sandbox: add deny_write_homebrew_library method

2015-04-23 12:33:54 +08:00 · 2015-04-23 12:33:54 +08:00 · fbc47d86ad
commit fbc47d86ad
parent 4db3e51c8e
2 changed files with 7 additions and 3 deletions
--- a/Library/Homebrew/cmd/postinstall.rb
+++ b/Library/Homebrew/cmd/postinstall.rb
@ -25,9 +25,7 @@ module Homebrew
        sandbox.allow_write_log(formula)
        sandbox.allow_write_cellar(formula)
        sandbox.allow_write_path HOMEBREW_PREFIX
-        sandbox.deny_write_path HOMEBREW_LIBRARY
-        sandbox.deny_write_path HOMEBREW_REPOSITORY/".git"
-        sandbox.deny_write HOMEBREW_BREW_FILE
+        sandbox.deny_write_homebrew_library
        sandbox.exec(*args)
      else
        exec(*args)
--- a/Library/Homebrew/sandbox.rb
+++ b/Library/Homebrew/sandbox.rb
@ -53,6 +53,12 @@ class Sandbox
    allow_write_path HOMEBREW_LOGS/formula.name
  end

+  def deny_write_homebrew_library
+    deny_write_path HOMEBREW_LIBRARY
+    deny_write_path HOMEBREW_REPOSITORY/".git"
+    deny_write HOMEBREW_BREW_FILE
+  end
+
  def exec(*args)
    begin
      seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP)