pub mod policy;
pub mod error;
#[cfg(target_os = "macos")]
pub mod seatbelt;
#[cfg(target_os = "linux")]
pub mod landlock;
#[cfg(windows)]
pub mod windows;
pub use policy::{SandboxPolicy, NetworkPolicy, PathPermission};
pub use error::SandboxError;
use std::process::Command;
pub trait Sandbox: Send + Sync {
fn wrap_command(&self, cmd: Command) -> Result<Command, SandboxError>;
fn is_available() -> bool where Self: Sized;
fn sandbox_type(&self) -> &'static str;
}
pub fn create_sandbox(policy: SandboxPolicy) -> Result<Box<dyn Sandbox>, SandboxError> {
#[cfg(target_os = "macos")]
{
Ok(Box::new(seatbelt::SeatbeltSandbox::new(policy)?))
}
#[cfg(target_os = "linux")]
{
Ok(Box::new(landlock::LandlockSandbox::new(policy)?))
}
#[cfg(windows)]
{
Err(SandboxError::NotAvailable("Windows sandbox not implemented".into()))
}
#[cfg(not(any(target_os = "macos", target_os = "linux", windows)))]
{
Err(SandboxError::NotAvailable("No sandbox available for this platform".into()))
}
}
pub fn is_sandbox_available() -> bool {
#[cfg(target_os = "macos")]
{
seatbelt::SeatbeltSandbox::is_available()
}
#[cfg(target_os = "linux")]
{
landlock::LandlockSandbox::is_available()
}
#[cfg(not(any(target_os = "macos", target_os = "linux")))]
{
false
}
}