#!/bin/bash
#
# MacOSX Sandbox profile for the Tweetdeck twitter client
#
# Copyright 2010 Robert Malmgren AB. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are
# permitted provided that the following conditions are met:
#
#   1. Redistributions of source code must retain the above copyright notice, this list of
#      conditions and the following disclaimer.
#
#   2. Redistributions in binary form must reproduce the above copyright notice, this list
#      of conditions and the following disclaimer in the documentation and/or other materials
#      provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY Robert Malmgren AB ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
# FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# 
# The views and conclusions contained in the software and documentation are those of the
# authors and should not be interpreted as representing official policies, either expressed
# or implied, of Robert Malmgren AB.
#
#
#

PATH=/bin:/usr/bin

prog=Tweetdeck
username=$(whoami)
processed_template_location=$(mktemp -d -t  ${prog}-sandbox)
tmpbase=$(echo $TMPDIR | sed 's/\/-Tmp-\/$//')

IT_DIR=`pwd`
IT_CONF=${IT_DIR}/IronTweetdeck.config
IT_ADDONS=${processed_template_location}/${prog}-addons.sb

#
# Inspired by the checkyesno() function from the
# FreeBSD boot support routines in /etc/rc.subr
#

myyesno()
{
        case ${1} in

                #       "yes", "true", "on"
        [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn])
                return 0
                ;;

                #       "no", "false", "off"
        [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
                return 1
                ;;
        *)
                echo  "${1} is not set properly. Ironfox wrapper startup script exiting."
                return 2
                ;;
        esac
}


IT_DEBUG=off

# Gracefully remove temp files, both for normal terminations and when terminated

trap 'rm -rf "${processed_template_location}" >/dev/null 2>&1' 0
trap "exit 2" 1 2 3 15
cp /dev/null $IT_ADDONS



if [ -f "$IT_CONF" ];
then

    for i in DEBUG LOGGING GROWL IRONFOX
    do

	# Parse the config file, get the value J for key I

	j=`cat $IT_CONF | egrep -v '^[ 	]*#'| egrep -v '^$' | grep -i $i | sed 's/[ 	]//g' | cut -d# -f1 | cut -d= -f2`
       
	if [ -n "$j" ];
	then
	    case $i in
		[Dd][Ee][Bb][Uu][Gg]|[Ll][Oo][Gg][Gg][Ii][Nn][Gg]) 
		    myyesno "$j"
		    if [ "$?" -eq "0" ];
		    then
			IT_DEBUG="on"
		    fi
		    ;;
		[Ii][Rr][Oo][Nn][Ff][Oo][Xx]) 
		    myyesno "$j"
		    if [ "$?" -eq "0" ];
		    then
			echo '(import "%%PATH%%ironfox.sb")' | sed -e "s=%%PATH%%=${processed_template_location}/=g" >> $IT_ADDONS
		    fi
		    ;;

		[Gg][Rr][Oo][Ww][Ll])
		    myyesno "$j"
		    if [ "$?" -eq "0" ];
		    then
			echo '(import "%%PATH%%growl.sb")' | sed -e "s=%%PATH%%=${processed_template_location}/=g" >> $IT_ADDONS
		    fi
		    ;;
		*)  # This should never happen....
		    logger -t sandbox "ERROR: IronSuite - Malformed configure file ($IT_CONF). Keyword  ($i) not supported. Exiting"
		    echo  "ERROR: IronSuite - Malformed configure file ($IT_CONF). Keyword  ($i) not supported. Exiting"
		    exit 1
		    ;;
	    esac

	fi
    done
	else
    #
    # We dont have a configure file, so we run with full configure. Should we rather run with all OFF?
    #
    echo ';plugins' >>  $IT_ADDONS
    echo '(import "%%PATH%%growl.sb")' | sed -e "s=%%PATH%%=${processed_template_location}/=g" >>  $IA_ADDONS
    echo '(import "%%PATH%%ironfox.sb")' | sed -e "s=%%PATH%%=${processed_template_location}/=g" >>  $IA_ADDONS
fi

# Paranoid stance - block write access to the sandbox profile
echo "(deny file-write"'*'" (literal \"${processed_template_location}/${prog}-profile.sb\"))" >>  $IT_ADDONS

if [ "$IT_DEBUG" = "on" ];
then
    
    # remove the 'with no-log' lines from the rule set
  
    echo "Running in debug mode. File - ${processed_template_location}/${prog}-profile.sb"
    sed -E -e "s/\(deny\ file\-read\-metadata\ \(with\ no\-log\)\)//g" -e "s/\(with no-log\)//g" -e "s/%%username%%/${username}/g" -e "s=%%PATH%%=${processed_template_location}/=g" -e "s=%%tmpdir%%=${tmpbase}=" ${IT_DIR}/${prog}-profile.sb > ${processed_template_location}/${prog}-profile.sb
else
    sed -e "s/%%username%%/${username}/g" -e "s=%%PATH%%=${processed_template_location}/=g" -e "s=%%tmpdir%%=${tmpbase}=" ${IT_DIR}/${prog}-profile.sb > ${processed_template_location}/${prog}-profile.sb
fi

# Now build the complete profile file from the parts enabled by options + base rule set.

cat $IT_ADDONS >>  ${processed_template_location}/${prog}-profile.sb

#
# We copy ALL the plugin files no matter what the config file say
#

sed -e "s/%%username%%/${username}/g" ${IT_DIR}/growl.sb > ${processed_template_location}/growl.sb
sed -e "s/%%username%%/${username}/g" ${IT_DIR}/ironfox.sb > ${processed_template_location}/ironfox.sb

cd ${processed_template_location}
/usr/bin/sandbox-exec -f "${processed_template_location}/${prog}-profile.sb" "/usr/bin/basename" &> /dev/null
/usr/bin/sandbox-exec -f "${processed_template_location}/${prog}-profile.sb" "/Applications/${prog}.app/Contents/MacOS/${prog}" 
