From 3679c9b4dea612c053eb13bbe80ec989674d4a97 Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Tue, 21 Sep 2021 16:30:41 -0600
Subject: [PATCH] Add UnveilSet

---
 go.mod          |  2 +-
 go.sum          |  4 ++--
 protect.go      | 17 +++++++++++++++++
 protect_test.go | 29 +++++++++++++++++++++++++++++
 4 files changed, 49 insertions(+), 3 deletions(-)
 create mode 100644 protect_test.go

diff --git a/go.mod b/go.mod
index 45ff8af..6e83c60 100644
--- a/go.mod
+++ b/go.mod
@@ -2,4 +2,4 @@ module suah.dev/protect
 
 go 1.14
 
-require golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3
+require golang.org/x/sys v0.0.0-20210917161153-d61c044b1678
diff --git a/go.sum b/go.sum
index 2feba76..53dada2 100644
--- a/go.sum
+++ b/go.sum
@@ -1,2 +1,2 @@
-golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 h1:5B6i6EAiSYyejWfvc5Rc9BbI3rzIsrrXfAQBWnYfn+w=
-golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210917161153-d61c044b1678 h1:J27LZFQBFoihqXoegpscI10HpjZ7B5WQLLKL2FZXQKw=
+golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/protect.go b/protect.go
index a369bcf..b674dc3 100644
--- a/protect.go
+++ b/protect.go
@@ -25,6 +25,23 @@ func Unveil(path string, flags string) error {
 	return unveil(path, flags)
 }
 
+// UnveilSet takes a set of Unveils and runs them all, returning the first
+// error encountered. Optionally call UnveilBlock at the end.
+func UnveilSet(set map[string]string, block bool) error {
+	for p, s := range set {
+		err := Unveil(p, s)
+		if err != nil {
+			return err
+		}
+	}
+
+	if block {
+		return UnveilBlock()
+	}
+
+	return nil
+}
+
 // UnveilBlock locks the Unveil'd paths. Preventing further changes to a
 // processes filesystem view.
 //
diff --git a/protect_test.go b/protect_test.go
new file mode 100644
index 0000000..ee4545f
--- /dev/null
+++ b/protect_test.go
@@ -0,0 +1,29 @@
+package protect
+
+import (
+	"testing"
+)
+
+func TestReduce(t *testing.T) {
+	expected := "stdio unix rpath cpath"
+	a := "stdio tty unix unveil rpath cpath wpath"
+	b := "unveil tty wpath"
+
+	n, err := reduce(a, b)
+	if err != nil {
+		t.Error(err)
+	}
+
+	if n != expected {
+		t.Errorf("reduce: expected %q got %q\n", expected, n)
+	}
+
+	c, err := reduce(n, "rpath cpath")
+	if err != nil {
+		t.Error(err)
+	}
+
+	if c != "stdio unix" {
+		t.Errorf("reduce: expected %q got %q\n", "stdio unix", c)
+	}
+}