#include "rules.h"
#include "../err.h"
#include "../utils/log.h"

#include <fcntl.h>
#include <stdlib.h>
#include <string.h>

LIST_HEAD(seccomp_rules);

void register_rule(struct rule *rule) { list_add(&rule->list, &seccomp_rules); }

void setup_common(scmp_filter_ctx ctx, const char *exe_path) {
    // allow to execute self
    add_syscall_nr_arg(SCMP_SYS(execve), ctx, SCMP_ACT_ALLOW, 1, &SCMP_A0(SCMP_CMP_EQ, (scmp_datum_t)exe_path));

    // allow to read files - do not allow "write", "readwrite", "append", "create"
    add_syscall_nr_arg(SCMP_SYS(open), ctx, SCMP_ACT_ALLOW, 1,
                       &SCMP_A1(SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR | O_APPEND | O_CREAT | O_EXCL, 0));
    add_syscall_nr_arg(SCMP_SYS(openat), ctx, SCMP_ACT_ALLOW, 1,
                       &SCMP_A2(SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR | O_APPEND | O_CREAT | O_EXCL, 0));

    // prlimit64(302) - disallow new_limit
    add_syscall_nr_arg(SCMP_SYS(prlimit64), ctx, SCMP_ACT_ALLOW, 1, &SCMP_A2(SCMP_CMP_NE, 0));

    // some commonly used syscall(s)
    int white[] = {
        SCMP_SYS(read),            // 0
        SCMP_SYS(write),           // 1
        SCMP_SYS(close),           // 3
        SCMP_SYS(fstat),           // 5
        SCMP_SYS(lseek),           // 8
        SCMP_SYS(mmap),            // 9
        SCMP_SYS(mprotect),        // 10
        SCMP_SYS(munmap),          // 11
        SCMP_SYS(brk),             // 12
        SCMP_SYS(pread64),         // 17
        SCMP_SYS(writev),          // 20
        SCMP_SYS(access),          // 21
        SCMP_SYS(nanosleep),       // 35
        SCMP_SYS(getpid),          // 39
        SCMP_SYS(arch_prctl),      // 158
        SCMP_SYS(clock_gettime),   // 228
        SCMP_SYS(clock_getres),    // 229
        SCMP_SYS(clock_nanosleep), // 230
        SCMP_SYS(exit_group),      // 231
        SCMP_SYS(newfstatat),      // 262
        SCMP_SYS(getrandom),       // 318

    };
    ADD_RULE_LIST(white, SCMP_ACT_ALLOW);
}

void setup_rule(const char *name, scmp_filter_ctx ctx, const char *exe_path) {
    struct list_head *current;
    struct rule      *rule;

    setup_common(ctx, exe_path);

    list_for_each(current, &seccomp_rules) {
        rule = list_entry(current, struct rule, list);
        if (strcmp(rule->name, name) == 0) {
            rule->setup(ctx);
            return;
        }
    }

    LOG_ERR("No rule found for %s", name);
    dump_rules();
    exit(ERR_NO_RULE_FOUND);
}

void dump_rules(void) {
    struct list_head *current;
    struct rule      *rule;
    LOG_INFO("Available Rules:");
    list_for_each(current, &seccomp_rules) {
        rule = list_entry(current, struct rule, list);
        LOG_INFO("> %s", rule->name);
    }
}