#!/bin/bash
# Startup script, MacOSX Sandbox profile for bundled firefox.
#
# Copyright 2010 Robert Malmgren AB. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are
# permitted provided that the following conditions are met:
#
#   1. Redistributions of source code must retain the above copyright notice, this list of
#      conditions and the following disclaimer.
#
#   2. Redistributions in binary form must reproduce the above copyright notice, this list
#      of conditions and the following disclaimer in the documentation and/or other materials
#      provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
# FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# 
# The views and conclusions contained in the software and documentation are those of the
# authors and should not be interpreted as representing official policies, either expressed
# or implied, of Robert Malmgren AB.
# written by andreas@romab.com

# tbb launchit script.
# this script launches firefox within the macosx sandbox.
# as we do not know where the user will install the tbb, we need 
# to do some search and replace. 
#
# Also, we will need to accept arguments comming from vidalia.
# 
SW_VERS=/usr/bin/sw_vers
CUT=/usr/bin/cut
LSOF=/usr/sbin/lsof
AWK=/usr/bin/awk
TAIL=/usr/bin/tail
SED=/usr/bin/sed

#find out osx version. 

VERSION=`$SW_VERS -productVersion| $CUT -f1,2 -d .`
DIR=`$LSOF -p $$|$TAIL -1| $AWK '{ print $NF }' | $SED s/[^/]*$//`
FDIR=`echo $DIR | $SED -e 's/\/$//g'`
FIREFOX_DIR=`echo $DIR |$SED -e 's/\/$//g' | $SED -e 's=/Contents/MacOS$=='`
LIBRARY_DIR=`echo $FIREFOX_DIR | $SED -e 's=/Contents/MacOS/Firefox.app$=/Library=g'`
WORKING_DIR=`echo $LIBRARY_DIR | $SED -e 's=Library==g'| $SED -e 's/\/$//g'`
#remove slash at the end of line
TMPDIR=`echo $TMPDIR | $SED -e 's/\/$//g'`

if [ "$VERSION"x = "10.6"x ]; then
	#we know we use 10.6 fix the sandbox, do some search and replace
	#and find current dir and the rebuild the sandbox

	#determine current dir.
	#nuke the old sandbox
	echo > $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	$SED -e "s=FIREFOXDIR=$FIREFOX_DIR=g" -e "s=LIBRARYDIR=$LIBRARY_DIR=g" -e "s=TMPDIR=$TMPDIR=g" $FIREFOX_DIR/Contents/MacOS/sandbox/tbb-ff.sb >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb	
	while [ "$DIR" != "/" ]; do
		DIR=`echo $DIR | $SED s/[^/]*$//`
		#strip slash at end
		if [ "$DIR" != "/" ]; then
			DIR=`echo $DIR | $SED -e 's/\/$//g'`
		fi
		echo "(allow file-read-metadata (literal \"$DIR\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	done		
	echo "(allow file-read-data (literal \"$WORKING_DIR\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	echo "(allow file-read-data (literal \"$WORKING_DIR/Contents/MacOS\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	echo "(allow file-read-data (literal \"$WORKING_DIR/Contents\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	# TMPDIR, FIREFOX DIR is all we need to replace.	
	/usr/bin/sandbox-exec -f $FDIR/sandbox/tor-sandbox.sb ${FDIR}/firefox-bin2 -no-remote -profile $LIBRARY_DIR/Application\ Support/Firefox/Profiles/profile
fi

if [ "$VERSION"x = "10.5"x ]; then
	#nuke old sandbox
	echo > $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	$SED -e "s=FIREFOXDIR=$FIREFOX_DIR=g" -e "s=LIBRARYDIR=$LIBRARY_DIR=g" -e "s=TMPDIR=$TMPDIR=g" $FIREFOX_DIR/Contents/MacOS/sandbox/tbb-ff-10.5.sb >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	while [ "$DIR" != "/" ]; do
		DIR=`echo $DIR | $SED s/[^/]*$//`
		#strip slash at end
		if [ "$DIR" != "/" ]; then
			DIR=`echo $DIR | $SED -e 's/\/$//g'`
		fi
		echo "(allow file-read-metadata (literal \"$DIR\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	done		
	echo "(allow file-read-data (literal \"$WORKING_DIR\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	echo "(allow file-read-data (literal \"$WORKING_DIR/Contents/MacOS\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	echo "(allow file-read-data (literal \"$WORKING_DIR/Contents\"))" >> $FIREFOX_DIR/Contents/MacOS/sandbox/tor-sandbox.sb
	/usr/bin/sandbox-exec -f $FDIR/sandbox/tor-sandbox.sb ${FDIR}/firefox-bin2 -no-remote -profile $LIBRARY_DIR/Application\ Support/Firefox/Profiles/profile
fi
