~qbit/protect

c48b0e8fcf188de97d1906c3c615c78458314bf4 — Aaron Bieber 3 months ago 38a2541 v1.1.0
Add ReducePledges for easier reduction of pledges
1 files changed, 35 insertions(+), 0 deletions(-)

M protect.go
M protect.go => protect.go +35 -0
@@ 7,6 7,11 @@ figure it should be a package.
*/
package protect

import (
	"regexp"
	"strings"
)

// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
// a processes view of the filesystem.
//


@@ 35,3 40,33 @@ func UnveilBlock() error {
func Pledge(promises string) error {
	return pledge(promises)
}

// ReducePledges takes the current list of plpedges and a list of pledges that
// should be removed. The new list is returned and Pledge() will be called
// with the reduced set of pledges.
func ReducePledges(current, toRemove string) (string, error) {
	newPledges, err := reduce(current, toRemove)
	if err != nil {
		return "", err
	}

	return newPledges, pledge(newPledges)
}

func reduce(a, b string) (string, error) {
	var newList []string
	currentList := strings.Split(a, " ")

	for _, s := range currentList {
		match, err := regexp.MatchString(s, b)
		if err != nil {
			return "", err
		}

		if !match {
			newList = append(newList, s)
		}
	}

	return strings.Join(newList, " "), nil
}