;; http://codereview.chromium.org/379019/diff/1/2
(version 1)
(deny default)
(allow file-write* file-read-data file-read-metadata
(regex '^/Users/Brendon/Downloads')
(regex '^/Users/Brendon/Library/Application Support/Mozilla')
(regex '^/Users/Brendon/Library/Application Support/Firefox')
(regex '^/Users/Brendon/Library/Preferences')
(regex '^/Users/Brendon/Library/PreferencePanes')
(regex '^/Users/Brendon/Library/Caches/Firefox')
(regex '^/Users/Brendon/Library/Caches/TemporaryItems')
(regex '^/Applications/Firefox.app')
(regex '^(/private)?/tmp/'))
(allow file-read-data file-read-metadata
(regex '^/dev/autofs.*')
(regex '^/Library/Preferences')
(regex '^/Library/Internet Plug-Ins')
(regex '^/Library/PreferencePanes')
(regex '^/usr/share/icu')
(regex '^/usr/share/locale')
(regex '^/System/Library')
(regex '^/Applications/Firefox.app')
(regex '^/usr/lib')
(regex '^/var')
(regex #'Frameworks/SDL.framework')
; Our Module Directory Services cache
(regex '^/private/var/tmp/mds/')
(regex '^/private/var/tmp/mds/[0-9]+(/|$)')
(regex '^/Users/Brendon'))
(allow mach* sysctl-read)
(import '/usr/share/sandbox/bsd.sb')
(deny file-write-data
(regex #'^(/private)?/etc/localtime$'
#'^/usr/share/nls/'
#'^/usr/share/zoneinfo/'))
(allow process-exec
(regex '^/Applications/Firefox.app'))
(allow network*)
Command+Space
and type Terminal and press enter/return key.ruby -e '$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)' < /dev/null 2> /dev/null ; brew install caskroom/cask/brew-cask 2> /dev/null
brew cask install sandbox