Add java-vm_sandbox-predict for installing a sandbox control file along with any JVM that needs it. Bug 388937#c1

1 files changed, 24 insertions, 2 deletions

diff --git a/eclass/java-vm-2.eclass b/eclass/java-vm-2.eclass
index a22f77673d9a..4435f447658e 100644
--- a/eclass/java-vm-2.eclass
+++ b/eclass/java-vm-2.eclass
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/java-vm-2.eclass,v 1.36 2011/10/30 11:06:38 caster Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/java-vm-2.eclass,v 1.37 2011/11/12 13:05:33 sera Exp $
 
 # -----------------------------------------------------------------------------
 # @eclass-begin
@@ -204,6 +204,28 @@ java-vm_revdep-mask() {
 	elog "USE flags (typically X, alsa, odbc) and some Java code may fail without them."
 }
 
+# -----------------------------------------------------------------------------
+# @ebuild-function java-vm_sandbox-predict
+#
+# Install a sandbox control file. Specified paths won't cause a sandbox
+# violation if opened read write but no write takes place. See bug 388937#c1
+#
+# @example
+#   java-vm_sandbox-predict /dev/random /proc/self/coredump_filter
+# -----------------------------------------------------------------------------
+java-vm_sandbox-predict() {
+	debug-print-function ${FUNCNAME} "$*"
+	[[ -z "${1}" ]] && die "${FUNCNAME} takes at least one argument"
+
+	has ${EAPI:-0} 0 1 2 && ! use prefix && ED="${D}"
+
+	local path path_arr=("$@")
+	IFS=":" path="${path_arr[*]}"
+	dodir /etc/sandbox.d
+	echo "SANDBOX_PREDICT=\"${path}\"" > "${ED}/etc/sandbox.d/20${VMHANDLE}" \
+		|| die "Failed to write sandbox control file"
+}
+
 java_get_plugin_dir_() {
 	has ${EAPI:-0} 0 1 2 && ! use prefix && EPREFIX=
 	echo "${EPREFIX}"/usr/$(get_libdir)/nsbrowser/plugins