Add ReducePledges for easier reduction of pledges

2021-07-08 08:49:24 -06:00 · 2021-07-08 08:49:24 -06:00 · c48b0e8fcf
commit c48b0e8fcf
parent 38a2541667
1 changed files with 35 additions and 0 deletions
--- a/protect.go
+++ b/protect.go
@ -7,6 +7,11 @@ figure it should be a package.
 */
 package protect

+import (
+	"regexp"
+	"strings"
+)
+
 // Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
 // a processes view of the filesystem.
 //
@ -35,3 +40,33 @@ func UnveilBlock() error {
 func Pledge(promises string) error {
 	return pledge(promises)
 }
+
+// ReducePledges takes the current list of plpedges and a list of pledges that
+// should be removed. The new list is returned and Pledge() will be called
+// with the reduced set of pledges.
+func ReducePledges(current, toRemove string) (string, error) {
+	newPledges, err := reduce(current, toRemove)
+	if err != nil {
+		return "", err
+	}
+
+	return newPledges, pledge(newPledges)
+}
+
+func reduce(a, b string) (string, error) {
+	var newList []string
+	currentList := strings.Split(a, " ")
+
+	for _, s := range currentList {
+		match, err := regexp.MatchString(s, b)
+		if err != nil {
+			return "", err
+		}
+
+		if !match {
+			newList = append(newList, s)
+		}
+	}
+
+	return strings.Join(newList, " "), nil
+}