1 files changed, 35 insertions, 0 deletions

diff --git a/packaging/macosx/ChmodBPF/install-scripts/postinstall b/packaging/macosx/ChmodBPF/install-scripts/postinstall
new file mode 100755
index 00000000..1f11eb3e
--- /dev/null
+++ b/packaging/macosx/ChmodBPF/install-scripts/postinstall
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+#
+# Fix up ownership and permissions on /Library/Application Support/Wireshark;
+# for some reason, it's not being owned by root:wheel, and it's not
+# publicly readable and, for directories and executables, not publicly
+# searchable/executable.
+#
+# Also take away group write permission.
+#
+# XXX - that may be a problem with the process of building the installer
+# package; if so, that's where it *should* be fixed.
+#
+chown -R root:wheel "/Library/Application Support/Wireshark"
+chmod -R a+rX,go-w "/Library/Application Support/Wireshark"
+
+CHMOD_BPF_PLIST="/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist"
+BPF_GROUP="access_bpf"
+BPF_GROUP_NAME="BPF device access ACL"
+min_gid=100
+
+if ! dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1; then
+   free_gid=$(dscl . -list /Groups PrimaryGroupID | sort -bnk2 | awk -v min_gid=$min_gid 'BEGIN{i=min_gid}{if($2==i)i++}END{print i}')
+   dseditgroup -q -o create -i $free_gid -r "$BPF_GROUP_NAME" "$BPF_GROUP"
+fi
+
+dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP"
+
+chmod u=rw,g=r,o=r "$CHMOD_BPF_PLIST"
+chown root:wheel "$CHMOD_BPF_PLIST"
+
+# Clean up our legacy startup item if it's still around.
+rm -rf /Library/StartupItems/ChmodBPF
+
+launchctl bootstrap system "$CHMOD_BPF_PLIST"