Commits

Dan Villiom Podlaski Christiansen committed 8d44089

Better sandboxer script?

Comments (0)

Files changed (1)

 
 def dependencies(port):
     pattern = re.compile('port:([^,]*),?')
-    deps = set()
-    proc = subprocess.Popen(['/opt/local/bin/port', 'info', '--depends', port],
+    proc = subprocess.Popen(['/opt/local/bin/port', '-q', 'rdeps', port],
                             stdout=subprocess.PIPE)
-    for word in proc.communicate()[0].split():
-        match = pattern.match(word)
-        if match:
-            dep = match.group(1)
-            if dep not in deps:
-                deps.add(dep)
-                deps.update(dependencies(dep))
+    deps = [port] + [p for p in proc.communicate()[0].split() if p]
 
     return deps
 
             f = os.path.dirname(f)
     return dirs
 
+port = 'gettext'
+port = 'ncurses'
+port = 'expat'
+#port = 'pngcrush'
+#port = 'cabextract'
 
 files = set()
-for port in dependencies('gettext'):
-    files.update(contents(port))
+d = {}
 
-files.update(getdirs(files))
-files = sorted(files)
+def addfile(d, f, *args):
+    c = d.setdefault(f, {})
+
+    if args:
+        addfile(c, *args)
+
+for p in dependencies(port):
+    for f in contents(p):
+        addfile(d, *f.split(os.sep))
+
+from pprint import pprint
+pprint(d)
+
+def genregexp(n, d, fd):
+    fd.write(n)
+
+    if d:
+        fd.write('(')
+        for n, c in d.iteritems():
+            fd.write('|')
+            fd.write(os.sep)
+            genregexp(n, c, fd)
+        fd.write(')')
+
+io = StringIO()
+for n, c in d.iteritems():
+    genregexp(n, c, io)
 
 with tempfile.NamedTemporaryFile() as tmp:
     tmp.write(open('port.sb').read())
-    for i in xrange(0, len(files), 100):
-        tmp.write('(allow file-read*')
-        tmp.writelines('\n (literal "%s")' % f for f in files[i:i+100])
-        tmp.write(')\n')
+    tmp.write('(allow file-read* (regex #"^%s$"))\n' % io.getvalue())
     tmp.flush()
     tmp.seek(0)
     for i, l in enumerate(tmp.readlines()):
         print i, l,
     subprocess.call(['/usr/bin/sandbox-exec', '-f', tmp.name,
-                     '/bin/ls', '/opt/local'])
+                     '/bin/ls', '-l', '/opt/local/bin'])