;;; darwin-fns.el --- Darwin-specific functions  -*- lexical-binding: t -*-

;; Copyright (C) 2021 Free Software Foundation, Inc.

;; This file is part of GNU Emacs.

;; GNU Emacs is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation, either version 3 of the License, or
;; (at your option) any later version.

;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.

;;; Code:

(defun darwin-sandbox-enter (dirs)
  "Enter a sandbox only permitting reading files under DIRS.
DIRS is a list of directory names.  Most other operations such as
writing files and network access are disallowed.
Existing open descriptors can still be used freely.

This is not a supported interface and is for internal use only."
  (darwin-sandbox-init
   (concat "(version 1)\n"
           "(deny default)\n"
           ;; Emacs seems to need /dev/null; allowing it does no harm.
           "(allow file-read* (path \"/dev/null\"))\n"
           (mapconcat (lambda (dir)
                        (format "(allow file-read* (subpath %S))\n" dir))
                      dirs ""))))

(provide 'darwin-fns)

;;; darwin-fns.el ends here