From f50fcc54c43c12d089319f4c897ca0868ccc076e Mon Sep 17 00:00:00 2001
From: Sebastian Walz <sebastian.walz@secunet.com>
Date: Wed, 3 Jul 2024 17:04:16 +0200
Subject: [PATCH] feat(builtins): add builtin `Truncate`

---
 src/builtins/mod.rs      | 32 ++++++++++++++-----------------
 src/builtins/truncate.rs | 41 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 18 deletions(-)
 create mode 100644 src/builtins/truncate.rs

diff --git a/src/builtins/mod.rs b/src/builtins/mod.rs
index 43b3c50..916a457 100644
--- a/src/builtins/mod.rs
+++ b/src/builtins/mod.rs
@@ -1,5 +1,18 @@
 //! Built-in [`RuleSet`](crate::RuleSet)s
 
+pub mod basic;
+pub mod danger_zone;
+pub mod network;
+pub mod pipes;
+pub mod systemio;
+pub mod time;
+pub mod truncate;
+
+pub use self::{
+    basic::BasicCapabilities, network::Networking, systemio::SystemIO, time::Time,
+    truncate::Truncate,
+};
+
 /// A struct whose purpose is to make you read the documentation for the function you're calling.
 /// If you're reading this, go read the documentation for the function that is returning this
 /// object.
@@ -16,23 +29,6 @@ impl<T> YesReally<T> {
 
     /// Make a [`YesReally`].
     pub fn new(inner: T) -> YesReally<T> {
-        YesReally {
-            inner,
-        }
+        YesReally { inner }
     }
 }
-
-pub mod basic;
-pub use basic::BasicCapabilities;
-
-pub mod systemio;
-pub use systemio::SystemIO;
-
-pub mod network;
-pub use network::Networking;
-
-pub mod time;
-pub use time::Time;
-
-pub mod danger_zone;
-pub mod pipes;
diff --git a/src/builtins/truncate.rs b/src/builtins/truncate.rs
new file mode 100644
index 0000000..626774c
--- /dev/null
+++ b/src/builtins/truncate.rs
@@ -0,0 +1,41 @@
+//! Allow `sys_truncate` and `sys_ftruncate`.
+
+use {crate::RuleSet, syscalls::Sysno};
+
+/// Allow the syscalls `truncate` and `ftruncate` to truncate files.
+#[derive(Clone, Copy, Debug, Default, Eq, Hash, PartialEq, PartialOrd)]
+#[must_use]
+pub struct Truncate;
+
+impl RuleSet for Truncate {
+    fn simple_rules(&self) -> Vec<Sysno> {
+        Vec::from([Sysno::truncate, Sysno::ftruncate])
+    }
+
+    fn name(&self) -> &'static str {
+        "Truncate"
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use {super::Truncate, crate::RuleSet as _, syscalls::Sysno};
+
+    #[test]
+    fn name() {
+        assert_eq!(Truncate.name(), "Truncate");
+    }
+
+    #[test]
+    fn simple_rules() {
+        let rules = Truncate.simple_rules();
+        assert_eq!(rules.len(), 2);
+        assert!(rules.contains(&Sysno::truncate));
+        assert!(rules.contains(&Sysno::ftruncate));
+    }
+
+    #[test]
+    fn conditional_rules() {
+        assert!(Truncate.conditional_rules().is_empty());
+    }
+}