From fbc47d86ad799124f2ae9c7fcf842bf3d39a46d8 Mon Sep 17 00:00:00 2001
From: Xu Cheng <xucheng@me.com>
Date: Thu, 23 Apr 2015 12:33:54 +0800
Subject: [PATCH] sandbox: add deny_write_homebrew_library method

---
 Library/Homebrew/cmd/postinstall.rb | 4 +---
 Library/Homebrew/sandbox.rb         | 6 ++++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Library/Homebrew/cmd/postinstall.rb b/Library/Homebrew/cmd/postinstall.rb
index 16608e7731..5e9e956c86 100644
--- a/Library/Homebrew/cmd/postinstall.rb
+++ b/Library/Homebrew/cmd/postinstall.rb
@@ -25,9 +25,7 @@ module Homebrew
         sandbox.allow_write_log(formula)
         sandbox.allow_write_cellar(formula)
         sandbox.allow_write_path HOMEBREW_PREFIX
-        sandbox.deny_write_path HOMEBREW_LIBRARY
-        sandbox.deny_write_path HOMEBREW_REPOSITORY/".git"
-        sandbox.deny_write HOMEBREW_BREW_FILE
+        sandbox.deny_write_homebrew_library
         sandbox.exec(*args)
       else
         exec(*args)
diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb
index 9ad9209264..37d579da50 100644
--- a/Library/Homebrew/sandbox.rb
+++ b/Library/Homebrew/sandbox.rb
@@ -53,6 +53,12 @@ class Sandbox
     allow_write_path HOMEBREW_LOGS/formula.name
   end
 
+  def deny_write_homebrew_library
+    deny_write_path HOMEBREW_LIBRARY
+    deny_write_path HOMEBREW_REPOSITORY/".git"
+    deny_write HOMEBREW_BREW_FILE
+  end
+
   def exec(*args)
     begin
       seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP)