package org.elasticsearch.nativeaccess;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.Collections;
import org.elasticsearch.core.IOUtils;
import org.elasticsearch.core.SuppressForbidden;
import org.elasticsearch.nativeaccess.NativeAccess;
import org.elasticsearch.nativeaccess.lib.MacCLibrary;
import org.elasticsearch.nativeaccess.lib.NativeLibraryProvider;
import org.elasticsearch.nativeaccess.lib.PosixCLibrary;

/* loaded from: input_file:org/elasticsearch/nativeaccess/MacNativeAccess.class */
class MacNativeAccess extends PosixNativeAccess {
    private static final int F_PREALLOCATE = 42;
    private static final int F_ALLOCATECONTIG = 2;
    private static final int F_ALLOCATEALL = 4;
    private static final int F_PEOFPOSMODE = 3;
    static final int SANDBOX_NAMED = 1;
    static final String SANDBOX_RULES = "(version 1) (allow default) (deny process-fork) (deny process-exec)";
    private final MacCLibrary macLibc;

    /* JADX INFO: Access modifiers changed from: package-private */
    public MacNativeAccess(NativeLibraryProvider nativeLibraryProvider) {
        super("MacOS", nativeLibraryProvider, new PosixConstants(ProcessLimits.UNLIMITED, 5, 1, 6, 512, 144, 96, 104));
        this.macLibc = (MacCLibrary) nativeLibraryProvider.getLibrary(MacCLibrary.class);
    }

    @Override // org.elasticsearch.nativeaccess.PosixNativeAccess
    protected long getMaxThreads() {
        return -1L;
    }

    @Override // org.elasticsearch.nativeaccess.PosixNativeAccess
    protected void logMemoryLimitInstructions() {
    }

    @Override // org.elasticsearch.nativeaccess.PosixNativeAccess
    protected boolean nativePreallocate(int i, long j, long j2) {
        PosixCLibrary.FStore newFStore = this.libc.newFStore();
        newFStore.set_flags(2);
        newFStore.set_posmode(F_PEOFPOSMODE);
        newFStore.set_offset(0L);
        newFStore.set_length(j2);
        if (this.libc.fcntl(i, F_PREALLOCATE, newFStore) != 0) {
            newFStore.set_flags(F_ALLOCATEALL);
            if (this.libc.fcntl(i, F_PREALLOCATE, newFStore) != 0) {
                logger.warn("Could not allocate non-contiguous size: " + this.libc.strerror(this.libc.errno()));
                return false;
            }
        }
        if (this.libc.ftruncate(i, j2) == 0) {
            return true;
        }
        logger.warn("Could not truncate file: " + this.libc.strerror(this.libc.errno()));
        return false;
    }

    @Override // org.elasticsearch.nativeaccess.NativeAccess
    public void tryInstallExecSandbox() {
        initBsdSandbox();
        initMacSandbox();
        this.execSandboxState = NativeAccess.ExecSandboxState.ALL_THREADS;
    }

    @SuppressForbidden(reason = "Java tmp dir is ok")
    private static Path createTempRulesFile() throws IOException {
        return Files.createTempFile("es", "sb", new FileAttribute[0]);
    }

    private void initMacSandbox() {
        try {
            Path createTempRulesFile = createTempRulesFile();
            Files.write(createTempRulesFile, Collections.singleton(SANDBOX_RULES), new OpenOption[0]);
            try {
                MacCLibrary.ErrorReference newErrorReference = this.macLibc.newErrorReference();
                if (this.macLibc.sandbox_init(createTempRulesFile.toAbsolutePath().toString(), 1L, newErrorReference) != 0) {
                    UnsupportedOperationException unsupportedOperationException = new UnsupportedOperationException("sandbox_init(): " + newErrorReference.toString());
                    this.macLibc.sandbox_free_error(newErrorReference);
                    throw unsupportedOperationException;
                }
                logger.debug("OS X seatbelt initialization successful");
                IOUtils.deleteFilesIgnoringExceptions(new Path[]{createTempRulesFile});
            } catch (Throwable th) {
                IOUtils.deleteFilesIgnoringExceptions(new Path[]{createTempRulesFile});
                throw th;
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private void initBsdSandbox() {
        PosixCLibrary.RLimit newRLimit = this.libc.newRLimit();
        newRLimit.rlim_cur(0L);
        newRLimit.rlim_max(0L);
        if (this.libc.setrlimit(7, newRLimit) != 0) {
            throw new UnsupportedOperationException("RLIMIT_NPROC unavailable: " + this.libc.strerror(this.libc.errno()));
        }
        logger.debug("BSD RLIMIT_NPROC initialization successful");
    }
}
