suzanne.soy/nixpkgs
1
0
Fork 0
Code Issues Pull Requests2 Actions Packages Projects Releases Wiki Activity

Revert "cherry-pick lib.sandbox into master"

Browse Source 
This reverts commit 473d8ca3fa. Let's
not put controversial features like this in the release branch.
This commit is contained in:
Eelco Dolstra 2015-11-25 14:16:50 +01:00
parent d1df177f43
commit e354ff9a24
2 changed files with 1 additions and 49 deletions

3
lib/default.nix
View File

@ -17,11 +17,10 @@ let
systems = import ./systems.nix; systems = import ./systems.nix;
customisation = import ./customisation.nix; customisation = import ./customisation.nix;
licenses = import ./licenses.nix; licenses = import ./licenses.nix;
sandbox = import ./sandbox.nix;
in in
{ inherit trivial lists strings stringsWithDeps attrsets sources options { inherit trivial lists strings stringsWithDeps attrsets sources options
modules types meta debug maintainers licenses platforms systems sandbox; modules types meta debug maintainers licenses platforms systems;
} }
# !!! don't include everything at top-level; perhaps only the most # !!! don't include everything at top-level; perhaps only the most
# commonly used functions. # commonly used functions.

47
lib/sandbox.nix
View File

@ -1,47 +0,0 @@
with import ./strings.nix;
/* Helpers for creating lisp S-exprs for the Apple sandbox
lib.sandbox.allowFileRead [ "/usr/bin/file" ];
# => "(allow file-read* (literal \"/usr/bin/file\"))";
lib.sandbox.allowFileRead {
literal = [ "/usr/bin/file" ];
subpath = [ "/usr/lib/system" ];
}
# => "(allow file-read* (literal \"/usr/bin/file\") (subpath \"/usr/lib/system\"))"
*/
let
sexp = tokens: "(" + builtins.concatStringsSep " " tokens + ")";
generateFileList = files:
if builtins.isList files
then concatMapStringsSep " " (x: sexp [ "literal" ''"${x}"'' ]) files
else if builtins.isString files
then generateFileList [ files ]
else concatStringsSep " " (
(map (x: sexp [ "literal" ''"${x}"'' ]) (files.literal or [])) ++
(map (x: sexp [ "subpath" ''"${x}"'' ]) (files.subpath or []))
);
applyToFiles = f: act: files: f "${act} ${generateFileList files}";
genActions = actionName: let
action = feature: sexp [ actionName feature ];
self = {
"${actionName}" = action;
"${actionName}File" = applyToFiles action "file*";
"${actionName}FileRead" = applyToFiles action "file-read*";
"${actionName}FileReadMetadata" = applyToFiles action "file-read-metadata";
"${actionName}DirectoryList" = self."${actionName}FileReadMetadata";
"${actionName}FileWrite" = applyToFiles action "file-write*";
"${actionName}FileWriteMetadata" = applyToFiles action "file-write-metadata";
};
in self;
in
genActions "allow" // genActions "deny" // {
importProfile = derivation: ''
(import "${derivation}")
'';
}