// SPDX-License-Identifier: GPL-2.0
/*
 * Sandbox itself and execute another program (in a different mount point).
 *
 * Used by layout1.umount_sandboxer from fs_test.c
 *
 * Copyright © 2024-2025 Microsoft Corporation
 */

#define _GNU_SOURCE
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/prctl.h>
#include <unistd.h>

#include "wrappers.h"

int main(int argc, char *argv[])
{
	struct landlock_ruleset_attr ruleset_attr = {
		.scoped = LANDLOCK_SCOPE_SIGNAL,
	};
	int pipe_child, pipe_parent, ruleset_fd;
	char buf;

	/*
	 * The first argument must be the file descriptor number of a pipe.
	 * The second argument must be the program to execute.
	 */
	if (argc != 4) {
		fprintf(stderr, "Wrong number of arguments (not three)\n");
		return 1;
	}

	pipe_child = atoi(argv[2]);
	pipe_parent = atoi(argv[3]);

	ruleset_fd =
		landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
	if (ruleset_fd < 0) {
		perror("Failed to create ruleset");
		return 1;
	}

	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
		perror("Failed to call prctl()");
		return 1;
	}

	if (landlock_restrict_self(ruleset_fd, 0)) {
		perror("Failed to restrict self");
		return 1;
	}

	if (close(ruleset_fd)) {
		perror("Failed to close ruleset");
		return 1;
	}

	/* Signals that we are sandboxed. */
	errno = 0;
	if (write(pipe_child, ".", 1) != 1) {
		perror("Failed to write to the second argument");
		return 1;
	}

	/* Waits for the parent to try to umount. */
	if (read(pipe_parent, &buf, 1) != 1) {
		perror("Failed to write to the third argument");
		return 1;
	}

	/* Shifts arguments. */
	argv[0] = argv[1];
	argv[1] = argv[2];
	argv[2] = argv[3];
	argv[3] = NULL;
	execve(argv[0], argv, NULL);
	perror("Failed to execute the provided binary");
	return 1;
}