diff --git a/lib/core/app_protection.sh b/lib/core/app_protection.sh index b87147c..7704435 100755 --- a/lib/core/app_protection.sh +++ b/lib/core/app_protection.sh @@ -736,54 +736,54 @@ find_app_receipt_files() { # Whitelisted prefixes case "$clean_path" in /Applications/*) is_safe=true ;; - /Users/*) is_safe=true ;; - /usr/local/*) is_safe=true ;; - /opt/*) is_safe=true ;; - /Library/*) - # Filter sub-paths in /Library to avoid system damage - # Allow safely: Application Support, Caches, Logs, Preferences - case "$clean_path" in - /Library/Application\ Support/*) is_safe=true ;; - /Library/Caches/*) is_safe=true ;; - /Library/Logs/*) is_safe=true ;; - /Library/Preferences/*) is_safe=true ;; - /Library/PrivilegedHelperTools/*) is_safe=true ;; - /Library/LaunchAgents/*) is_safe=true ;; - /Library/LaunchDaemons/*) is_safe=true ;; - /Library/Internet\ Plug-Ins/*) is_safe=true ;; - /Library/Audio/Plug-Ins/*) is_safe=true ;; - /Library/Extensions/*) is_safe=false ;; # Default unsafe - *) is_safe=false ;; - esac - ;; - esac + /Users/*) is_safe=true ;; + /usr/local/*) is_safe=true ;; + /opt/*) is_safe=true ;; + /Library/*) + # Filter sub-paths in /Library to avoid system damage + # Allow safely: Application Support, Caches, Logs, Preferences + case "$clean_path" in + /Library/Application\ Support/*) is_safe=true ;; + /Library/Caches/*) is_safe=true ;; + /Library/Logs/*) is_safe=true ;; + /Library/Preferences/*) is_safe=true ;; + /Library/PrivilegedHelperTools/*) is_safe=true ;; + /Library/LaunchAgents/*) is_safe=true ;; + /Library/LaunchDaemons/*) is_safe=true ;; + /Library/Internet\ Plug-Ins/*) is_safe=true ;; + /Library/Audio/Plug-Ins/*) is_safe=true ;; + /Library/Extensions/*) is_safe=false ;; # Default unsafe + *) is_safe=false ;; + esac + ;; + esac - # Hard blocks - case "$clean_path" in - /System/* | /usr/bin/* | /usr/lib/* | /bin/* | /sbin/*) is_safe=false ;; - esac + # Hard blocks + case "$clean_path" in + /System/* | /usr/bin/* | /usr/lib/* | /bin/* | /sbin/*) is_safe=false ;; + esac - if [[ "$is_safe" == "true" && -e "$clean_path" ]]; then - # Only valid files - # Don't delete directories if they are non-empty parents? - # lsbom lists directories too. - # If we return a directory, `safe_remove` logic handles it. - # `uninstall.sh` uses `remove_file_list`. - # If `lsbom` lists `/Applications` (it shouldn't, only contents), we must be careful. - # `lsbom` usually lists `./Applications/MyApp.app`. - # If it lists `./Applications`, we must skip it. + if [[ "$is_safe" == "true" && -e "$clean_path" ]]; then + # Only valid files + # Don't delete directories if they are non-empty parents? + # lsbom lists directories too. + # If we return a directory, `safe_remove` logic handles it. + # `uninstall.sh` uses `remove_file_list`. + # If `lsbom` lists `/Applications` (it shouldn't, only contents), we must be careful. + # `lsbom` usually lists `./Applications/MyApp.app`. + # If it lists `./Applications`, we must skip it. - # Extra check: path must be deep enough? - # If path is just "/Applications", skip. - if [[ "$clean_path" == "/Applications" || "$clean_path" == "/Library" || "$clean_path" == "/usr/local" ]]; then - continue + # Extra check: path must be deep enough? + # If path is just "/Applications", skip. + if [[ "$clean_path" == "/Applications" || "$clean_path" == "/Library" || "$clean_path" == "/usr/local" ]]; then + continue + fi + + receipt_files+=("$clean_path") fi - receipt_files+=("$clean_path") - fi - - done <<< "$bom_content" - done + done <<< "$bom_content" + done fi if [[ ${#receipt_files[@]} -gt 0 ]]; then printf '%s\n' "${receipt_files[@]}"