1// +build openbsd
 2
 3//
 4// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
 5//
 6// Permission to use, copy, modify, and distribute this software for any
 7// purpose with or without fee is hereby granted, provided that the above
 8// copyright notice and this permission notice appear in all copies.
 9//
10// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18package main
19
20/*
21#include <stdlib.h>
22#include <unistd.h>
23*/
24import "C"
25
26import (
27	"fmt"
28	"unsafe"
29)
30
31func Unveil(path string, perms string) error {
32	cpath := C.CString(path)
33	defer C.free(unsafe.Pointer(cpath))
34	cperms := C.CString(perms)
35	defer C.free(unsafe.Pointer(cperms))
36
37	rv, err := C.unveil(cpath, cperms)
38	if rv != 0 {
39		return fmt.Errorf("unveil(%s, %s) failure (%d)", path, perms, err)
40	}
41	return nil
42}
43
44func Pledge(promises string) error {
45	cpromises := C.CString(promises)
46	defer C.free(unsafe.Pointer(cpromises))
47
48	rv, err := C.pledge(cpromises, nil)
49	if rv != 0 {
50		return fmt.Errorf("pledge(%s) failure (%d)", promises, err)
51	}
52	return nil
53}
54
55func init() {
56	preservehooks = append(preservehooks, func() {
57		Unveil("/etc/ssl", "r")
58		if viewDir != dataDir {
59			Unveil(viewDir, "r")
60		}
61		Unveil(dataDir, "rwc")
62		C.unveil(nil, nil)
63		Pledge("stdio rpath wpath cpath flock dns inet unix")
64	})
65	backendhooks = append(backendhooks, func() {
66		Pledge("stdio unix")
67	})
68}