Module: AgentJail::FFI::Seatbelt

Extended by:: FFI::Library

Defined in:: lib/agent_jail/ffi/seatbelt.rb

Overview

FFI bindings for macOS Seatbelt (sandbox_init). sandbox_init(3) is deprecated since macOS 10.8 but remains functional. No-op stubs are defined when libsandbox is unavailable so the module always responds to sandbox_init / sandbox_free_error regardless of platform.

Constant Summary collapse

AVAILABLE =

begin
  ffi_lib "libsandbox.1.dylib"

  # int sandbox_init(const char *profile, uint64_t flags, char **errorbuf)
  attach_function :sandbox_init, %i[string uint64 pointer], :int
  # void sandbox_free_error(char *errorbuf)
  attach_function :sandbox_free_error, [:pointer], :void

  true
rescue LoadError
  # No-op stubs — callers check AVAILABLE before using; stubs keep the
  # interface consistent and allow mocking in tests on all platforms.
  def self.sandbox_init(_profile, _flags, _errbuf)
    0
  end

  def self.sandbox_free_error(_errbuf)
    nil
  end

  false
end