[or-cvs] [torbrowser/master] Added sandboxes for firefox and tor and the wrapperscript for tor-enforce.sb
erinn at torproject.org
erinn at torproject.org
Fri Oct 15 21:07:10 UTC 2010
Author: travis armstrong <andreas at romab.com>
Date: Fri, 15 Oct 2010 21:46:50 +0200
Subject: Added sandboxes for firefox and tor and the wrapperscript for tor-enforce.sb
Commit: 50b2f0bbdc7a19cf53ef3ab64dddcaae0b076989
---
src/osx-sandboxes/firefox-sandbox/tbb-ff.sb | 81 ++++++++++++++++++
src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb | 96 ++++++++++++++++++++++
src/osx-sandboxes/firefox-sandbox/tor-work.sb | 82 ++++++++++++++++++
src/osx-sandboxes/firefox-sandbox/tor.sb | 82 ++++++++++++++++++
src/osx-sandboxes/tor-sandbox/tor | 42 ++++++++++
src/osx-sandboxes/tor-sandbox/tor-bin.sb | 66 +++++++++++++++
src/osx-sandboxes/tor-sandbox/tor-enforce.sb | 66 +++++++++++++++
7 files changed, 515 insertions(+), 0 deletions(-)
create mode 100644 src/osx-sandboxes/firefox-sandbox/tbb-ff.sb
create mode 100644 src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb
create mode 100644 src/osx-sandboxes/firefox-sandbox/tor-work.sb
create mode 100644 src/osx-sandboxes/firefox-sandbox/tor.sb
create mode 100755 src/osx-sandboxes/tor-sandbox/tor
create mode 100644 src/osx-sandboxes/tor-sandbox/tor-bin.sb
create mode 100644 src/osx-sandboxes/tor-sandbox/tor-enforce.sb
diff --git a/src/osx-sandboxes/firefox-sandbox/tbb-ff.sb b/src/osx-sandboxes/firefox-sandbox/tbb-ff.sb
new file mode 100644
index 0000000..e252166
--- /dev/null
+++ b/src/osx-sandboxes/firefox-sandbox/tbb-ff.sb
@@ -0,0 +1,81 @@
+(version 1)
+
+(deny default)
+; help with debug.
+(deny file-read-metadata (subpath "/Applications") (with no-log))
+(deny file-read-metadata (subpath "/Developer") (with no-log))
+(deny file-read-metadata (subpath "/Users/andreas/Library") (with no-log))
+
+(allow file-ioctl
+ (literal "/dev/urandom")
+ (literal "/dev/dtracehelper"))
+(allow network-outbound
+ (remote tcp "localhost:8118"))
+(allow file-read-data file-read-metadata
+ (literal "/Library/Preferences/com.apple.HIToolbox.plist")
+ (literal "/Library/Preferences/.GlobalPreferences.plist")
+ (subpath "FIREFOXDIR/Contents")
+ (subpath "LIBRARYDIR/Application Support/Firefox/Profiles/profile")
+ (subpath "/System")
+ (subpath "TMPDIR") ;; macosx shellenv.
+ (subpath "/usr/lib")
+ (literal "/private/etc/passwd")
+ (subpath "/Library/Fonts")
+ (literal "/dev/null")
+ (subpath "/usr/share")
+ (literal "/dev/urandom"))
+
+
+(allow file-read-data
+ (literal "FIREFOXDIR")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app")
+ (literal "/dev/dtracehelper"))
+
+(allow file-read-metadata
+ (literal "/")
+ (literal "FIREFOXDIR")
+ (literal "LIBRARYDIR/Application Support/Firefox/Profiles")
+ (literal "LIBRARYDIR/Application Support/Firefox")
+ (literal "LIBRARYDIR/Application Support")
+ (literal "LIBRARYDIR")
+ (literal "/etc")
+ (literal "/var")
+ (literal "/tmp")
+ (literal "/private/tmp")
+ (literal "/private/var/tmp")
+ (literal "/private/etc/localtime"))
+
+(allow file-write* (subpath "LIBRARYDIR/Application Support/Firefox/Profiles/profile"))
+
+(allow file-write-data
+ (subpath "TMPDIR") ;; macosx shellenv, we will fix this later
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.CoreServices.coreservicesd")
+ (global-name "com.apple.SecurityServer")
+ (global-name "com.apple.SystemConfiguration.configd")
+ (global-name "com.apple.distributed_notifications.2")
+ (global-name "com.apple.dock.server")
+ (global-name "com.apple.system.DirectoryService.libinfo_v1")
+ (global-name "com.apple.system.DirectoryService.membership_v1")
+ (global-name "com.apple.system.logger")
+ (global-name "com.apple.system.notification_center")
+ (global-name "com.apple.FontObjectsServer")
+ (global-name "com.apple.FontServer")
+ (global-name "com.apple.pasteboard.1")
+ (global-name "com.apple.windowserver.active")
+ (global-name "com.apple.tsm.uiserver")
+ (global-name "com.apple.windowserver.session"))
+
+(allow process-exec
+ ;; netstat needed for entropy. part of lib_nss.
+ (literal "/usr/sbin/netstat")
+ (literal "FIREFOXDIR/Contents/MacOS/firefox-bin2"))
+(allow process-fork)
+
+(allow sysctl-read)
+
+(allow system-socket)
diff --git a/src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb b/src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb
new file mode 100644
index 0000000..51d0658
--- /dev/null
+++ b/src/osx-sandboxes/firefox-sandbox/tor-sandbox.sb
@@ -0,0 +1,96 @@
+
+(version 1)
+
+(deny default)
+; help with debug.
+(deny file-read-metadata (subpath "/Applications") (with no-log))
+(deny file-read-metadata (subpath "/Developer") (with no-log))
+(deny file-read-metadata (subpath "/Users/andreas/Library") (with no-log))
+
+(allow file-ioctl
+ (literal "/dev/urandom")
+ (literal "/dev/dtracehelper"))
+(allow network-outbound
+ (remote tcp "localhost:8118"))
+(allow file-read-data file-read-metadata
+ (literal "/Library/Preferences/com.apple.HIToolbox.plist")
+ (literal "/Library/Preferences/.GlobalPreferences.plist")
+ (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents")
+ (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile")
+ (subpath "/System")
+ (subpath "/var/folders/om/omS0C5yXH1ynktSqdi9Et++++yY/-Tmp-") ;; macosx shellenv.
+ (subpath "/usr/lib")
+ (literal "/private/etc/passwd")
+ (subpath "/Library/Fonts")
+ (literal "/dev/null")
+ (subpath "/usr/share")
+ (literal "/dev/urandom"))
+
+
+(allow file-read-data
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app")
+ (literal "/dev/dtracehelper"))
+
+(allow file-read-metadata
+ (literal "/")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library")
+ (literal "/etc")
+ (literal "/var")
+ (literal "/tmp")
+ (literal "/private/tmp")
+ (literal "/private/var/tmp")
+ (literal "/private/etc/localtime"))
+
+(allow file-write* (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile"))
+
+(allow file-write-data
+ (subpath "/var/folders/om/omS0C5yXH1ynktSqdi9Et++++yY/-Tmp-") ;; macosx shellenv, we will fix this later
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.CoreServices.coreservicesd")
+ (global-name "com.apple.SecurityServer")
+ (global-name "com.apple.SystemConfiguration.configd")
+ (global-name "com.apple.distributed_notifications.2")
+ (global-name "com.apple.dock.server")
+ (global-name "com.apple.system.DirectoryService.libinfo_v1")
+ (global-name "com.apple.system.DirectoryService.membership_v1")
+ (global-name "com.apple.system.logger")
+ (global-name "com.apple.system.notification_center")
+ (global-name "com.apple.FontObjectsServer")
+ (global-name "com.apple.FontServer")
+ (global-name "com.apple.pasteboard.1")
+ (global-name "com.apple.windowserver.active")
+ (global-name "com.apple.tsm.uiserver")
+ (global-name "com.apple.windowserver.session"))
+
+(allow process-exec
+ ;; netstat needed for entropy. part of lib_nss.
+ (literal "/usr/sbin/netstat")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents/MacOS/firefox-bin2"))
+(allow process-fork)
+
+(allow sysctl-read)
+
+(allow system-socket)
+(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents/MacOS"))
+(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents"))
+(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app"))
+(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS"))
+(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents"))
+(allow file-read-metadata (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app"))
+(allow file-read-metadata (literal "/Users/andreas/Downloads/tor"))
+(allow file-read-metadata (literal "/Users/andreas/Downloads"))
+(allow file-read-metadata (literal "/Users/andreas"))
+(allow file-read-metadata (literal "/Users"))
+(allow file-read-metadata (literal "/"))
+(allow file-read-data (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app"))
+(allow file-read-data (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS"))
+(allow file-read-data (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents"))
diff --git a/src/osx-sandboxes/firefox-sandbox/tor-work.sb b/src/osx-sandboxes/firefox-sandbox/tor-work.sb
new file mode 100644
index 0000000..55fd08b
--- /dev/null
+++ b/src/osx-sandboxes/firefox-sandbox/tor-work.sb
@@ -0,0 +1,82 @@
+(version 1)
+
+(deny default)
+; help with debug.
+(deny file-read-metadata (subpath "/Applications") (with no-log))
+(deny file-read-metadata (subpath "/Developer") (with no-log))
+(deny file-read-metadata (subpath "/Users/andreas/Library") (with no-log))
+
+(allow file-ioctl
+ (literal "/dev/urandom")
+ (literal "/dev/dtracehelper"))
+(allow network-outbound
+ (remote tcp "localhost:8118"))
+(allow file-read-data file-read-metadata
+ (literal "/Library/Preferences/com.apple.HIToolbox.plist")
+ (literal "/Library/Preferences/.GlobalPreferences.plist")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app")
+ (subpath "FIREFOXDIR/Contents")
+ (subpath "LIBRARYDIR/Application Support/Firefox/Profiles/profile")
+ (subpath "/System")
+ (subpath "$TMPDIR") ;; $TMPDIR, we will fix this later
+ (subpath "/usr/lib")
+ (literal "/private/etc/passwd")
+ (subpath "/Library/Fonts")
+ (literal "/dev/null")
+ (subpath "/usr/share")
+ (literal "/dev/urandom"))
+
+
+(allow file-read-data
+ (literal "FIREFOXDIR")
+ (literal "/dev/dtracehelper"))
+
+(allow file-read-metadata
+ (literal "/")
+ (literal "/Users")
+ (literal "/Users/andreas")
+ (literal "/Users/andreas/Downloads")
+ (literal "/Users/andreas/Downloads/tor")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS")
+ (literal "FIREFOXDIR")
+ (literal "/etc")
+ (literal "/var")
+ (literal "/tmp")
+ (literal "/private/var/tmp")
+ (literal "/private/etc/localtime"))
+
+(allow file-write-data
+ (literal "LIBRARYDIR/Application Support/Firefox/Profiles/profile/.parentlock")
+ (subpath "TMPDIR") ;; $TMPDIR, we will fix this later
+ (subpath "LIBRARYDIR/Application Support/Firefox/Profiles/profile")
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.CoreServices.coreservicesd")
+ (global-name "com.apple.SecurityServer")
+ (global-name "com.apple.SystemConfiguration.configd")
+ (global-name "com.apple.distributed_notifications.2")
+ (global-name "com.apple.dock.server")
+ (global-name "com.apple.system.DirectoryService.libinfo_v1")
+ (global-name "com.apple.system.DirectoryService.membership_v1")
+ (global-name "com.apple.system.logger")
+ (global-name "com.apple.system.notification_center")
+ (global-name "com.apple.FontObjectsServer")
+ (global-name "com.apple.FontServer")
+ (global-name "com.apple.pasteboard.1")
+ (global-name "com.apple.windowserver.active")
+ (global-name "com.apple.tsm.uiserver")
+ (global-name "com.apple.windowserver.session"))
+
+(allow process-exec
+ ;; netstat needed for entropy. part of lib_nss.
+ (literal "/usr/sbin/netstat")
+ (literal "FIREFOXDIR/Contents/MacOS/firefox-bin"))
+(allow process-fork)
+
+(allow sysctl-read)
+
+(allow system-socket)
diff --git a/src/osx-sandboxes/firefox-sandbox/tor.sb b/src/osx-sandboxes/firefox-sandbox/tor.sb
new file mode 100644
index 0000000..e656a9c
--- /dev/null
+++ b/src/osx-sandboxes/firefox-sandbox/tor.sb
@@ -0,0 +1,82 @@
+(version 1)
+
+(deny default)
+; help with debug.
+(deny file-read-metadata (subpath "/Applications") (with no-log))
+(deny file-read-metadata (subpath "/Developer") (with no-log))
+(deny file-read-metadata (subpath "/Users/andreas/Library") (with no-log))
+
+(allow file-ioctl
+ (literal "/dev/urandom")
+ (literal "/dev/dtracehelper"))
+(allow network-outbound
+ (remote tcp "localhost:8118"))
+(allow file-read-data file-read-metadata
+ (literal "/Library/Preferences/com.apple.HIToolbox.plist")
+ (literal "/Library/Preferences/.GlobalPreferences.plist")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app")
+ (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents")
+ (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile")
+ (subpath "/System")
+ (subpath "/private/var/folders") ;; $TMPDIR, we will fix this later
+ (subpath "/usr/lib")
+ (literal "/private/etc/passwd")
+ (subpath "/Library/Fonts")
+ (literal "/dev/null")
+ (subpath "/usr/share")
+ (literal "/dev/urandom"))
+
+
+(allow file-read-data
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app")
+ (literal "/dev/dtracehelper"))
+
+(allow file-read-metadata
+ (literal "/")
+ (literal "/Users")
+ (literal "/Users/andreas")
+ (literal "/Users/andreas/Downloads")
+ (literal "/Users/andreas/Downloads/tor")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app")
+ (literal "/etc")
+ (literal "/var")
+ (literal "/tmp")
+ (literal "/private/var/tmp")
+ (literal "/private/etc/localtime"))
+
+(allow file-write-data
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile/.parentlock")
+ (subpath "/private/var/folders") ;; $TMPDIR, we will fix this later
+ (subpath "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Library/Application Support/Firefox/Profiles/profile")
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.CoreServices.coreservicesd")
+ (global-name "com.apple.SecurityServer")
+ (global-name "com.apple.SystemConfiguration.configd")
+ (global-name "com.apple.distributed_notifications.2")
+ (global-name "com.apple.dock.server")
+ (global-name "com.apple.system.DirectoryService.libinfo_v1")
+ (global-name "com.apple.system.DirectoryService.membership_v1")
+ (global-name "com.apple.system.logger")
+ (global-name "com.apple.system.notification_center")
+ (global-name "com.apple.FontObjectsServer")
+ (global-name "com.apple.FontServer")
+ (global-name "com.apple.pasteboard.1")
+ (global-name "com.apple.windowserver.active")
+ (global-name "com.apple.tsm.uiserver")
+ (global-name "com.apple.windowserver.session"))
+
+(allow process-exec
+ ;; netstat needed for entropy. part of lib_nss.
+ (literal "/usr/sbin/netstat")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/Firefox.app/Contents/MacOS/firefox-bin"))
+(allow process-fork)
+
+(allow sysctl-read)
+
+(allow system-socket)
diff --git a/src/osx-sandboxes/tor-sandbox/tor b/src/osx-sandboxes/tor-sandbox/tor
new file mode 100755
index 0000000..a1570b1
--- /dev/null
+++ b/src/osx-sandboxes/tor-sandbox/tor
@@ -0,0 +1,42 @@
+#!/bin/bash
+# tbb launchit script.
+# this script launches tor within the macosx sandbox.
+# as we do not know where the user will install the tbb, we need
+# to do some search and replace.
+#
+# Also, we will need to accept arguments comming from vidalia.
+#
+SW_VERS=/usr/bin/sw_vers
+CUT=/usr/bin/cut
+LSOF=/usr/sbin/lsof
+AWK=/usr/bin/awk
+TAIL=/usr/bin/tail
+SED=/usr/bin/sed
+
+#find out osx version.
+
+VERSION=`$SW_VERS -productVersion| $CUT -f1,2 -d .`
+
+if [ "$VERSION"x = "10.6"x ]; then
+ #we know we use 10.6 fix the sandbox, do some search and replace
+ #and find current dir and the rebuild the sandbox
+
+ #determine current dir.
+ DIR=`$LSOF -p $$|$TAIL -1| $AWK '{ print $NF }' | $SED s/[^/]*$//`
+ TDIR=`echo $DIR| $SED -e 's=Contents/MacOS/==g'`
+ TORAPPDIR=`echo $TDIR | $SED -e 's/\/$//g'`
+ #nuke the old sandbox
+ echo > $DIR/tor-sandbox/tor-bin.sb
+ #fix some stuff in the sandbox
+ $SED -e "s=TORAPPDIR=$TORAPPDIR=g" $DIR/tor-sandbox/tor-enforce.sb >> $DIR/tor-sandbox/tor-bin.sb
+ /usr/bin/sandbox-exec -f $DIR/tor-sandbox/tor-bin.sb ${DIR}/tor-bin $@
+fi
+
+if [ "$VERSION"x = "10.5"x ]; then
+ #10.5 use the policy written for 10.5
+ echo "no support for 10.5 yet."
+
+fi
+
+
+
diff --git a/src/osx-sandboxes/tor-sandbox/tor-bin.sb b/src/osx-sandboxes/tor-sandbox/tor-bin.sb
new file mode 100644
index 0000000..90c57b4
--- /dev/null
+++ b/src/osx-sandboxes/tor-sandbox/tor-bin.sb
@@ -0,0 +1,66 @@
+
+(version 1)
+
+(deny default)
+
+(allow file-ioctl
+ (literal "/dev/dtracehelper"))
+
+(allow file-read-data file-read-metadata
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/Frameworks/libcrypto.0.9.8.dylib")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/Frameworks/libssl.0.9.8.dylib")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/Frameworks/libz.1.dylib")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/TorBrowser_en-US.app/.tor/state")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/torrc")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/state")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.new"))
+
+(allow file-read-data
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-certs")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-consensus")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.new")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/lock")
+ (literal "/dev/dtracehelper")
+ (literal "/dev/null")
+ (literal "/dev/urandom")
+ (subpath "/usr/share"))
+
+(allow file-read-metadata
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor")
+ (literal "/etc")
+ (literal "/private/etc/localtime")
+ (subpath "/usr/lib"))
+
+(allow file-write*
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.new")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.new.tmp")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.tmp")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-descriptors.tmp.tmp")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-consensus")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/cached-consensus.tmp")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/state")
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/state.tmp"))
+
+(allow file-write-data
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/.tor/lock")
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.system.notification_center"))
+
+(allow network-inbound
+ (local tcp "localhost:9050")
+ (local tcp "localhost:9051"))
+
+(allow network-outbound
+ (remote tcp "*:*"))
+; we need to allow any port
+
+(allow process-exec
+ (literal "/Users/andreas/Downloads/tor/TorBrowser_en-US.app/Contents/MacOS/tor-bin"))
+
+(allow sysctl-read)
diff --git a/src/osx-sandboxes/tor-sandbox/tor-enforce.sb b/src/osx-sandboxes/tor-sandbox/tor-enforce.sb
new file mode 100644
index 0000000..23365b3
--- /dev/null
+++ b/src/osx-sandboxes/tor-sandbox/tor-enforce.sb
@@ -0,0 +1,66 @@
+(version 1)
+
+(deny default)
+
+(allow file-ioctl
+ (literal "/dev/dtracehelper"))
+
+(allow file-read-data file-read-metadata
+ (literal "TORAPPDIR/Contents/Frameworks/libcrypto.0.9.8.dylib")
+ (literal "TORAPPDIR/Contents/Frameworks/libssl.0.9.8.dylib")
+ (literal "TORAPPDIR/Contents/Frameworks/libz.1.dylib")
+ (literal "TORAPPDIR/TorBrowser_en-US.app/.tor/state")
+ (literal "TORAPPDIR/Contents/MacOS/torrc")
+ (literal "TORAPPDIR/.tor/state")
+ (literal "TORAPPDIR/.tor/cached-descriptors.new"))
+
+(allow file-read-data
+ (literal "TORAPPDIR/.tor/cached-certs")
+ (literal "TORAPPDIR/.tor/cached-consensus")
+ (literal "TORAPPDIR/.tor/cached-descriptors")
+ (literal "TORAPPDIR/.tor/cached-descriptors.new")
+ (literal "TORAPPDIR/.tor/lock")
+ (literal "/dev/dtracehelper")
+ (literal "/dev/null")
+ (literal "/dev/urandom")
+ (subpath "/usr/share"))
+
+(allow file-read-metadata
+ (literal "TORAPPDIR/.tor")
+ (literal "/etc")
+ (literal "/private/etc/localtime")
+ (subpath "/usr/lib"))
+
+(allow file-write*
+ (literal "TORAPPDIR/.tor/cached-descriptors")
+ (literal "TORAPPDIR/.tor/cached-descriptors.new")
+ (literal "TORAPPDIR/.tor/cached-descriptors.new.tmp")
+ (literal "TORAPPDIR/.tor/cached-descriptors.tmp")
+ (literal "TORAPPDIR/.tor/cached-descriptors.tmp.tmp")
+ (literal "TORAPPDIR/.tor/cached-consensus")
+ (literal "TORAPPDIR/.tor/cached-consensus.tmp")
+ (literal "TORAPPDIR/.tor/state")
+ (literal "TORAPPDIR/.tor/state.tmp"))
+
+(allow file-write-data
+ (literal "TORAPPDIR/.tor/lock")
+ (literal "/dev/dtracehelper"))
+
+(allow ipc-posix-shm)
+
+(allow mach-lookup
+ (global-name "com.apple.system.notification_center"))
+
+(allow network-inbound
+ (local tcp "localhost:9050")
+ (local tcp "localhost:9051"))
+
+(allow network-outbound)
+; (remote tcp "*:*"))
+; we need to allow any port (but as tor in relay mode might need udp)
+
+
+(allow process-exec
+ (literal "TORAPPDIR/Contents/MacOS/tor-bin"))
+
+(allow sysctl-read)
--
1.7.1
More information about the tor-commits
mailing list