[or-cvs] [torbrowser/master] sandboxes for 10.5 & polipo + cleanup
erinn at torproject.org
erinn at torproject.org
Thu Oct 21 07:37:14 UTC 2010
Author: travis armstrong <andreas at romab.com>
Date: Thu, 21 Oct 2010 09:28:15 +0200
Subject: sandboxes for 10.5 & polipo + cleanup
Commit: cb41727becbc47346e4ab1da82ca154f9eae8843
---
src/osx-sandboxes/firefox-sandbox/firefox-bin | 95 +++++++++++++++++++
src/osx-sandboxes/firefox-sandbox/tbb-ff-10.5.sb | 104 +++++++++++++++++++++
src/osx-sandboxes/firefox-sandbox/tbb-ff.sb | 31 ++++++-
src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb | 96 -------------------
src/osx-sandboxes/firefox-sandbox/tor-work.sb | 82 ----------------
src/osx-sandboxes/firefox-sandbox/tor.sb | 82 ----------------
src/osx-sandboxes/polipo-sandbox/polipo | 70 ++++++++++++++
src/osx-sandboxes/polipo-sandbox/polipo-10.5.sb | 70 ++++++++++++++
src/osx-sandboxes/polipo-sandbox/polipo.sb | 71 ++++++++++++++
src/osx-sandboxes/tor-sandbox/tor | 48 ++++++++--
src/osx-sandboxes/tor-sandbox/tor-bin.sb | 66 -------------
src/osx-sandboxes/tor-sandbox/tor-enforce-10.5.sb | 95 +++++++++++++++++++
src/osx-sandboxes/tor-sandbox/tor-enforce.sb | 29 ++++++
13 files changed, 601 insertions(+), 338 deletions(-)
create mode 100755 src/osx-sandboxes/firefox-sandbox/firefox-bin
create mode 100755 src/osx-sandboxes/firefox-sandbox/tbb-ff-10.5.sb
delete mode 100644 src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb
delete mode 100644 src/osx-sandboxes/firefox-sandbox/tor-work.sb
delete mode 100644 src/osx-sandboxes/firefox-sandbox/tor.sb
create mode 100755 src/osx-sandboxes/polipo-sandbox/polipo
create mode 100755 src/osx-sandboxes/polipo-sandbox/polipo-10.5.sb
create mode 100644 src/osx-sandboxes/polipo-sandbox/polipo.sb
delete mode 100644 src/osx-sandboxes/tor-sandbox/tor-bin.sb
create mode 100755 src/osx-sandboxes/tor-sandbox/tor-enforce-10.5.sb
diff --git a/src/osx-sandboxes/firefox-sandbox/firefox-bin b/src/osx-sandboxes/firefox-sandbox/firefox-bin
new file mode 100755
index 0000000..e86d99e
--- /dev/null
+++ b/src/osx-sandboxes/firefox-sandbox/firefox-bin
@@ -0,0 +1,95 @@
+#!/bin/bash
+# Startup script, MacOSX Sandbox profile for bundled firefox.
+#
+# Copyright 2010 Robert Malmgren AB. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification, are
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this list of
+# conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice, this list
+# of conditions and the following disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+# FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# The views and conclusions contained in the software and documentation are those of the
+# authors and should not be interpreted as representing official policies, either expressed
+# or implied, of Robert Malmgren AB.
+# written by andreas at romab.com
+
+# tbb launchit script.
+# this script launches firefox within the macosx sandbox.
+# as we do not know where the user will install the tbb, we need
+# to do some search and replace.
+#
+# Also, we will need to accept arguments comming from vidalia.
+#
+SW_VERS=/usr/bin/sw_vers
+CUT=/usr/bin/cut
+LSOF=/usr/sbin/lsof
+AWK=/usr/bin/awk
+TAIL=/usr/bin/tail
+SED=/usr/bin/sed
+
+#find out osx version.
+
+VERSION=`$SW_VERS -productVersion| $CUT -f1,2 -d .`
+DIR=`$LSOF -p $$|$TAIL -1| $AWK '{ print $NF }' | $SED s/[^/]*$//`
+FDIR=`echo $DIR | $SED -e 's/\/$//g'`
+FIREFOX_DIR=`echo $DIR |$SED -e 's/\/$//g' | $SED -e 's=/Contents/MacOS$=='`
+LIBRARY_DIR=`echo $FIREFOX_DIR | $SED -e 's=/Contents/MacOS/Firefox.app$=/Library=g'`
+WORKING_DIR=`echo $LIBRARY_DIR | $SED -e 's=Library==g'| $SED -e 's/\/$//g'`
+#remove slash at the end of line
+TMPDIR=`echo $TMPDIR | $SED -e 's/\/$//g'`
+
+if [ "$VERSION"x = "10.6"x ]; then
+ #we know we use 10.6 fix the sandbox, do some search and replace
+ #and find current dir and the rebuild the sandbox
+
+ #determine current dir.
+ #nuke the old sandbox
+ echo > $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ $SED -e "s=FIREFOXDIR=$FIREFOX_DIR=g" -e "s=LIBRARYDIR=$LIBRARY_DIR=g" -e "s=TMPDIR=$TMPDIR=g" $FIREFOX_DIR/Contents/MacOS/sandbox/tbb-ff.sb >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ while [ "$DIR" != "/" ]; do
+ DIR=`echo $DIR | $SED s/[^/]*$//`
+ #strip slash at end
+ if [ "$DIR" != "/" ]; then
+ DIR=`echo $DIR | $SED -e 's/\/$//g'`
+ fi
+ echo "(allow file-read-metadata (literal \"$DIR\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ done
+ echo "(allow file-read-data (literal \"$WORKING_DIR\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ echo "(allow file-read-data (literal \"$WORKING_DIR/Contents/MacOS\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ echo "(allow file-read-data (literal \"$WORKING_DIR/Contents\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ # TMPDIR, FIREFOX DIR is all we need to replace.
+ /usr/bin/sandbox-exec -f $FDIR/sandbox/tor-sandbox.sb ${FDIR}/firefox-bin2 -no-remote -profile $LIBRARY_DIR/Application\ Support/Firefox/Profiles/profile
+fi
+
+if [ "$VERSION"x = "10.5"x ]; then
+ #nuke old sandbox
+ echo > $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ $SED -e "s=FIREFOXDIR=$FIREFOX_DIR=g" -e "s=LIBRARYDIR=$LIBRARY_DIR=g" -e "s=TMPDIR=$TMPDIR=g" $FIREFOX_DIR/Contents/MacOS/sandbox/tbb-ff-10.5.sb >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ while [ "$DIR" != "/" ]; do
+ DIR=`echo $DIR | $SED s/[^/]*$//`
+ #strip slash at end
+ if [ "$DIR" != "/" ]; then
+ DIR=`echo $DIR | $SED -e 's/\/$//g'`
+ fi
+ echo "(allow file-read-metadata (literal \"$DIR\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ done
+ echo "(allow file-read-data (literal \"$WORKING_DIR\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ echo "(allow file-read-data (literal \"$WORKING_DIR/Contents/MacOS\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ echo "(allow file-read-data (literal \"$WORKING_DIR/Contents\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
+ /usr/bin/sandbox-exec -f $FDIR/sandbox/tor-sandbox.sb ${FDIR}/firefox-bin2 -no-remote -profile $LIBRARY_DIR/Application\ Support/Firefox/Profiles/profile
+fi
diff --git a/src/osx-sandboxes/firefox-sandbox/tbb-ff-10.5.sb b/src/osx-sandboxes/firefox-sandbox/tbb-ff-10.5.sb
new file mode 100755
index 0000000..82b186a
--- /dev/null
+++ b/src/osx-sandboxes/firefox-sandbox/tbb-ff-10.5.sb
@@ -0,0 +1,104 @@
+;; MacOSX Sandbox profile for bundled firefox
+;;
+;; Copyright 2010 Robert Malmgren AB. All rights reserved.
+;;
+;; Redistribution and use in source and binary forms, with or without modification, are
+;; permitted provided that the following conditions are met:
+;;
+;; 1. Redistributions of source code must retain the above copyright notice, this list of
+;; conditions and the following disclaimer.
+;;
+;; 2. Redistributions in binary form must reproduce the above copyright notice, this list
+;; of conditions and the following disclaimer in the documentation and/or other materials
+;; provided with the distribution.
+;;
+;; THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
+;; WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+;; FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
+;; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+;; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+;; ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+;; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+;; ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+;;
+;; The views and conclusions contained in the software and documentation are those of the
+;; authors and should not be interpreted as representing official policies, either expressed
+;; or implied, of Robert Malmgren AB.
+;;
+;; Written by andreas at romab.com
+(version 1)
+
+(deny default)
+; help with debug.
+(debug deny)
+
+(allow network-outbound)
+(allow file-read-data file-read-metadata
+ (literal "/Library/Preferences/com.apple.HIToolbox.plist")
+ (literal "/Library/Preferences/.GlobalPreferences.plist")
+ (regex "^FIREFOXDIR/Contents/.*")
+ (literal "FIREFOXDIR/Contents")
+ (regex "^LIBRARYDIR/Application Support/Firefox/Profiles/profile/.*")
+ (literal "LIBRARYDIR/Application Support/Firefox/Profiles/profile")
+ (regex "^/System/.*")
+; (regex "^TMPDIR/.*") ;; macosx shellenv.
+ (regex "^/usr/lib/.*")
+ (literal "/private/etc/passwd")
+ (regex "^/Library/Fonts/.*")
+ (literal "/dev/null")
+ (regex "^/usr/share/.*")
+ (literal "/dev/urandom"))
+
+
+(allow file-read-data
+ (literal "FIREFOXDIR")
+ (literal "/dev/dtracehelper"))
+
+(allow file-read-metadata
+ (literal "/")
+ (literal "FIREFOXDIR")
+ (literal "LIBRARYDIR/Application Support/Firefox/Profiles")
+ (literal "LIBRARYDIR/Application Support/Firefox")
+ (literal "LIBRARYDIR/Application Support")
+ (literal "LIBRARYDIR")
+ (literal "/etc")
+ (literal "/var")
+ (literal "/tmp")
+ (literal "/private/tmp")
+ (literal "/private/var/tmp")
+ (literal "/private/etc/localtime"))
+
+(allow file-write* (regex "^LIBRARYDIR/Application Support/Firefox/Profiles/profile/.*"))
+
+(allow file-write-data
+; (regex "^TMPDIR/.*") ;; macosx shellenv, we will fix this later
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.CoreServices.coreservicesd")
+ (global-name "com.apple.SecurityServer")
+ (global-name "com.apple.SystemConfiguration.configd")
+ (global-name "com.apple.distributed_notifications.2")
+ (global-name "com.apple.dock.server")
+ (global-name "com.apple.system.DirectoryService.libinfo_v1")
+ (global-name "com.apple.system.DirectoryService.membership_v1")
+ (global-name "com.apple.system.logger")
+ (global-name "com.apple.system.notification_center")
+ (global-name "com.apple.FontObjectsServer")
+ (global-name "com.apple.FontServer")
+ (global-name "com.apple.pasteboard.1")
+ (global-name "com.apple.windowserver.active")
+ (global-name "com.apple.tsm.uiserver")
+ (global-name "com.apple.DiskArbitration.diskarbitrationd")
+ (global-name "com.apple.windowserver.session"))
+
+(allow process-exec
+ ;; netstat needed for entropy. part of lib_nss.
+ (literal "/usr/sbin/netstat")
+ (literal "FIREFOXDIR/Contents/MacOS/firefox-bin2"))
+(allow process-fork)
+
+(allow sysctl-read)
diff --git a/src/osx-sandboxes/firefox-sandbox/tbb-ff.sb b/src/osx-sandboxes/firefox-sandbox/tbb-ff.sb
index e252166..75062e0 100644
--- a/src/osx-sandboxes/firefox-sandbox/tbb-ff.sb
+++ b/src/osx-sandboxes/firefox-sandbox/tbb-ff.sb
@@ -1,10 +1,38 @@
+;; MacOSX Sandbox profile for bundled firefox
+;;
+;; Copyright 2010 Robert Malmgren AB. All rights reserved.
+;;
+;; Redistribution and use in source and binary forms, with or without modification, are
+;; permitted provided that the following conditions are met:
+;;
+;; 1. Redistributions of source code must retain the above copyright notice, this list of
+;; conditions and the following disclaimer.
+;;
+;; 2. Redistributions in binary form must reproduce the above copyright notice, this list
+;; of conditions and the following disclaimer in the documentation and/or other materials
+;; provided with the distribution.
+;;
+;; THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
+;; WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+;; FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
+;; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+;; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+;; ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+;; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+;; ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+;;
+;; The views and conclusions contained in the software and documentation are those of the
+;; authors and should not be interpreted as representing official policies, either expressed
+;; or implied, of Robert Malmgren AB.
+;;
+;; Written by andreas at romab.com
(version 1)
(deny default)
; help with debug.
(deny file-read-metadata (subpath "/Applications") (with no-log))
(deny file-read-metadata (subpath "/Developer") (with no-log))
-(deny file-read-metadata (subpath "/Users/andreas/Library") (with no-log))
(allow file-ioctl
(literal "/dev/urandom")
@@ -28,7 +56,6 @@
(allow file-read-data
(literal "FIREFOXDIR")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app")
(literal "/dev/dtracehelper"))
(allow file-read-metadata
diff --git a/src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb b/src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb
deleted file mode 100644
index 51d0658..0000000
--- a/src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb
+++ /dev/null
@@ -1,96 +0,0 @@
-
-(version 1)
-
-(deny default)
-; help with debug.
-(deny file-read-metadata (subpath "/Applications") (with no-log))
-(deny file-read-metadata (subpath "/Developer") (with no-log))
-(deny file-read-metadata (subpath "/Users/andreas/Library") (with no-log))
-
-(allow file-ioctl
- (literal "/dev/urandom")
- (literal "/dev/dtracehelper"))
-(allow network-outbound
- (remote tcp "localhost:8118"))
-(allow file-read-data file-read-metadata
- (literal "/Library/Preferences/com.apple.HIToolbox.plist")
- (literal "/Library/Preferences/.GlobalPreferences.plist")
- (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents")
- (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile")
- (subpath "/System")
- (subpath "/var/folders/om/omS0C5yXH1ynktSqdi9Et++++yY/-Tmp-") ;; macosx shellenv.
- (subpath "/usr/lib")
- (literal "/private/etc/passwd")
- (subpath "/Library/Fonts")
- (literal "/dev/null")
- (subpath "/usr/share")
- (literal "/dev/urandom"))
-
-
-(allow file-read-data
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app")
- (literal "/dev/dtracehelper"))
-
-(allow file-read-metadata
- (literal "/")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library")
- (literal "/etc")
- (literal "/var")
- (literal "/tmp")
- (literal "/private/tmp")
- (literal "/private/var/tmp")
- (literal "/private/etc/localtime"))
-
-(allow file-write* (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile"))
-
-(allow file-write-data
- (subpath "/var/folders/om/omS0C5yXH1ynktSqdi9Et++++yY/-Tmp-") ;; macosx shellenv, we will fix this later
- (literal "/dev/dtracehelper"))
-
-(allow ipc-posix-shm)
-
-(allow mach-lookup
- (global-name "com.apple.CoreServices.coreservicesd")
- (global-name "com.apple.SecurityServer")
- (global-name "com.apple.SystemConfiguration.configd")
- (global-name "com.apple.distributed_notifications.2")
- (global-name "com.apple.dock.server")
- (global-name "com.apple.system.DirectoryService.libinfo_v1")
- (global-name "com.apple.system.DirectoryService.membership_v1")
- (global-name "com.apple.system.logger")
- (global-name "com.apple.system.notification_center")
- (global-name "com.apple.FontObjectsServer")
- (global-name "com.apple.FontServer")
- (global-name "com.apple.pasteboard.1")
- (global-name "com.apple.windowserver.active")
- (global-name "com.apple.tsm.uiserver")
- (global-name "com.apple.windowserver.session"))
-
-(allow process-exec
- ;; netstat needed for entropy. part of lib_nss.
- (literal "/usr/sbin/netstat")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents/MacOS/firefox-bin2"))
-(allow process-fork)
-
-(allow sysctl-read)
-
-(allow system-socket)
-(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents/MacOS"))
-(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents"))
-(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app"))
-(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS"))
-(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents"))
-(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app"))
-(allow file-read-metadata (literal "/Users/andreas/Downloads/tor"))
-(allow file-read-metadata (literal "/Users/andreas/Downloads"))
-(allow file-read-metadata (literal "/Users/andreas"))
-(allow file-read-metadata (literal "/Users"))
-(allow file-read-metadata (literal "/"))
-(allow file-read-data (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app"))
-(allow file-read-data (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS"))
-(allow file-read-data (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents"))
diff --git a/src/osx-sandboxes/firefox-sandbox/tor-work.sb b/src/osx-sandboxes/firefox-sandbox/tor-work.sb
deleted file mode 100644
index 55fd08b..0000000
--- a/src/osx-sandboxes/firefox-sandbox/tor-work.sb
+++ /dev/null
@@ -1,82 +0,0 @@
-(version 1)
-
-(deny default)
-; help with debug.
-(deny file-read-metadata (subpath "/Applications") (with no-log))
-(deny file-read-metadata (subpath "/Developer") (with no-log))
-(deny file-read-metadata (subpath "/Users/andreas/Library") (with no-log))
-
-(allow file-ioctl
- (literal "/dev/urandom")
- (literal "/dev/dtracehelper"))
-(allow network-outbound
- (remote tcp "localhost:8118"))
-(allow file-read-data file-read-metadata
- (literal "/Library/Preferences/com.apple.HIToolbox.plist")
- (literal "/Library/Preferences/.GlobalPreferences.plist")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app")
- (subpath "FIREFOXDIR/Contents")
- (subpath "LIBRARYDIR/Application Support/Firefox/Profiles/profile")
- (subpath "/System")
- (subpath "$TMPDIR") ;; $TMPDIR, we will fix this later
- (subpath "/usr/lib")
- (literal "/private/etc/passwd")
- (subpath "/Library/Fonts")
- (literal "/dev/null")
- (subpath "/usr/share")
- (literal "/dev/urandom"))
-
-
-(allow file-read-data
- (literal "FIREFOXDIR")
- (literal "/dev/dtracehelper"))
-
-(allow file-read-metadata
- (literal "/")
- (literal "/Users")
- (literal "/Users/andreas")
- (literal "/Users/andreas/Downloads")
- (literal "/Users/andreas/Downloads/tor")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS")
- (literal "FIREFOXDIR")
- (literal "/etc")
- (literal "/var")
- (literal "/tmp")
- (literal "/private/var/tmp")
- (literal "/private/etc/localtime"))
-
-(allow file-write-data
- (literal "LIBRARYDIR/Application Support/Firefox/Profiles/profile/.parentlock")
- (subpath "TMPDIR") ;; $TMPDIR, we will fix this later
- (subpath "LIBRARYDIR/Application Support/Firefox/Profiles/profile")
- (literal "/dev/dtracehelper"))
-
-(allow ipc-posix-shm)
-
-(allow mach-lookup
- (global-name "com.apple.CoreServices.coreservicesd")
- (global-name "com.apple.SecurityServer")
- (global-name "com.apple.SystemConfiguration.configd")
- (global-name "com.apple.distributed_notifications.2")
- (global-name "com.apple.dock.server")
- (global-name "com.apple.system.DirectoryService.libinfo_v1")
- (global-name "com.apple.system.DirectoryService.membership_v1")
- (global-name "com.apple.system.logger")
- (global-name "com.apple.system.notification_center")
- (global-name "com.apple.FontObjectsServer")
- (global-name "com.apple.FontServer")
- (global-name "com.apple.pasteboard.1")
- (global-name "com.apple.windowserver.active")
- (global-name "com.apple.tsm.uiserver")
- (global-name "com.apple.windowserver.session"))
-
-(allow process-exec
- ;; netstat needed for entropy. part of lib_nss.
- (literal "/usr/sbin/netstat")
- (literal "FIREFOXDIR/Contents/MacOS/firefox-bin"))
-(allow process-fork)
-
-(allow sysctl-read)
-
-(allow system-socket)
diff --git a/src/osx-sandboxes/firefox-sandbox/tor.sb b/src/osx-sandboxes/firefox-sandbox/tor.sb
deleted file mode 100644
index e656a9c..0000000
--- a/src/osx-sandboxes/firefox-sandbox/tor.sb
+++ /dev/null
@@ -1,82 +0,0 @@
-(version 1)
-
-(deny default)
-; help with debug.
-(deny file-read-metadata (subpath "/Applications") (with no-log))
-(deny file-read-metadata (subpath "/Developer") (with no-log))
-(deny file-read-metadata (subpath "/Users/andreas/Library") (with no-log))
-
-(allow file-ioctl
- (literal "/dev/urandom")
- (literal "/dev/dtracehelper"))
-(allow network-outbound
- (remote tcp "localhost:8118"))
-(allow file-read-data file-read-metadata
- (literal "/Library/Preferences/com.apple.HIToolbox.plist")
- (literal "/Library/Preferences/.GlobalPreferences.plist")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app")
- (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents")
- (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile")
- (subpath "/System")
- (subpath "/private/var/folders") ;; $TMPDIR, we will fix this later
- (subpath "/usr/lib")
- (literal "/private/etc/passwd")
- (subpath "/Library/Fonts")
- (literal "/dev/null")
- (subpath "/usr/share")
- (literal "/dev/urandom"))
-
-
-(allow file-read-data
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app")
- (literal "/dev/dtracehelper"))
-
-(allow file-read-metadata
- (literal "/")
- (literal "/Users")
- (literal "/Users/andreas")
- (literal "/Users/andreas/Downloads")
- (literal "/Users/andreas/Downloads/tor")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app")
- (literal "/etc")
- (literal "/var")
- (literal "/tmp")
- (literal "/private/var/tmp")
- (literal "/private/etc/localtime"))
-
-(allow file-write-data
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile/.parentlock")
- (subpath "/private/var/folders") ;; $TMPDIR, we will fix this later
- (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile")
- (literal "/dev/dtracehelper"))
-
-(allow ipc-posix-shm)
-
-(allow mach-lookup
- (global-name "com.apple.CoreServices.coreservicesd")
- (global-name "com.apple.SecurityServer")
- (global-name "com.apple.SystemConfiguration.configd")
- (global-name "com.apple.distributed_notifications.2")
- (global-name "com.apple.dock.server")
- (global-name "com.apple.system.DirectoryService.libinfo_v1")
- (global-name "com.apple.system.DirectoryService.membership_v1")
- (global-name "com.apple.system.logger")
- (global-name "com.apple.system.notification_center")
- (global-name "com.apple.FontObjectsServer")
- (global-name "com.apple.FontServer")
- (global-name "com.apple.pasteboard.1")
- (global-name "com.apple.windowserver.active")
- (global-name "com.apple.tsm.uiserver")
- (global-name "com.apple.windowserver.session"))
-
-(allow process-exec
- ;; netstat needed for entropy. part of lib_nss.
- (literal "/usr/sbin/netstat")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents/MacOS/firefox-bin"))
-(allow process-fork)
-
-(allow sysctl-read)
-
-(allow system-socket)
diff --git a/src/osx-sandboxes/polipo-sandbox/polipo b/src/osx-sandboxes/polipo-sandbox/polipo
new file mode 100755
index 0000000..8ae61dc
--- /dev/null
+++ b/src/osx-sandboxes/polipo-sandbox/polipo
@@ -0,0 +1,70 @@
+#!/bin/bash
+# Startup script, MacOSX Sandbox profile for tor
+#
+# Copyright 2010 Robert Malmgren AB. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification, are
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this list of
+# conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice, this list
+# of conditions and the following disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+# FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# The views and conclusions contained in the software and documentation are those of the
+# authors and should not be interpreted as representing official policies, either expressed
+# or implied, of Robert Malmgren AB.
+# written by andreas at romab.com
+
+# tbb launchit script.
+# this script launches polipo within the macosx sandbox.
+# as we do not know where the user will install the tbb, we need
+# to do some search and replace.
+#
+# Also, we will need to accept arguments comming from vidalia.
+#
+SW_VERS=/usr/bin/sw_vers
+CUT=/usr/bin/cut
+LSOF=/usr/sbin/lsof
+AWK=/usr/bin/awk
+TAIL=/usr/bin/tail
+SED=/usr/bin/sed
+
+#find out osx version.
+
+VERSION=`$SW_VERS -productVersion| $CUT -f1,2 -d .`
+DIR=`$LSOF -p $$|$TAIL -1| $AWK '{ print $NF }' | $SED s/[^/]*$//`
+TDIR=`echo $DIR| $SED -e 's=Contents/MacOS/==g'`
+TORAPPDIR=`echo $TDIR | $SED -e 's/\/$//g'`
+
+if [ "$VERSION"x = "10.6"x ]; then
+ #we know we use 10.6 fix the sandbox, do some search and replace
+ #and find current dir and the rebuild the sandbox
+
+ #determine current dir.
+ #nuke the old sandbox
+ echo > $DIR/polipo-sandbox/polipo-bin.sb
+ #fix some stuff in the sandbox
+ $SED -e "s=POLIPODIR=$TORAPPDIR=g" $DIR/polipo-sandbox/polipo.sb >> $DIR/polipo-sandbox/polipo-bin.sb
+ /usr/bin/sandbox-exec -f $DIR/polipo-sandbox/polipo-bin.sb ${DIR}/polipo-bin $@
+fi
+
+if [ "$VERSION"x = "10.5"x ]; then
+ #10.5 use the policy written for 10.5
+ #nuke the old sandbox
+ echo > $DIR/polipo-sandbox/polipo-bin.sb
+ $SED -e "s=POLIPODIR=$TORAPPDIR=g" $DIR/polipo-sandbox/polipo-10.5.sb >> $DIR/polipo-sandbox/polipo-bin.sb
+ /usr/bin/sandbox-exec -f $DIR/polipo-sandbox/polipo-bin.sb ${DIR}/polipo-bin $@
+fi
diff --git a/src/osx-sandboxes/polipo-sandbox/polipo-10.5.sb b/src/osx-sandboxes/polipo-sandbox/polipo-10.5.sb
new file mode 100755
index 0000000..a1bf44e
--- /dev/null
+++ b/src/osx-sandboxes/polipo-sandbox/polipo-10.5.sb
@@ -0,0 +1,70 @@
+;; MacOSX Sandbox profile for bundled polipo
+;;
+;; Copyright 2010 Robert Malmgren AB. All rights reserved.
+;;
+;; Redistribution and use in source and binary forms, with or without modification, are
+;; permitted provided that the following conditions are met:
+;;
+;; 1. Redistributions of source code must retain the above copyright notice, this list of
+;; conditions and the following disclaimer.
+;;
+;; 2. Redistributions in binary form must reproduce the above copyright notice, this list
+;; of conditions and the following disclaimer in the documentation and/or other materials
+;; provided with the distribution.
+;;
+;; THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
+;; WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+;; FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
+;; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+;; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+;; ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+;; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+;; ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+;;
+;; The views and conclusions contained in the software and documentation are those of the
+;; authors and should not be interpreted as representing official policies, either expressed
+;; or implied, of Robert Malmgren AB.
+;;
+;; Written by andreas at romab.com
+(version 1)
+
+(deny default)
+(debug deny)
+
+(allow file-read-data
+ (literal "POLIPODIR/Contents/Resources/Data/Polipo/polipo.conf")
+ (literal "/dev/dtracehelper")
+ (literal "/dev/null")
+ (literal "/dev/urandom")
+ (literal "/private/var/run/resolv.conf")
+ (regex "^/usr/share/.*"))
+
+(allow file-read-metadata
+ (literal "/etc")
+ (literal "/private/etc/localtime")
+ (literal "/private/etc/resolv.conf")
+ (literal "/var")
+ (regex "^/usr/lib/*"))
+
+(allow file-write-data
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.system.DirectoryService.libinfo_v1")
+ (global-name "com.apple.system.DirectoryService.membership_v1")
+ (global-name "com.apple.system.notification_center"))
+
+(allow network-inbound)
+ ; doesnt work for some reason.
+ ;(to tcp "localhost:8118"))
+
+(allow network-outbound
+ (to tcp "localhost:9050"))
+
+(allow process-exec
+ (literal "POLIPODIR/Contents/MacOS/polipo-bin"))
+
+(allow sysctl-read)
diff --git a/src/osx-sandboxes/polipo-sandbox/polipo.sb b/src/osx-sandboxes/polipo-sandbox/polipo.sb
new file mode 100644
index 0000000..3676c8e
--- /dev/null
+++ b/src/osx-sandboxes/polipo-sandbox/polipo.sb
@@ -0,0 +1,71 @@
+;; MacOSX Sandbox profile for bundled polipo
+;;
+;; Copyright 2010 Robert Malmgren AB. All rights reserved.
+;;
+;; Redistribution and use in source and binary forms, with or without modification, are
+;; permitted provided that the following conditions are met:
+;;
+;; 1. Redistributions of source code must retain the above copyright notice, this list of
+;; conditions and the following disclaimer.
+;;
+;; 2. Redistributions in binary form must reproduce the above copyright notice, this list
+;; of conditions and the following disclaimer in the documentation and/or other materials
+;; provided with the distribution.
+;;
+;; THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
+;; WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+;; FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
+;; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+;; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+;; ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+;; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+;; ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+;;
+;; The views and conclusions contained in the software and documentation are those of the
+;; authors and should not be interpreted as representing official policies, either expressed
+;; or implied, of Robert Malmgren AB.
+;;
+;; Written by andreas at romab.com
+(version 1)
+
+(deny default)
+
+(allow file-ioctl
+ (literal "/dev/dtracehelper"))
+
+(allow file-read-data
+ (literal "POLIPODIR/Contents/Resources/Data/Polipo/polipo.conf")
+ (literal "/dev/dtracehelper")
+ (literal "/dev/null")
+ (literal "/dev/urandom")
+ (literal "/private/var/run/resolv.conf")
+ (subpath "/usr/share"))
+
+(allow file-read-metadata
+ (literal "/etc")
+ (literal "/private/etc/localtime")
+ (literal "/private/etc/resolv.conf")
+ (literal "/var")
+ (subpath "/usr/lib"))
+
+(allow file-write-data
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.system.DirectoryService.libinfo_v1")
+ (global-name "com.apple.system.DirectoryService.membership_v1")
+ (global-name "com.apple.system.notification_center"))
+
+(allow network-inbound
+ (local tcp "localhost:8118"))
+
+(allow network-outbound
+ (remote tcp "localhost:9050"))
+
+(allow process-exec
+ (literal "POLIPODIR/Contents/MacOS/polipo-bin"))
+
+(allow sysctl-read)
diff --git a/src/osx-sandboxes/tor-sandbox/tor b/src/osx-sandboxes/tor-sandbox/tor
index a1570b1..7b6e3a7 100755
--- a/src/osx-sandboxes/tor-sandbox/tor
+++ b/src/osx-sandboxes/tor-sandbox/tor
@@ -1,4 +1,33 @@
#!/bin/bash
+# Startup script, MacOSX Sandbox profile for tor
+#
+# Copyright 2010 Robert Malmgren AB. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification, are
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this list of
+# conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice, this list
+# of conditions and the following disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+# FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# The views and conclusions contained in the software and documentation are those of the
+# authors and should not be interpreted as representing official policies, either expressed
+# or implied, of Robert Malmgren AB.
+# written by andreas at romab.com
+
# tbb launchit script.
# this script launches tor within the macosx sandbox.
# as we do not know where the user will install the tbb, we need
@@ -16,15 +45,14 @@ SED=/usr/bin/sed
#find out osx version.
VERSION=`$SW_VERS -productVersion| $CUT -f1,2 -d .`
+#determine current dir.
+DIR=`$LSOF -p $$|$TAIL -1| $AWK '{ print $NF }' | $SED s/[^/]*$//`
+TDIR=`echo $DIR| $SED -e 's=Contents/MacOS/==g'`
+TORAPPDIR=`echo $TDIR | $SED -e 's/\/$//g'`
if [ "$VERSION"x = "10.6"x ]; then
#we know we use 10.6 fix the sandbox, do some search and replace
#and find current dir and the rebuild the sandbox
-
- #determine current dir.
- DIR=`$LSOF -p $$|$TAIL -1| $AWK '{ print $NF }' | $SED s/[^/]*$//`
- TDIR=`echo $DIR| $SED -e 's=Contents/MacOS/==g'`
- TORAPPDIR=`echo $TDIR | $SED -e 's/\/$//g'`
#nuke the old sandbox
echo > $DIR/tor-sandbox/tor-bin.sb
#fix some stuff in the sandbox
@@ -34,9 +62,9 @@ fi
if [ "$VERSION"x = "10.5"x ]; then
#10.5 use the policy written for 10.5
- echo "no support for 10.5 yet."
-
+ #nuke the old sandbox
+ echo > $DIR/tor-sandbox/tor-bin.sb
+ #fix some stuff in the sandbox
+ $SED -e "s=TORAPPDIR=$TORAPPDIR=g" $DIR/tor-sandbox/tor-enforce-10.5.sb >> $DIR/tor-sandbox/tor-bin.sb
+ /usr/bin/sandbox-exec -f $DIR/tor-sandbox/tor-bin.sb ${DIR}/tor-bin $@
fi
-
-
-
diff --git a/src/osx-sandboxes/tor-sandbox/tor-bin.sb b/src/osx-sandboxes/tor-sandbox/tor-bin.sb
deleted file mode 100644
index 90c57b4..0000000
--- a/src/osx-sandboxes/tor-sandbox/tor-bin.sb
+++ /dev/null
@@ -1,66 +0,0 @@
-
-(version 1)
-
-(deny default)
-
-(allow file-ioctl
- (literal "/dev/dtracehelper"))
-
-(allow file-read-data file-read-metadata
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/Frameworks/libcrypto.0.9.8.dylib")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/Frameworks/libssl.0.9.8.dylib")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/Frameworks/libz.1.dylib")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/TorBrowser_en-US.app/.tor/state")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/torrc")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/state")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.new"))
-
-(allow file-read-data
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-certs")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-consensus")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.new")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/lock")
- (literal "/dev/dtracehelper")
- (literal "/dev/null")
- (literal "/dev/urandom")
- (subpath "/usr/share"))
-
-(allow file-read-metadata
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor")
- (literal "/etc")
- (literal "/private/etc/localtime")
- (subpath "/usr/lib"))
-
-(allow file-write*
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.new")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.new.tmp")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.tmp")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.tmp.tmp")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-consensus")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-consensus.tmp")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/state")
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/state.tmp"))
-
-(allow file-write-data
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/lock")
- (literal "/dev/dtracehelper"))
-
-(allow ipc-posix-shm)
-
-(allow mach-lookup
- (global-name "com.apple.system.notification_center"))
-
-(allow network-inbound
- (local tcp "localhost:9050")
- (local tcp "localhost:9051"))
-
-(allow network-outbound
- (remote tcp "*:*"))
-; we need to allow any port
-
-(allow process-exec
- (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/tor-bin"))
-
-(allow sysctl-read)
diff --git a/src/osx-sandboxes/tor-sandbox/tor-enforce-10.5.sb b/src/osx-sandboxes/tor-sandbox/tor-enforce-10.5.sb
new file mode 100755
index 0000000..83e2f77
--- /dev/null
+++ b/src/osx-sandboxes/tor-sandbox/tor-enforce-10.5.sb
@@ -0,0 +1,95 @@
+;; MacOSX Sandbox profile for bundled tor
+;;
+;; Copyright 2010 Robert Malmgren AB. All rights reserved.
+;;
+;; Redistribution and use in source and binary forms, with or without modification, are
+;; permitted provided that the following conditions are met:
+;;
+;; 1. Redistributions of source code must retain the above copyright notice, this list of
+;; conditions and the following disclaimer.
+;;
+;; 2. Redistributions in binary form must reproduce the above copyright notice, this list
+;; of conditions and the following disclaimer in the documentation and/or other materials
+;; provided with the distribution.
+;;
+;; THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
+;; WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+;; FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
+;; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+;; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+;; ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+;; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+;; ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+;;
+;; The views and conclusions contained in the software and documentation are those of the
+;; authors and should not be interpreted as representing official policies, either expressed
+;; or implied, of Robert Malmgren AB.
+;;
+;; Written by andreas at romab.com
+(version 1)
+
+(deny default)
+(debug deny)
+
+(allow file-read-data file-read-metadata
+ (literal "TORAPPDIR/Contents/Frameworks/libcrypto.0.9.8.dylib")
+ (literal "TORAPPDIR/Contents/Frameworks/libssl.0.9.8.dylib")
+ (literal "TORAPPDIR/Contents/Frameworks/libz.1.dylib")
+ (literal "TORAPPDIR/TorBrowser_en-US.app/.tor/state")
+ (literal "TORAPPDIR/Contents/MacOS/torrc")
+ (literal "TORAPPDIR/.tor/state")
+ (literal "TORAPPDIR/.tor/state.tmp")
+ (literal "TORAPPDIR/.tor/cached-descriptors.new"))
+
+(allow file-read-data
+ (literal "TORAPPDIR/.tor/cached-certs")
+ (literal "TORAPPDIR/.tor/cached-consensus")
+ (literal "TORAPPDIR/.tor/cached-descriptors")
+ (literal "TORAPPDIR/.tor/lock")
+ (literal "/dev/dtracehelper")
+ (literal "/dev/null")
+ (literal "/dev/urandom")
+ (regex "^/usr/share/.*"))
+
+(allow file-read-metadata
+ (literal "TORAPPDIR/.tor")
+ (literal "/etc")
+ (literal "/private/etc/localtime")
+ (regex "^/usr/lib/.*"))
+
+(allow file-write*
+ (literal "TORAPPDIR/.tor/cached-descriptors")
+ (literal "TORAPPDIR/.tor/cached-descriptors.new")
+ (literal "TORAPPDIR/.tor/cached-descriptors.new.tmp")
+ (literal "TORAPPDIR/.tor/cached-descriptors.tmp")
+ (literal "TORAPPDIR/.tor/cached-descriptors.tmp.tmp")
+ (literal "TORAPPDIR/.tor/cached-consensus")
+ (literal "TORAPPDIR/.tor/cached-consensus.tmp")
+ (literal "TORAPPDIR/.tor/state")
+ (literal "TORAPPDIR/.tor/state.tmp"))
+
+(allow file-write-data
+ (literal "TORAPPDIR/.tor/lock")
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.system.notification_center"))
+
+(allow network-inbound
+ ; we do want to be more specific than this.
+ ;(to tcp4 "*:9050")
+ ;(to tcp4 "*:9051"))
+ (to tcp4 "*:*"))
+
+(allow network-outbound)
+; (remote tcp "*:*"))
+; we need to allow any port (but as tor in relay mode might need udp)
+
+
+(allow process-exec
+ (literal "TORAPPDIR/Contents/MacOS/tor-bin"))
+
+(allow sysctl-read)
diff --git a/src/osx-sandboxes/tor-sandbox/tor-enforce.sb b/src/osx-sandboxes/tor-sandbox/tor-enforce.sb
index 23365b3..ad31d2c 100644
--- a/src/osx-sandboxes/tor-sandbox/tor-enforce.sb
+++ b/src/osx-sandboxes/tor-sandbox/tor-enforce.sb
@@ -1,3 +1,32 @@
+;; MacOSX Sandbox profile for bundled tor
+;;
+;; Copyright 2010 Robert Malmgren AB. All rights reserved.
+;;
+;; Redistribution and use in source and binary forms, with or without modification, are
+;; permitted provided that the following conditions are met:
+;;
+;; 1. Redistributions of source code must retain the above copyright notice, this list of
+;; conditions and the following disclaimer.
+;;
+;; 2. Redistributions in binary form must reproduce the above copyright notice, this list
+;; of conditions and the following disclaimer in the documentation and/or other materials
+;; provided with the distribution.
+;;
+;; THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
+;; WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+;; FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
+;; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+;; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+;; ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+;; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+;; ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+;;
+;; The views and conclusions contained in the software and documentation are those of the
+;; authors and should not be interpreted as representing official policies, either expressed
+;; or implied, of Robert Malmgren AB.
+;;
+;; Written by andreas at romab.com
(version 1)
(deny default)
--
1.7.1
More information about the tor-commits
mailing list