Cope with .setsafe(global) being called when already 'SAFER'

As we default to SAFER file controls now, we want to cope with .setsafe and
.setsafeglobal being called either when already SAFER, or called multiple times.

This means adding a .currentpathcontrolstate operator so we don't try to
influence the path control lists after control is activated.

2 files changed, 54 insertions, 24 deletions

diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index 2e37db068..f46f65340 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -2216,30 +2216,37 @@ readonly def
 ] def
 
 /.lockfileaccess {
-  [
-    //tempfilepaths (*) .generate_dir_list_templates
-    /FONTPATH .systemvar (*) .generate_dir_list_templates
-    /level2dict where {
-        pop
-        % Default resources :
-      [ currentsystemparams /GenericResourceDir get] (*) .generate_dir_list_templates
-    } if
-    /LIBPATH  .systemvar (*) .generate_dir_list_templates
-    currentuserparams /ICCProfilesDir known {
-      [currentuserparams /ICCProfilesDir get] (*)
-      .generate_dir_list_templates
-    } if
-  ] {/PermitFileReading exch .addcontrolpath} forall
+  .currentpathcontrolstate
+  {
+    (\n **** WARNING: .lockfileaccess or .setsafe called ****\n) print
+    ( **** when file access controls are already active ****\n) print flush
+  }
+  {
+    [
+      //tempfilepaths (*) .generate_dir_list_templates
+      /FONTPATH .systemvar (*) .generate_dir_list_templates
+      /level2dict where {
+          pop
+          % Default resources :
+        [ currentsystemparams /GenericResourceDir get] (*) .generate_dir_list_templates
+      } if
+      /LIBPATH  .systemvar (*) .generate_dir_list_templates
+      currentuserparams /ICCProfilesDir known {
+        [currentuserparams /ICCProfilesDir get] (*)
+        .generate_dir_list_templates
+      } if
+    ] {/PermitFileReading exch .addcontrolpath} forall
 
-  [
-    //tempfilepaths (*) .generate_dir_list_templates
-  ] {/PermitFileWriting exch .addcontrolpath} forall
+    [
+      //tempfilepaths (*) .generate_dir_list_templates
+    ] {/PermitFileWriting exch .addcontrolpath} forall
 
-  [
-    //tempfilepaths (*) .generate_dir_list_templates
-  ] {/PermitFileControl exch .addcontrolpath} forall
+    [
+      //tempfilepaths (*) .generate_dir_list_templates
+    ] {/PermitFileControl exch .addcontrolpath} forall
 
-  .activatepathcontrol
+    .activatepathcontrol
+  } ifelse
 } bind def
 
 /.locksafe_userparams {
@@ -2310,7 +2317,12 @@ currentdict /tempfilepaths undef
     if
     .locksafe
   }
-  {//.lockfileaccess exec}
+  {
+    //.lockfileaccess exec
+    DELAYBIND not {
+        //systemdict /SAFERUndefinePostScriptOperators .knownget {exec} if
+    } if
+  }
   ifelse
 } .bind executeonly odef
 %% --- End documented extensions ---
@@ -2351,9 +2363,14 @@ currentdict /tempfilepaths undef
     if
     //.locksafeglobal exec
   }
-  {//.lockfileaccess exec}
+  {
+    //.lockfileaccess exec
+    DELAYBIND not {
+        //systemdict /SAFERUndefinePostScriptOperators .knownget {exec} if
+    } if
+  }
   ifelse
-} .bind def
+} .bind executeonly odef
 
 % If we are running in SAFER mode, lock things down
 SAFER { .setsafeglobal } if
diff --git a/psi/zfile.c b/psi/zfile.c
index 9d87f4556..2b7d1684d 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -918,6 +918,18 @@ static int zactivatepathcontrol(i_ctx_t *i_ctx_p)
     gs_activate_path_control(imemory, 1);
     return 0;
 }
+static int zcurrentpathcontrolstate(i_ctx_t *i_ctx_p)
+{
+    os_ptr op = osp;
+    push(1);
+    if (gs_is_path_control_active(imemory)) {
+        make_true(op);
+    }
+    else {
+        make_false(op);
+    }
+    return 0;
+}
 
 /* ------ Initialization procedure ------ */
 
@@ -940,6 +952,7 @@ const op_def zfile_op_defs[] =
     /* Control path operators */
     {"2.addcontrolpath", zaddcontrolpath},
     {"0.activatepathcontrol", zactivatepathcontrol},
+    {"0.currentpathcontrolstate", zcurrentpathcontrolstate},
     op_def_end(0)
 };