//go:build !openbsd

// Copyright (c) 2022 Tim Kuijsten
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

// Package ossec provides Pledge and Unveil. These are enforced using
// [pledge(2)] and [unveil(2)] when compiled on OpenBSD and a no-op when
// compiled on other systems.
//
// [pledge(2)]: https://man.openbsd.org/pledge.2
// [unveil(2)]: https://man.openbsd.org/unveil.2
package ossec

// Unveil parts of a restricted filesystem view.
//
// The first call to Unveil that specifies a path removes visibility of the
// entire filesystem from all other filesystem-related system calls (such as
// [os.Open], [os.Chmod] and [os.Rename]), except for the specified path and
// permissions.
//
// Unveil remains capable of traversing to any path in the filesystem, so
// additional calls can set permissions at other points in the filesystem
// hierarchy.
//
// After establishing a collection of path and permissions rules, future calls
// to Unveil can be disabled by passing two empty string arguments ("").
// Alternatively, [Pledge] may be used to remove the "unveil" promise.
//
// The permissions argument points to a string consisting of zero or more of the
// following characters:
//     r  Make path available for read operations, corresponding to the Pledge
//        promise "rpath".
//     w  Make path available for write operations, corresponding to the Pledge
//        promise "wpath".
//     x  Make path available for execute operations, corresponding to the
//        Pledge promise "exec".
//     c  Allow path to be created and removed, corresponding to the Pledge
//        promise "cpath".
//
// Unveil implements the unveil syscall. For more information see
// https://man.openbsd.org/unveil.2
func Unveil(path string, permissions string) error {
	return nil
}

// Restrict system operations.
//
// Pledge forces the current process into a restricted-service operating mode. A
// few subsets are available, roughly described as computation, memory
// management, read-write operations on file descriptors, opening of files, and
// networking. Subsequent calls to Pledge can reduce the abilities further, but
// abilities can never be regained.
//
// A process which attempts a restricted operation is killed with an uncatchable
// SIGABRT, delivering a core file if possible.
//
// A promises value of "" restricts the process to [os.Exit]. This can be used
// for pure computation operating on memory shared with another process.
//
// The promises argument is specified as a string, with space separated
// keywords. For a full list consult [pledge(2)], what follows is a subset:
//     stdio     Allow most types of IO operations on previously allocated file
//               descriptors.
//     rpath     A number of system calls are allowed if they only cause read-
//               only effects on the filesystem.
//     wpath     A number of system calls are allowed and may cause write-
//               effects on the filesystem.
//     cpath     A number of system calls and sub-modes are allowed, which may
//               create new files or directories in the filesystem.
//     dpath     A number of system calls are allowed to create special files.
//     tmppath   A number of system calls are allowed to do operations in the
//               /tmp directory, including create, read, or write.
//     inet      A number of system calls are allowed when operating in the
//               [syscall.AF_INET] and [syscall.AF_INET6] domains.
//     fattr     A number of system calls are allowed to make explicit changes
//               to fields in struct stat relating to a file.
//     chown     [os.Chown] is allowed to change the user or group on a file.
//     flock     File locking via [syscall.FcntlFlock], [syscall.Flock], and
//               [syscall.Open] is allowed. No distinction is made between
//               shared and exclusive locks. This promise is required for unlock
//               as well as lock.
//     unix      A number of system calls are allowed to operate in the
//               [syscall.AF_UNIX] domain.
//     dns       Subsequent to a successful open(2) of /etc/resolv.conf, a few
//               system calls become able to allow DNS network transactions.
//     getpw     This allows read-only opening of files in /etc for the
//               [os/user] family of functions.
//     tty       In addition to allowing read-write operations on /dev/tty, this
//               opens up a variety of ioctl(2) requests used by tty devices.
//     proc      Allows the following process relationship operations:
//               fork(2), vfork(2), [syscall.Kill], [syscall.Getpriority],
//               [syscall.Setpriority], [syscall.Setrlimit], [syscall.Setpgid],
//               [syscall.Setsid]
//     exec      Allows a process to call [syscall.Exec]. Coupled with the proc
//               promise, this allows a process to fork and execute another
//               program. If execpromises has been previously set the new
//               program begins with those promises, unless setuid/setgid bits
//               are set in which case execution is blocked with
//               [syscall.EACCES]. Otherwise the new program starts running
//               without pledge active.
//     settime   Allows the setting of system time, via the
//               [syscall.Settimeofday] and [syscall.Adjtimex].
//     id        Allows the following system calls which can change the rights
//               of a process: [syscall.Setuid], [syscall.Seteuid],
//               [syscall.Setreuid], [syscall.Setresuid], [syscall.Setgid],
//               [syscall.Setegid], [syscall.Setregid], [syscall.Setresgid],
//               [syscall.Setgroups], [syscall.Setrlimit],
//               [syscall.Getpriority], [syscall.Setpriority]
//     unveil    Allow [Unveil] to be called.
//
// Pledge implements the pledge syscall. For more information see [pledge(2)].
//
// [pledge(2)]: https://man.openbsd.org/pledge.2
func Pledge(promises, execpromises string) error {
	return nil
}

// Pledge without changing the execpromises.
//
// See [Pledge].
func PledgePromises(promises string) error {
	return nil
}