Skip to main content

selinux/
local_cache.rs

1// Copyright 2026 The Fuchsia Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5use crate::permission_check::PermissionCheckResult;
6use crate::policy::{KernelAccessDecision, XpermsKind};
7use crate::{KernelClass, KernelPermission, SecurityId};
8
9/// A per-thread cache for permission checks. Currently empty.
10#[derive(Debug, Default)]
11pub struct PerThreadCache {}
12
13impl PerThreadCache {
14    /// Looks up a fd use decision in cache, or falls back to using `compute`.
15    #[inline]
16    pub fn lookup_fd_use<F>(
17        &self,
18        _source_sid: SecurityId,
19        _target_sid: SecurityId,
20        compute: F,
21    ) -> PermissionCheckResult
22    where
23        F: FnOnce() -> PermissionCheckResult,
24    {
25        compute()
26    }
27
28    /// Looks up an xperms access decision in cache, or falls back to calling `compute`.
29    #[inline]
30    pub(crate) fn check_xperm<F>(
31        &self,
32        _kind: XpermsKind,
33        _source_sid: SecurityId,
34        _target_sid: SecurityId,
35        _permission: KernelPermission,
36        _xperm: u16,
37        compute: F,
38    ) -> PermissionCheckResult
39    where
40        F: FnOnce() -> PermissionCheckResult,
41    {
42        compute()
43    }
44
45    /// Looks up an access decision in cache, or falls back to calling `compute`. This caches the
46    /// whole access vector instead of individual permissions so that multiple checks for different
47    /// permissions on the same (source, target, class) triple can make use of the cache.
48    #[inline]
49    pub(crate) fn lookup_access_decision<F>(
50        &self,
51        _source_sid: SecurityId,
52        _target_sid: SecurityId,
53        _class: KernelClass,
54        compute: F,
55    ) -> KernelAccessDecision
56    where
57        F: FnOnce() -> KernelAccessDecision,
58    {
59        compute()
60    }
61}