Revert "cherry-pick lib.sandbox into master"

This reverts commit 473d8ca3fa. Let's not put controversial features like this in the release branch.
2015-11-25 14:16:50 +01:00 · 2015-11-25 14:16:50 +01:00 · e354ff9a24
commit e354ff9a24
parent d1df177f43
2 changed files with 1 additions and 49 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@ -17,11 +17,10 @@ let
  systems = import ./systems.nix;
  customisation = import ./customisation.nix;
  licenses = import ./licenses.nix;
-  sandbox = import ./sandbox.nix;

 in
  { inherit trivial lists strings stringsWithDeps attrsets sources options
-      modules types meta debug maintainers licenses platforms systems sandbox;
+      modules types meta debug maintainers licenses platforms systems;
  }
  # !!! don't include everything at top-level; perhaps only the most
  # commonly used functions.
--- a/lib/sandbox.nix
+++ b/lib/sandbox.nix
@ -1,47 +0,0 @@
-with import ./strings.nix;
-
-/* Helpers for creating lisp S-exprs for the Apple sandbox
-
-lib.sandbox.allowFileRead [ "/usr/bin/file" ];
-  # => "(allow file-read* (literal \"/usr/bin/file\"))";
-
-lib.sandbox.allowFileRead {
-  literal = [ "/usr/bin/file" ];
-  subpath = [ "/usr/lib/system" ];
-}
-  # => "(allow file-read* (literal \"/usr/bin/file\") (subpath \"/usr/lib/system\"))"
-*/
-
-let
-
-sexp = tokens: "(" + builtins.concatStringsSep " " tokens + ")";
-generateFileList = files:
-  if builtins.isList files
-    then concatMapStringsSep " " (x: sexp [ "literal" ''"${x}"'' ]) files
-    else if builtins.isString files
-      then generateFileList [ files ]
-      else concatStringsSep " " (
-        (map (x: sexp [ "literal" ''"${x}"'' ]) (files.literal or [])) ++
-        (map (x: sexp [ "subpath" ''"${x}"'' ]) (files.subpath or []))
-      );
-applyToFiles = f: act: files: f "${act} ${generateFileList files}";
-genActions = actionName: let
-  action = feature: sexp [ actionName feature ];
-  self = {
-    "${actionName}" = action;
-    "${actionName}File" = applyToFiles action "file*";
-    "${actionName}FileRead" = applyToFiles action "file-read*";
-    "${actionName}FileReadMetadata" = applyToFiles action "file-read-metadata";
-    "${actionName}DirectoryList" = self."${actionName}FileReadMetadata";
-    "${actionName}FileWrite" = applyToFiles action "file-write*";
-    "${actionName}FileWriteMetadata" = applyToFiles action "file-write-metadata";
-  };
-  in self;
-
-in
-
-genActions "allow" // genActions "deny" // {
-  importProfile = derivation: ''
-    (import "${derivation}")
-  '';
-}