Migrate launchd script to the chromoting host bundle.

This replaces the unsigned launchd script with a signed script inside
the ME2ME host bundle. This is needed so that we can make changes to
the script without having the user re-authorize the host in
System Preferences -> Security & Privacy. This also helps with
Catalina signing/notarization, because it is expected that Apple's
notarization service and/or Gatekeeper will reject an unsigned script.

Changes:
* org.chromium.chromoting.me2me.sh removed from the installer package.
* New script added to the host bundle (with very minor changes needed
  for it to work). New script is without ".sh" extension, making it
  language-agnostic (in future, we could convert to a binary).
* New script is signed by do_signing.sh - this is required in order to
  sign the overall host bundle.
* Launchd agent plist updated to point to the new script.
* Upgrade will preserve the old script and plist, so that users don't
  have to re-authorize. New installs will use the new script. This is
  achieved by backing up the old script+plist in preflight and
  restoring them in postflight.
* Updated ME2ME native-messaging host setup to point to the new script.
* Permission prompt updated with new name (instead of the ugly string
  org.chromium.chromoting.me2me.sh).
* Uninstaller removes the old script if it exists.

Bug: 996989
Change-Id: Id3d7a0a9f666178b6871458b96f0af8177beb301
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1815977Reviewed-by: Jamie Walch <jamiewalch@chromium.org>
Commit-Queue: Lambros Lambrou <lambroslambrou@chromium.org>
Cr-Commit-Position: refs/heads/master@{#698701}

remoting/host/installer/mac/BUILD.gn

@@ -14,7 +14,6 @@ action("remoting_me2me_host_archive") {
     "ChromotingHostService.pkgproj",
     "ChromotingHostUninstaller.pkgproj",
     "LaunchAgents/org.chromium.chromoting.plist",
-    "PrivilegedHelperTools/org.chromium.chromoting.me2me.sh",
     "Scripts/keystone_install.sh",
     "Scripts/remoting_postflight.sh",
     "Scripts/remoting_preflight.sh",

remoting/host/installer/mac/ChromotingHostService.pkgproj

@@ -396,22 +396,6 @@
 										<key>UID</key>
 										<integer>0</integer>
 									</dict>
-									<dict>
-										<key>CHILDREN</key>
-										<array/>
-										<key>GID</key>
-										<integer>0</integer>
-										<key>PATH</key>
-										<string>PrivilegedHelperTools/org.chromium.chromoting.me2me.sh</string>
-										<key>PATH_TYPE</key>
-										<integer>1</integer>
-										<key>PERMISSIONS</key>
-										<integer>493</integer>
-										<key>TYPE</key>
-										<integer>3</integer>
-										<key>UID</key>
-										<integer>0</integer>
-									</dict>
 								</array>
 								<key>GID</key>
 								<integer>0</integer>
@@ -420,7 +404,7 @@
 								<key>PATH_TYPE</key>
 								<integer>0</integer>
 								<key>PERMISSIONS</key>
-								<integer>493</integer>
+								<integer>1005</integer>
 								<key>TYPE</key>
 								<integer>1</integer>
 								<key>UID</key>
@@ -506,6 +490,70 @@
 								<key>UID</key>
 								<integer>0</integer>
 							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Automator</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Extensions</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Input Methods</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>QuickLook</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
 						</array>
 						<key>GID</key>
 						<integer>0</integer>
@@ -619,8 +667,16 @@
 			</dict>
 			<key>PAYLOAD_TYPE</key>
 			<integer>0</integer>
+			<key>PRESERVE_EXTENDED_ATTRIBUTES</key>
+			<false/>
+			<key>SHOW_INVISIBLE</key>
+			<false/>
+			<key>SPLIT_FORKS</key>
+			<true/>
+			<key>TREAT_MISSING_FILES_AS_WARNING</key>
+			<false/>
 			<key>VERSION</key>
-			<integer>2</integer>
+			<integer>5</integer>
 		</dict>
 		<key>PACKAGE_SCRIPTS</key>
 		<dict>
@@ -647,10 +703,24 @@
 			<integer>1</integer>
 			<key>CONCLUSION_ACTION</key>
 			<integer>0</integer>
+			<key>FOLLOW_SYMBOLIC_LINKS</key>
+			<false/>
 			<key>IDENTIFIER</key>
 			<string>@@BUNDLE_ID_HOST_SERVICE@@</string>
+			<key>LOCATION</key>
+			<integer>0</integer>
+			<key>NAME</key>
+			<string></string>
 			<key>OVERWRITE_PERMISSIONS</key>
 			<false/>
+			<key>PAYLOAD_SIZE</key>
+			<integer>-1</integer>
+			<key>REFERENCE_PATH</key>
+			<string></string>
+			<key>RELOCATABLE</key>
+			<false/>
+			<key>USE_HFS+_COMPRESSION</key>
+			<false/>
 			<key>VERSION</key>
 			<string>@@VERSION@@</string>
 		</dict>
@@ -834,6 +904,8 @@
 			</array>
 			<key>NAME</key>
 			<string>@@HOST_SERVICE_PKG@@</string>
+			<key>PAYLOAD_ONLY</key>
+			<false/>
 		</dict>
 	</dict>
 	<key>TYPE</key>

remoting/host/installer/mac/LaunchAgents/org.chromium.chromoting.plist

@@ -13,7 +13,7 @@
 	</array>
 	<key>ProgramArguments</key>
 	<array>
-		<string>/Library/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh</string>
+		<string>/Library/PrivilegedHelperTools/@@HOST_BUNDLE_NAME@@/Contents/MacOS/host_service</string>
 		<string>--run-from-launchd</string>
 	</array>
 	<key>RunAtLoad</key>

remoting/host/installer/mac/Scripts/remoting_postflight.sh

@@ -67,6 +67,14 @@ if [[ -f "$ENABLED_FILE_BACKUP" ]]; then
   mv "$ENABLED_FILE_BACKUP" "$ENABLED_FILE"
 fi
 
+# If there is a backup plist, restore it in order to use the old launchd
+# service script instead of the new one.
+if [[ -f "$INSTALLER_TEMP/plist_backup" ]]; then
+  logger Restoring original launchd agent
+  mv "$INSTALLER_TEMP/plist_backup" "$PLIST"
+  mv "$INSTALLER_TEMP/script_backup" "$SCRIPT_FILE"
+fi
+
 # Create the PAM configuration unless it already exists and has been edited.
 update_pam=1
 CONTROL_LINE="# If you edit this file, please delete this line."

remoting/host/installer/mac/Scripts/remoting_preflight.sh

@@ -63,6 +63,18 @@ if [[ -f "$ENABLED_FILE" ]]; then
   mv "$ENABLED_FILE" "$ENABLED_FILE_BACKUP"
 fi
 
+# If there is an old launchd script, create a backup of the system's launchd
+# agent plist, so that the postflight script can restore it. This ensures the
+# old launchd script gets used instead of the new one in the host bundle.
+# The script also needs to be backed up and restored, as the new package does
+# not provide it, and the installer deletes it from the system.
+# TODO(lambroslambrou): Remove this after users have authorized the new script.
+if [[ -f "$SCRIPT_FILE" ]]; then
+  logger Backing up launchd agent
+  cp "$PLIST" "$INSTALLER_TEMP/plist_backup"
+  cp "$SCRIPT_FILE" "$INSTALLER_TEMP/script_backup"
+fi
+
 # Stop and unload the service for each user currently running the service, and
 # record the user IDs so the service can be restarted for the same users in the
 # postflight script.

remoting/host/installer/mac/do_signing.sh

@@ -42,12 +42,12 @@ setup() {
 
   # Binaries to sign.
   ME2ME_HOST="PrivilegedHelperTools/${HOST_BUNDLE_NAME}"
-  ME2ME_NM_HOST="PrivilegedHelperTools/${HOST_BUNDLE_NAME}/Contents/MacOS/"`
-                `"${NATIVE_MESSAGING_HOST_BUNDLE_NAME}/Contents/MacOS/"`
-                `"native_messaging_host"
-  IT2ME_NM_HOST="PrivilegedHelperTools/${HOST_BUNDLE_NAME}/Contents/MacOS/"`
-                `"${REMOTE_ASSISTANCE_HOST_BUNDLE_NAME}/Contents/MacOS/"`
-                `"remote_assistance_host"
+  ME2ME_EXE_DIR="${ME2ME_HOST}/Contents/MacOS/"
+  ME2ME_LAUNCHD_SERVICE="${ME2ME_EXE_DIR}/host_service"
+  ME2ME_NM_HOST="${ME2ME_EXE_DIR}/${NATIVE_MESSAGING_HOST_BUNDLE_NAME}/"`
+                `"Contents/MacOS/native_messaging_host"
+  IT2ME_NM_HOST="${ME2ME_EXE_DIR}/${REMOTE_ASSISTANCE_HOST_BUNDLE_NAME}/"`
+                `"Contents/MacOS/remote_assistance_host"
   UNINSTALLER="Applications/${HOST_UNINSTALLER_NAME}.app"
 
   # The Chromoting Host installer is a meta-package that consists of 3
@@ -144,10 +144,16 @@ sign_binaries() {
   local keychain="${2}"
   local id="${3}"
 
-  sign "${input_dir}/${ME2ME_NM_HOST}" "${keychain}" "${id}"
-  sign "${input_dir}/${IT2ME_NM_HOST}" "${keychain}" "${id}"
-  sign "${input_dir}/${ME2ME_HOST}" "${keychain}" "${id}"
-  sign "${input_dir}/${UNINSTALLER}" "${keychain}" "${id}"
+  local binaries=(\
+    "${ME2ME_LAUNCHD_SERVICE}" \
+    "${ME2ME_NM_HOST}" \
+    "${IT2ME_NM_HOST}" \
+    "${ME2ME_HOST}" \
+    "${UNINSTALLER}" \
+  )
+  for binary in "${binaries[@]}"; do
+    sign "${input_dir}/${binary}" "${keychain}" "${id}"
+  done
 }
 
 sign_installer() {

remoting/host/installer/mac/uninstaller/remoting_uninstaller.mm

@@ -133,10 +133,15 @@ const char kKeystonePID[] = "com.google.chrome_remote_desktop";
 
   [self shutdownService];
 
+  // Remove the old helper script if it exists. The new helper script is part
+  // of the host bundle.
+  const char kOldHostHelperScriptPath[] =
+      "/Library/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh";
+
   [self sudoDelete:remoting::kServicePlistPath usingAuth:authRef];
   [self sudoDelete:remoting::kHostBinaryPath usingAuth:authRef];
   [self sudoDelete:remoting::kHostLegacyBinaryPath usingAuth:authRef];
-  [self sudoDelete:remoting::kHostHelperScriptPath usingAuth:authRef];
+  [self sudoDelete:kOldHostHelperScriptPath usingAuth:authRef];
   [self sudoDelete:remoting::kHostConfigFilePath usingAuth:authRef];
   [self sudoDelete:remoting::kLogFilePath usingAuth:authRef];
   [self sudoDelete:remoting::kLogFileConfigPath usingAuth:authRef];

remoting/host/mac/BUILD.gn

@@ -55,6 +55,15 @@ bundle_data("remoting_host_resources") {
   }
 }
 
+bundle_data("remoting_me2me_script") {
+  sources = [
+    "host_service",
+  ]
+  outputs = [
+    "{{bundle_executable_dir}}/{{source_file_part}}",
+  ]
+}
+
 target("mac_app_bundle", "remoting_me2me_host") {
   extra_configs = [ "//remoting/build/config:version" ]
   info_plist = "remoting_me2me_host-Info.plist"
@@ -91,6 +100,7 @@ target("mac_app_bundle", "remoting_me2me_host") {
   }
   deps += [
     ":remoting_host_resources",
+    ":remoting_me2me_script",
     "//remoting/host:remoting_infoplist_strings",
     "//remoting/resources:copy_locales",
   ]

remoting/host/mac/constants_mac.cc

@@ -21,7 +21,8 @@ const char kServiceName[] = SERVICE_NAME;
 const char kHostConfigFileName[] = SERVICE_NAME ".json";
 const char kHostConfigFilePath[] = HELPER_TOOLS_DIR SERVICE_NAME ".json";
 
-const char kHostHelperScriptPath[] = HELPER_TOOLS_DIR SERVICE_NAME ".me2me.sh";
+const char kHostHelperScriptPath[] =
+    HELPER_TOOLS_DIR HOST_BUNDLE_NAME "/Contents/MacOS/host_service";
 const char kHostBinaryPath[] = HELPER_TOOLS_DIR HOST_BUNDLE_NAME;
 const char kHostLegacyBinaryPath[] = HELPER_TOOLS_DIR HOST_LEGACY_BUNDLE_NAME;
 const char kHostEnabledPath[] = HELPER_TOOLS_DIR SERVICE_NAME ".me2me_enabled";

remoting/host/installer/mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh → remoting/host/mac/host_service

 #!/bin/sh
 
-# Copyright (c) 2012 The Chromium Authors. All rights reserved.
+# Copyright 2019 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 NAME=org.chromium.chromoting
-HOST_BUNDLE_NAME=@@HOST_LEGACY_BUNDLE_NAME@@
+SCRIPT_DIR="$(dirname "${0}")"
 CONFIG_DIR=/Library/PrivilegedHelperTools
-ENABLED_FILE=$CONFIG_DIR/$NAME.me2me_enabled
-CONFIG_FILE=$CONFIG_DIR/$NAME.json
-HOST_EXE=$CONFIG_DIR/$HOST_BUNDLE_NAME/Contents/MacOS/remoting_me2me_host
-PLIST_FILE=$CONFIG_DIR/$HOST_BUNDLE_NAME/Contents/Info.plist
+ENABLED_FILE="$CONFIG_DIR/$NAME.me2me_enabled"
+CONFIG_FILE="$CONFIG_DIR/$NAME.json"
+HOST_EXE="$SCRIPT_DIR/remoting_me2me_host"
+PLIST_FILE="$SCRIPT_DIR/../Info.plist"
 
 # The exit code returned by 'wait' when a process is terminated by SIGTERM.
 SIGTERM_EXIT_CODE=143

remoting/host/mac/permission_utils.mm

@@ -20,7 +20,10 @@
 namespace {
 
 constexpr int kMinDialogWidthPx = 650;
-constexpr NSString* kServiceScriptName = @"org.chromium.chromoting.me2me.sh";
+
+// The name of the host service as it appears in the system's Accessibility
+// permission dialog.
+constexpr NSString* kHostServiceName = @"remoting_me2me_host";
 
 void ShowPermissionDialog() {
   base::scoped_nsobject<NSAlert> alert([[NSAlert alloc] init]);
@@ -32,7 +35,7 @@ void ShowPermissionDialog() {
                  l10n_util::GetStringUTF16(IDS_PRODUCT_NAME),
                  l10n_util::GetStringUTF16(
                      IDS_ACCESSIBILITY_PERMISSION_DIALOG_OPEN_BUTTON),
-                 base::SysNSStringToUTF16(kServiceScriptName))];
+                 base::SysNSStringToUTF16(kHostServiceName))];
   [alert
       addButtonWithTitle:l10n_util::GetNSString(
                              IDS_ACCESSIBILITY_PERMISSION_DIALOG_OPEN_BUTTON)];