From 47bd34873b68cfb4d90af5966af446278227692e Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Wed, 26 Feb 2020 10:20:11 -0800
Subject: [PATCH] macOS: Add a sanity check.

Check the file permissions in our application bundle.

Ping-Bug: 16407
Change-Id: I41c9dc903f764ea74b6f34a21ecb99d44bd1658f
Reviewed-on: https://code.wireshark.org/review/36193
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
 packaging/macosx/osx-app.sh.in | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/packaging/macosx/osx-app.sh.in b/packaging/macosx/osx-app.sh.in
index f5a10cc5d5..bdf40b6c88 100755
--- a/packaging/macosx/osx-app.sh.in
+++ b/packaging/macosx/osx-app.sh.in
@@ -563,4 +563,11 @@ else
 	echo "Code signing not performed (no identity)"
 fi
 
+# File permission sanity check.
+if ! badperms=$( find "$bundle" ! -perm -0444 -exec ls -l "{}" + | grep . ) ; then
+	echo "Found files with restrictive permissions:"
+	echo "$badperms"
+	exit 1
+fi
+
 exit 0