From 497afa1f2ad071b4500403a527457730896578d1 Mon Sep 17 00:00:00 2001
From: Sebastian Walz <sebastian.walz@secunet.com>
Date: Wed, 3 Jul 2024 16:29:13 +0200
Subject: [PATCH] feat(builtins): add builtin `Kill`

---
 src/builtins/kill.rs | 40 ++++++++++++++++++++++++++++++++++++++++
 src/builtins/mod.rs  | 31 +++++++++++++------------------
 2 files changed, 53 insertions(+), 18 deletions(-)
 create mode 100644 src/builtins/kill.rs

diff --git a/src/builtins/kill.rs b/src/builtins/kill.rs
new file mode 100644
index 0000000..4b21841
--- /dev/null
+++ b/src/builtins/kill.rs
@@ -0,0 +1,40 @@
+//! Allow `sys_kill`.
+
+use {crate::RuleSet, syscalls::Sysno};
+
+/// Allow the syscall `kill` to send signals to other processes.
+#[derive(Clone, Copy, Debug, Default, Eq, Hash, PartialEq, PartialOrd)]
+#[must_use]
+pub struct Kill;
+
+impl RuleSet for Kill {
+    fn simple_rules(&self) -> Vec<Sysno> {
+        Vec::from([Sysno::kill])
+    }
+
+    fn name(&self) -> &'static str {
+        "Kill"
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use {super::Kill, crate::RuleSet as _, syscalls::Sysno};
+
+    #[test]
+    fn name() {
+        assert_eq!(Kill.name(), "Kill");
+    }
+
+    #[test]
+    fn simple_rules() {
+        let rules = Kill.simple_rules();
+        assert_eq!(rules.len(), 1);
+        assert!(rules.contains(&Sysno::kill));
+    }
+
+    #[test]
+    fn conditional_rules() {
+        assert!(Kill.conditional_rules().is_empty());
+    }
+}
diff --git a/src/builtins/mod.rs b/src/builtins/mod.rs
index 43b3c50..432b115 100644
--- a/src/builtins/mod.rs
+++ b/src/builtins/mod.rs
@@ -1,5 +1,17 @@
 //! Built-in [`RuleSet`](crate::RuleSet)s
 
+pub mod basic;
+pub mod danger_zone;
+pub mod kill;
+pub mod network;
+pub mod pipes;
+pub mod systemio;
+pub mod time;
+
+pub use {
+    basic::BasicCapabilities, kill::Kill, network::Networking, systemio::SystemIO, time::Time,
+};
+
 /// A struct whose purpose is to make you read the documentation for the function you're calling.
 /// If you're reading this, go read the documentation for the function that is returning this
 /// object.
@@ -16,23 +28,6 @@ impl<T> YesReally<T> {
 
     /// Make a [`YesReally`].
     pub fn new(inner: T) -> YesReally<T> {
-        YesReally {
-            inner,
-        }
+        YesReally { inner }
     }
 }
-
-pub mod basic;
-pub use basic::BasicCapabilities;
-
-pub mod systemio;
-pub use systemio::SystemIO;
-
-pub mod network;
-pub use network::Networking;
-
-pub mod time;
-pub use time::Time;
-
-pub mod danger_zone;
-pub mod pipes;