a/Signal/src/util/OWSOrphanDataCleaner.m +++ b/Signal/src/util/OWSOrphanDataCleaner.m @@ -715,10 +715,10 @@ typedef void (^OrphanDataBlock)(OWSOrphanData *); + (nullable NSArray *)getTempFilePaths { - NSString *dir1 = NSTemporaryDirectory(); + NSString *dir1 = OWSTemporaryDirectory(); NSArray *_Nullable paths1 = [[self filePathsInDirectorySafe:dir1].allObjects mutableCopy]; - NSString *dir2 = OWSFileSystem.accessibleAfterFirstAuthTempDirectoryPath; + NSString *dir2 = OWSTemporaryDirectoryAccessibleAfterFirstAuth(); NSArray *_Nullable paths2 = [[self filePathsInDirectorySafe:dir2].allObjects mutableCopy]; if (paths1 && paths2) { diff --git a/Signal/src/util/Pastelog.m b/Signal/src/util/Pastelog.m index 777806c3c..04af06516 100644 --- a/Signal/src/util/Pastelog.m +++ b/Signal/src/util/Pastelog.m @@ -392,7 +392,7 @@ typedef void (^DebugLogUploadFailure)(DebugLogUploader *uploader, NSError *error [dateFormatter setDateFormat:@"yyyy.MM.dd hh.mm.ss"]; NSString *dateString = [dateFormatter stringFromDate:[NSDate new]]; NSString *logsName = [[dateString stringByAppendingString:@" "] stringByAppendingString:NSUUID.UUID.UUIDString]; - NSString *tempDirectory = NSTemporaryDirectory(); + NSString *tempDirectory = OWSTemporaryDirectory(); NSString *zipFilePath = [tempDirectory stringByAppendingPathComponent:[logsName stringByAppendingPathExtension:@"zip"]]; NSString *zipDirPath = [tempDirectory stringByAppendingPathComponent:logsName]; diff --git a/SignalMessaging/attachments/SignalAttachment.swift b/SignalMessaging/attachments/SignalAttachment.swift index c9b296fed..f3cd5618e 100644 --- a/SignalMessaging/attachments/SignalAttachment.swift +++ b/SignalMessaging/attachments/SignalAttachment.swift @@ -943,7 +943,7 @@ public class SignalAttachment: NSObject { } private class var videoTempPath: URL { - let videoDir = URL(fileURLWithPath: NSTemporaryDirectory()).appendingPathComponent("video") + let videoDir = URL(fileURLWithPath: OWSTemporaryDirectory()).appendingPathComponent("video") OWSFileSystem.ensureDirectoryExists(videoDir.path) return videoDir } diff --git a/SignalMessaging/environment/AppSetup.m b/SignalMessaging/environment/AppSetup.m index 0a7f24601..e18a71992 100644 --- a/SignalMessaging/environment/AppSetup.m +++ b/SignalMessaging/environment/AppSetup.m @@ -40,6 +40,13 @@ NS_ASSUME_NONNULL_BEGIN OWSPrimaryStorage *primaryStorage = [[OWSPrimaryStorage alloc] initStorage]; [OWSPrimaryStorage protectFiles]; + // AFNetworking (via CFNetworking) spools it's attachments to NSTemporaryDirectory(). + // If you receive a media message while the device is locked, the download will fail if the temporary directory + // is NSFileProtectionComplete + BOOL success = [OWSFileSystem protectFileOrFolderAtPath:NSTemporaryDirectory() + fileProtectionType:NSFileProtectionCompleteUntilFirstUserAuthentication]; + OWSAssert(success); + OWSPreferences *preferences = [OWSPreferences new]; TSNetworkManager *networkManager = [[TSNetworkManager alloc] initDefault]; diff --git a/SignalMessaging/profiles/OWSProfileManager.m b/SignalMessaging/profiles/OWSProfileManager.m index 393227074..7ce524a18 100644 --- a/SignalMessaging/profiles/OWSProfileManager.m +++ b/SignalMessaging/profiles/OWSProfileManager.m @@ -814,7 +814,7 @@ const NSUInteger kOWSProfileManager_MaxAvatarDiameter = 640; OWSLogVerbose(@"downloading profile avatar: %@", userProfile.uniqueId); - NSString *tempDirectory = NSTemporaryDirectory(); + NSString *tempDirectory = OWSTemporaryDirectory(); NSString *tempFilePath = [tempDirectory stringByAppendingPathComponent:fileName]; void (^completionHandler)(NSURLResponse *_Nonnull, NSURL *_Nullable, NSError *_Nullable) = ^( diff --git a/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m b/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m index 3790507f4..241005742 100644 --- a/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m +++ b/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m @@ -312,38 +312,21 @@ static const CGFloat kAttachmentDownloadProgressTheta = 0.001f; const long kMaxDownloadSize = 150 * 1024 * 1024; __block BOOL hasCheckedContentLength = NO; - NSString *tempSubdirPath = [OWSFileSystem.accessibleAfterFirstAuthTempDirectoryPath - stringByAppendingPathComponent:[NSUUID UUID].UUIDString]; - NSString *tempFilePath1 = [tempSubdirPath stringByAppendingPathComponent:[NSUUID UUID].UUIDString]; - NSString *tempFilePath2 = [tempSubdirPath stringByAppendingPathComponent:[NSUUID UUID].UUIDString]; - NSURL *tempFileURL1 = [NSURL fileURLWithPath:tempFilePath1]; + NSString *tempFilePath = + [OWSTemporaryDirectoryAccessibleAfterFirstAuth() stringByAppendingPathComponent:[NSUUID UUID].UUIDString]; + NSURL *tempFileURL = [NSURL fileURLWithPath:tempFilePath]; __block NSURLSessionDownloadTask *task; void (^failureHandler)(NSError *) = ^(NSError *error) { OWSLogError(@"Failed to download attachment with error: %@", error.description); - if (![OWSFileSystem deleteFileIfExists:tempFilePath1]) { + if (![OWSFileSystem deleteFileIfExists:tempFilePath]) { OWSLogError(@"Could not delete temporary file #1."); } - if (![OWSFileSystem deleteFileIfExists:tempFilePath2]) { - OWSLogError(@"Could not delete temporary file #2."); - } failureHandlerParam(task, error); }; - // downloadTaskWithRequest's destination callback needs to - // return a path to a non-existent file path, and we can't apply - // file protection to a non-existent file path. - // By creating the temporary file inside a temporary subdirectory, - // we can apply file protection to that subdirectory. - if (![OWSFileSystem ensureDirectoryExists:tempSubdirPath]) { - OWSLogError(@"Could not create temporary subdirectory for attachment download."); - NSError *error = OWSErrorWithCodeDescription( - OWSErrorCodeInvalidMessage, NSLocalizedString(@"ERROR_MESSAGE_INVALID_MESSAGE", @"")); - return failureHandler(error); - } - NSString *method = @"GET"; NSError *serializationError = nil; NSMutableURLRequest *request = [manager.requestSerializer requestWithMethod:method @@ -429,29 +412,21 @@ static const CGFloat kAttachmentDownloadProgressTheta = 0.001f; hasCheckedContentLength = YES; } destination:^(NSURL *targetPath, NSURLResponse *response) { - return tempFileURL1; + return tempFileURL; } completionHandler:^(NSURLResponse *response, NSURL *_Nullable filePath, NSError *_Nullable error) { if (error) { failureHandler(error); return; } - if (![tempFileURL1 isEqual:filePath]) { + if (![tempFileURL isEqual:filePath]) { OWSLogError(@"Unexpected temp file path."); NSError *error = OWSErrorWithCodeDescription( OWSErrorCodeInvalidMessage, NSLocalizedString(@"ERROR_MESSAGE_INVALID_MESSAGE", @"")); return failureHandler(error); } - // Move the temporary file to a second temporary location - // to ensure that it isn't deleted before we're done with it. - NSError *moveError; - if (![NSFileManager.defaultManager moveItemAtPath:tempFilePath1 toPath:tempFilePath2 error:&moveError]) { - OWSLogError(@"Could not move temporary file."); - return failureHandler(moveError); - } - - NSNumber *_Nullable fileSize = [OWSFileSystem fileSizeOfPath:tempFilePath2]; + NSNumber *_Nullable fileSize = [OWSFileSystem fileSizeOfPath:tempFilePath]; if (!fileSize) { OWSLogError(@"Could not determine attachment file size."); NSError *error = OWSErrorWithCodeDescription( @@ -464,7 +439,7 @@ static const CGFloat kAttachmentDownloadProgressTheta = 0.001f; OWSErrorCodeInvalidMessage, NSLocalizedString(@"ERROR_MESSAGE_INVALID_MESSAGE", @"")); return failureHandler(error); } - successHandler(tempFilePath2); + successHandler(tempFilePath); }]; [task resume]; } diff --git a/SignalServiceKit/src/SignalServiceKit.h b/SignalServiceKit/src/SignalServiceKit.h index 695adba43..593f09ef4 100644 --- a/SignalServiceKit/src/SignalServiceKit.h +++ b/SignalServiceKit/src/SignalServiceKit.h @@ -2,5 +2,6 @@ // Copyright (c) 2018 Open Whisper Systems. All rights reserved. // -// ObjC classes from which Swift classes inherit must be included in this framework header. +// Anything used by Swift outside of the framework must be imported. +#import "OWSFileSystem.h" #import "OWSOperation.h" diff --git a/SignalServiceKit/src/Tests/TestAppContext.m b/SignalServiceKit/src/Tests/TestAppContext.m index bbf3fc4bb..43ccb2614 100644 --- a/SignalServiceKit/src/Tests/TestAppContext.m +++ b/SignalServiceKit/src/Tests/TestAppContext.m @@ -3,6 +3,7 @@ // #import "TestAppContext.h" +#import #import NS_ASSUME_NONNULL_BEGIN @@ -33,7 +34,7 @@ NS_ASSUME_NONNULL_BEGIN self.testKeychainStorage = [SSKTestKeychainStorage new]; - NSString *temporaryDirectory = NSTemporaryDirectory(); + NSString *temporaryDirectory = OWSTemporaryDirectory(); self.mockAppDocumentDirectoryPath = [temporaryDirectory stringByAppendingPathComponent:NSUUID.UUID.UUIDString]; self.mockAppSharedDataDirectoryPath = [temporaryDirectory stringByAppendingPathComponent:NSUUID.UUID.UUIDString]; diff --git a/SignalServiceKit/src/Util/OWSFileSystem.h b/SignalServiceKit/src/Util/OWSFileSystem.h index add7e4bb8..0bbad4c92 100644 --- a/SignalServiceKit/src/Util/OWSFileSystem.h +++ b/SignalServiceKit/src/Util/OWSFileSystem.h @@ -4,6 +4,12 @@ NS_ASSUME_NONNULL_BEGIN +// Use instead of NSTemporaryDirectory() +// prefer the more restrictice OWSTemporaryDirectory, +// unless the temp data may need to be accessed while the device is locked. +NSString *OWSTemporaryDirectory(void); +NSString *OWSTemporaryDirectoryAccessibleAfterFirstAuth(void); + @interface OWSFileSystem : NSObject - (instancetype)init NS_UNAVAILABLE; @@ -19,8 +25,6 @@ NS_ASSUME_NONNULL_BEGIN + (NSString *)appSharedDataDirectoryPath; -+ (NSString *)accessibleAfterFirstAuthTempDirectoryPath; - + (NSString *)cachesDirectoryPath; + (nullable NSError *)renameFilePathUsingRandomExtension:(NSString *)oldFilePath; diff --git a/SignalServiceKit/src/Util/OWSFileSystem.m b/SignalServiceKit/src/Util/OWSFileSystem.m index a7ab98a00..183e9edb6 100644 --- a/SignalServiceKit/src/Util/OWSFileSystem.m +++ b/SignalServiceKit/src/Util/OWSFileSystem.m @@ -110,15 +110,6 @@ NS_ASSUME_NONNULL_BEGIN return CurrentAppContext().appSharedDataDirectoryPath; } -+ (NSString *)accessibleAfterFirstAuthTempDirectoryPath -{ - NSString *const dirName = @"accessibleAfterFirstAuthTmp"; - NSString *const dirPath = [[self appDocumentDirectoryPath] stringByAppendingPathComponent:dirName]; - BOOL ok = [self ensureDirectoryExists:dirPath]; - OWSAssert(ok); - return dirPath; -} - + (NSString *)cachesDirectoryPath { NSArray *paths = NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES); @@ -201,13 +192,18 @@ NS_ASSUME_NONNULL_BEGIN } + (BOOL)ensureDirectoryExists:(NSString *)dirPath +{ + return [self ensureDirectoryExists:dirPath fileProtectionType:NSFileProtectionCompleteUntilFirstUserAuthentication]; +} + ++ (BOOL)ensureDirectoryExists:(NSString *)dirPath fileProtectionType:(NSFileProtectionType)fileProtectionType { BOOL isDirectory; BOOL exists = [[NSFileManager defaultManager] fileExistsAtPath:dirPath isDirectory:&isDirectory]; if (exists) { OWSAssertDebug(isDirectory); - return [self protectFileOrFolderAtPath:dirPath]; + return [self protectFileOrFolderAtPath:dirPath fileProtectionType:fileProtectionType]; } else { OWSLogInfo(@"Creating directory at: %@", dirPath); @@ -220,7 +216,7 @@ NS_ASSUME_NONNULL_BEGIN OWSFailDebug(@"Failed to create directory: %@, error: %@", dirPath, error); return NO; } - return [self protectFileOrFolderAtPath:dirPath]; + return [self protectFileOrFolderAtPath:dirPath fileProtectionType:fileProtectionType]; } } @@ -297,7 +293,7 @@ NS_ASSUME_NONNULL_BEGIN + (NSString *)temporaryFilePathWithFileExtension:(NSString *_Nullable)fileExtension { - NSString *temporaryDirectory = NSTemporaryDirectory(); + NSString *temporaryDirectory = OWSTemporaryDirectory(); NSString *tempFileName = NSUUID.UUID.UUIDString; if (fileExtension.length > 0) { tempFileName = [[tempFileName stringByAppendingString:@"."] stringByAppendingString:fileExtension]; @@ -340,4 +336,22 @@ NS_ASSUME_NONNULL_BEGIN @end +NSString *OWSTemporaryDirectory(void) +{ + NSString *dirName = @"ows_temp"; + NSString *dirPath = [NSTemporaryDirectory() stringByAppendingPathComponent:dirName]; + BOOL success = [OWSFileSystem ensureDirectoryExists:dirPath fileProtectionType:NSFileProtectionComplete]; + OWSCAssert(success); + return dirPath; +} + +NSString *OWSTemporaryDirectoryAccessibleAfterFirstAuth(void) +{ + NSString *dirPath = NSTemporaryDirectory(); + BOOL success = [OWSFileSystem ensureDirectoryExists:dirPath + fileProtectionType:NSFileProtectionCompleteUntilFirstUserAuthentication]; + OWSCAssert(success); + return dirPath; +} + NS_ASSUME_NONNULL_END