[tbb-commits] [tor-browser-bundle/master] Bug 20121: Create Seatbelt profiles for Tor Browser

gk at torproject.org gk at torproject.org
Fri Dec 9 18:57:09 UTC 2016


commit b774796a7d1232b2e0d3a0257823456ccf5f56db
Author: Kathy Brade <brade at pearlcrescent.com>
Date:   Fri Dec 9 10:44:57 2016 -0500

    Bug 20121: Create Seatbelt profiles for Tor Browser
    
    Include Seatbelt profiles and associated scripts in our OS X packages.
    Users can find the files in a new folder named "Sandboxed Tor Browser",
    which also includes a README.txt file that explains how to use them.
---
 Bundle-Data/mac-applications.dmg/.DS_Store         | Bin 12292 -> 12292 bytes
 .../.background/background.png                     | Bin 50020 -> 49906 bytes
 Bundle-Data/mac-sandbox/.DS_Store                  | Bin 0 -> 6148 bytes
 Bundle-Data/mac-sandbox/README.txt                 |  29 +++++
 Bundle-Data/mac-sandbox/start-browser-with-sandbox |  24 ++++
 Bundle-Data/mac-sandbox/start-tor-with-sandbox     |  42 +++++++
 Bundle-Data/mac-sandbox/tb.sb                      | 126 +++++++++++++++++++++
 Bundle-Data/mac-sandbox/tor.sb                     |  64 +++++++++++
 gitian/descriptors/mac/gitian-bundle.yml           |   7 +-
 gitian/mkbundle-mac.sh                             |   5 +-
 10 files changed, 295 insertions(+), 2 deletions(-)

diff --git a/Bundle-Data/mac-applications.dmg/.DS_Store b/Bundle-Data/mac-applications.dmg/.DS_Store
index aeb3104..6eeec47 100644
Binary files a/Bundle-Data/mac-applications.dmg/.DS_Store and b/Bundle-Data/mac-applications.dmg/.DS_Store differ
diff --git a/Bundle-Data/mac-applications.dmg/.background/background.png b/Bundle-Data/mac-applications.dmg/.background/background.png
index 94e4584..a4358cf 100644
Binary files a/Bundle-Data/mac-applications.dmg/.background/background.png and b/Bundle-Data/mac-applications.dmg/.background/background.png differ
diff --git a/Bundle-Data/mac-sandbox/.DS_Store b/Bundle-Data/mac-sandbox/.DS_Store
new file mode 100644
index 0000000..6c49e24
Binary files /dev/null and b/Bundle-Data/mac-sandbox/.DS_Store differ
diff --git a/Bundle-Data/mac-sandbox/README.txt b/Bundle-Data/mac-sandbox/README.txt
new file mode 100644
index 0000000..47d6e5c
--- /dev/null
+++ b/Bundle-Data/mac-sandbox/README.txt
@@ -0,0 +1,29 @@
+Experimental Sandboxed Tor Browser for OS X
+
+Requirements:
+  Mac OS 10.9 or newer.
+  A willingness to run shell commands from Terminal.
+
+Follow these steps to use the sandbox profiles:
+
+1. Copy this folder ("Sandboxed Tor Browser") to a local drive, but do not
+   put it in /Applications.
+2. Copy the TorBrowser app into your "Sandboxed Tor Browser" folder.
+3. Open Terminal.
+4. Run start-tor-with-sandbox and wait for Tor bootstrapping to finish.
+5. Run start-browser-with-sandbox.
+
+Known Issues:
+
+You will need to manually kill start-tor-with-sandbox or the tor.real
+process after you exit the browser.
+
+The browser has full access to the Tor control port. Ideally, access
+would be limited to the things that are necessary for New Identity and
+for the circuit display features.
+
+Printing does not work.
+
+The built-in updater will not work.
+
+Files can only be downloaded or saved to ~/Downloads.
diff --git a/Bundle-Data/mac-sandbox/start-browser-with-sandbox b/Bundle-Data/mac-sandbox/start-browser-with-sandbox
new file mode 100755
index 0000000..31d4218
--- /dev/null
+++ b/Bundle-Data/mac-sandbox/start-browser-with-sandbox
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# TODO: assumes not in /Applications
+# TODO: assumes app is in TorBrowser.app
+
+BASEDIR="`dirname \"$0\"`"
+BASEDIR="`(cd \"$BASEDIR\" && pwd)`"
+TORBROWSER_APP_DIR="$BASEDIR/TorBrowser.app"
+TORBROWSER_DATA_DIR="$BASEDIR/TorBrowser-Data"
+TOR_DATA_DIR="$TORBROWSER_DATA_DIR/Tor"
+SOCKETDIR="/tmp/Tor"
+
+export TOR_SKIP_LAUNCH=1
+export TOR_CONTROL_IPC_PATH="$SOCKETDIR/control.socket"
+export TOR_SOCKS_IPC_PATH="$SOCKETDIR/socks.socket"
+export TOR_CONTROL_COOKIE_AUTH_FILE="$TOR_DATA_DIR/control_auth_cookie"
+SB_PROFILE="`pwd`/tb.sb"
+cd "$TORBROWSER_APP_DIR"
+sandbox-exec -f "$SB_PROFILE"							\
+	-D "HOME_DIR=$HOME"									\
+	-D "CURRENT_DIR=$BASEDIR"							\
+	-D "TORBROWSER_APP_DIR=$TORBROWSER_APP_DIR"			\
+	-D "TORBROWSER_DATA_DIR=$TORBROWSER_DATA_DIR"		\
+	"./Contents/MacOS/firefox"
diff --git a/Bundle-Data/mac-sandbox/start-tor-with-sandbox b/Bundle-Data/mac-sandbox/start-tor-with-sandbox
new file mode 100755
index 0000000..ec7f15e
--- /dev/null
+++ b/Bundle-Data/mac-sandbox/start-tor-with-sandbox
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# TODO: assumes not in /Applications
+# TODO: assumes /tmp/Tor is not used by anyone else.
+# TODO: assumes app is in TorBrowser.app
+
+set -e
+
+BASEDIR="`dirname \"$0\"`"
+BASEDIR="`(cd \"$BASEDIR\" && pwd)`"
+TOR_DATA_DIR="$BASEDIR/TorBrowser-Data/Tor"
+TOR_STATIC_DATA_DIR="$BASEDIR/TorBrowser.app/Contents/Resources/TorBrowser/Tor"
+TOR_BIN_DIR="$BASEDIR/TorBrowser.app/Contents/MacOS/Tor"
+TORRC="$TOR_DATA_DIR/torrc"
+SOCKETDIR="/tmp/Tor"
+
+# Compiled Python modules require a compatible Python, which means 32-bit 2.6.
+export VERSIONER_PYTHON_VERSION=2.6
+export DYLD_LIBRARY_PATH=.:$DYLD_LIBRARY_PATH
+
+mkdir -p "$TOR_DATA_DIR"
+if [ ! -e "$TORRC" ]; then
+	touch "$TORRC"
+fi
+
+if [ ! -e "$SOCKETDIR" ]; then
+	mkdir -p "$SOCKETDIR"
+	chmod 700 "$SOCKETDIR"
+fi
+
+TOR="$TOR_BIN_DIR/tor.real"
+sandbox-exec -f tor.sb -D "TOR_DATA_DIR=$TOR_DATA_DIR" \
+	-D "TOR_STATIC_DATA_DIR=$TOR_STATIC_DATA_DIR" \
+	-D "TOR_BIN_DIR=$TOR_BIN_DIR" "$TOR" \
+	--defaults-torrc "$TOR_STATIC_DATA_DIR/torrc-defaults" \
+	-f "$TORRC" \
+	CookieAuthentication 1 \
+	DataDirectory "$TOR_DATA_DIR" \
+	GeoIPFile "$TOR_STATIC_DATA_DIR/geoip" \
+	GeoIPv6File "$TOR_STATIC_DATA_DIR/geoip6" \
+	ControlPort "unix:$SOCKETDIR/control.socket" \
+	SocksPort "unix:$SOCKETDIR/socks.socket"
diff --git a/Bundle-Data/mac-sandbox/tb.sb b/Bundle-Data/mac-sandbox/tb.sb
new file mode 100644
index 0000000..eda7a1f
--- /dev/null
+++ b/Bundle-Data/mac-sandbox/tb.sb
@@ -0,0 +1,126 @@
+(version 1)
+
+;; Parameters:
+;;   HOME_DIR             the user's home directory
+;;   CURRENT_DIR          the current working directory
+;;   TORBROWSER_APP_DIR   the TorBrowser.app directory
+;;   TORBROWSER_DATA_DIR  the TorBrowser-Data directory
+
+;; TODO: can see all dirs but can download/save only in Downloads (no error reported though!)
+;; TODO: printing does not work (Save to PDF does).
+
+(deny default)
+
+(define (home-path aSubPath)
+    (path (string-append (param "HOME_DIR") aSubPath)))
+
+(define (home-subpath aSubPath)
+    (subpath (string-append (param "HOME_DIR") aSubPath)))
+
+(define (torbrowser-data-dir-path aSubPath)
+    (path (string-append (param "TORBROWSER_DATA_DIR") aSubPath)))
+
+(define (torbrowser-data-dir-subpath aSubPath)
+    (subpath (string-append (param "TORBROWSER_DATA_DIR") aSubPath)))
+
+(define (torbrowser-app-dir-path aSubPath)
+    (subpath (string-append (param "TORBROWSER_APP_DIR") aSubPath)))
+
+(allow file-read*
+       (path "/Library/Preferences/com.apple.HIToolbox.plist")
+       (path "/Library/Preferences/.GlobalPreferences.plist")
+       (path "/dev/random")
+       (path "/dev/urandom")
+       (path "/dev/dtracehelper")
+       (path "/private/etc/localtime")
+       (path "/private/etc/passwd")
+       (path "/private/tmp")
+       (path "/private/var/tmp")
+       (path (param "HOME_DIR"))
+       (subpath "/Library/Audio")
+       (subpath "/Library/Fonts")
+       (subpath "/System")
+       (subpath "/private/var/folders")
+       (subpath "/usr/share")
+       (home-subpath "/Downloads")
+       (home-subpath "/Library/Input Methods")
+       (home-subpath "/Library/Keyboard Layouts")
+       (home-subpath "/Library/Preferences")
+       (torbrowser-app-dir-path "")
+       (torbrowser-data-dir-path "")
+       (torbrowser-data-dir-subpath "/Browser")
+       (torbrowser-data-dir-path "/Tor/control_auth_cookie")
+)
+
+(allow file-read-metadata
+       (home-path "/Desktop")
+       (home-path "/Library")
+       (home-path "/Library/Saved Application State")
+       (path (param "CURRENT_DIR"))
+       (path "/")
+       (path "/Applications")
+       (path "/Users")
+       (path "/etc")
+       (path "/home")
+       (path "/net")
+       (path "/private/var/db/.AppleSetupDone")
+       (path "/tmp")
+       (path "/var")
+       (subpath "/usr/lib")
+       (torbrowser-data-dir-path "/Tor/control.socket")
+       (torbrowser-data-dir-path "/Tor/socks.socket")
+       (path-regex "/private/tmp/Tor[-0-9]*/control.socket")
+       (path-regex "/private/tmp/Tor[-0-9]*/socks.socket")
+)
+
+(allow file-write-data file-ioctl
+       (path "/dev/dtracehelper")
+)
+
+(allow file-write*
+       (home-subpath "/Downloads")
+       (home-path "/Library/Preferences/.GlobalPreferences.plist")
+       (torbrowser-data-dir-subpath "/Browser")
+       (subpath "/private/var/folders")
+       (path-regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/org.mozilla.tor"))
+       (path "/Library/Preferences/.GlobalPreferences.plist")
+)
+
+; Disallow writes to the profiles ini file.
+(deny file-write*
+       (torbrowser-data-dir-subpath "/Browser/profiles.ini")
+)
+
+(allow iokit-open)
+
+(allow ipc-posix-shm
+       (ipc-posix-name "apple.shm.notification_center")
+       (ipc-posix-name-regex "^/tmp/com.apple.csseed")
+       (ipc-posix-name-regex "^CFPBS:")
+       (ipc-posix-name-regex "^apple\.cfprefs\.")
+       (ipc-posix-name-regex "^apple\.shm\.cfprefs\.")
+       (ipc-posix-name-regex "^AudioIO")
+)
+
+(allow mach-lookup)
+
+(allow mach-register
+       (local-name "com.apple.CFPasteboardClient")
+       (local-name "com.apple.axserver")
+       (local-name "com.apple.coredrag")
+       (local-name "com.apple.tsm.portname")
+)
+
+(allow network-outbound
+       (path "/private/var/run/cupsd")
+       (torbrowser-data-dir-path "/Tor/control.socket")
+       (torbrowser-data-dir-path "/Tor/socks.socket")
+       (path-regex "/private/tmp/Tor[-0-9]*/control.socket")
+       (path-regex "/private/tmp/Tor[-0-9]*/socks.socket")
+)
+
+(allow process-exec*
+       (torbrowser-app-dir-path "/Contents/MacOS/firefox")
+)
+
+(allow sysctl-read)
diff --git a/Bundle-Data/mac-sandbox/tor.sb b/Bundle-Data/mac-sandbox/tor.sb
new file mode 100644
index 0000000..40abc9c
--- /dev/null
+++ b/Bundle-Data/mac-sandbox/tor.sb
@@ -0,0 +1,64 @@
+(version 1)
+
+;; Parameters:
+;;   TOR_DATA_DIR         directory that contains writeable config, e.g, torrc
+;;   TOR_STATIC_DATA_DIR  directory for read-only config, e.g., torrc-defaults
+;;   TOR_BIN_DIR          directory that contains tor binaries, e.g., tor.real
+
+(deny default)
+
+(allow file-read* file-write-data file-ioctl
+       (path "/dev/dtracehelper")
+)
+
+(allow file-read*
+       (subpath (param "TOR_BIN_DIR"))
+       (subpath "/usr/local")
+       (subpath (param "TOR_DATA_DIR"))
+       (subpath (param "TOR_STATIC_DATA_DIR"))
+       (subpath (param "TOR_BIN_DIR"))
+       (path-regex "/private/tmp/Tor[-0-9]*")
+)
+
+(allow file-read-data
+       (path "/dev/random")
+       (path "/dev/srandom")
+       (path "/dev/urandom")
+       (subpath "/usr/share")
+)
+
+(allow file-read-metadata
+       (path "/etc")
+       (path "/private/etc/localtime")
+       (path "/tmp")
+       (subpath "/usr/lib")
+)
+
+(allow file-write*
+       (subpath (param "TOR_DATA_DIR"))
+)
+
+(allow ipc-posix-shm-read-data
+       (ipc-posix-name "apple.shm.notification_center")
+)
+
+(allow mach-lookup
+       (global-name "com.apple.system.notification_center")
+)
+
+(allow network-inbound file-write*
+       (path (string-append (param "TOR_DATA_DIR") "/control.socket"))
+       (path (string-append (param "TOR_DATA_DIR") "/socks.socket"))
+       (path-regex "/private/tmp/Tor[-0-9]*/control.socket")
+       (path-regex "/private/tmp/Tor[-0-9]*/socks.socket")
+)
+
+(allow network-outbound
+       (remote tcp "*:*")
+)
+
+(allow process-exec
+       (path (string-append (param "TOR_BIN_DIR") "/tor.real"))
+)
+
+(allow sysctl-read)
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index 4f12174..571c6e0 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -47,6 +47,7 @@ files:
 - "mac-skeleton.zip"
 - "dmg-applications.tar.xz"
 - "dmg-desktop.tar.xz"
+- "mac-sandbox.tar.xz"
 - "mac-langpacks.zip"
 - "noscript at noscript.net.xpi"
 - "dzip.sh"
@@ -216,7 +217,11 @@ script: |
   cd ../../dmg
   # FIXME: Desktop or Application as dest?
   tar -Jxvf ~/build/dmg-applications.tar.xz
-  cd ..
+  SANDBOX_FOLDER="Sandboxed Tor Browser"
+  mkdir "$SANDBOX_FOLDER"
+  cd "$SANDBOX_FOLDER"
+  tar -Jxvf ~/build/mac-sandbox.tar.xz
+  cd ../..
   #
   pushd $TORBROWSER_NAME.app/Contents/Resources/browser/
   # For the proper search engines in our language packs
diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh
index eaec986..16140b1 100755
--- a/gitian/mkbundle-mac.sh
+++ b/gitian/mkbundle-mac.sh
@@ -97,8 +97,11 @@ cd mac-desktop.dmg
 rm -f $GITIAN_DIR/inputs/dmg-desktop.tar.xz
 $WRAPPER_DIR/build-helpers/dtar.sh $GITIAN_DIR/inputs/dmg-desktop.tar.xz .
 cd ../mac-applications.dmg
-rm -f $GITIAN_DIR/inputs/dmg-applications.tar-gz
+rm -f $GITIAN_DIR/inputs/dmg-applications.tar.xz
 $WRAPPER_DIR/build-helpers/dtar.sh $GITIAN_DIR/inputs/dmg-applications.tar.xz .
+cd ../mac-sandbox
+rm -f $GITIAN_DIR/inputs/mac-sandbox.tar.xz
+$WRAPPER_DIR/build-helpers/dtar.sh $GITIAN_DIR/inputs/mac-sandbox.tar.xz
 
 cd $WRAPPER_DIR
 



More information about the tbb-commits mailing list