selinux/new_policy/
permissions.rs1use std::num::NonZeroU8;
6
7use super::NewPolicy;
8use super::error::{ParseError, SerializeError, ValidateError};
9use super::id_type::IdType;
10use super::parser::PolicyCursor;
11use super::traits::{Parse, PolicyId, Serialize, Validate};
12use selinux_policy_derive::{HasName, HasPolicyId};
13
14#[derive(Copy, Clone, Debug, Hash, Eq, Ord, PartialEq, PartialOrd)]
16pub struct PermissionTag;
17
18pub type PermissionId = IdType<NonZeroU8, PermissionTag>;
20
21#[derive(Debug, Clone, PartialEq, Eq, HasName, HasPolicyId)]
23pub struct Permission {
24 id: PermissionId,
25 name: Box<[u8]>,
26}
27
28impl Permission {
29 pub fn index(&self) -> u8 {
31 (self.id.as_u32() - 1) as u8
32 }
33}
34
35impl Parse for Permission {
36 fn parse(cursor: &mut PolicyCursor<'_>) -> Result<Self, ParseError> {
37 let length = u32::parse(cursor)? as usize;
38 let id_val = u32::parse(cursor)?;
39
40 if id_val == 0 || id_val > 32 {
42 return Err(ParseError::InvalidId { value: id_val });
43 }
44
45 let name = Box::from(cursor.read_bytes(length)?);
46 let id = PermissionId::from_u32(id_val).ok_or(ParseError::InvalidId { value: id_val })?;
47
48 Ok(Self { id, name })
49 }
50}
51
52impl Serialize for Permission {
53 fn serialize(&self, writer: &mut Vec<u8>) -> Result<(), SerializeError> {
54 let length = self.name.len() as u32;
55 length.serialize(writer)?;
56 self.id.as_u32().serialize(writer)?;
57 writer.extend_from_slice(&self.name);
58 Ok(())
59 }
60}
61
62impl Validate for Permission {
63 fn validate(&self, _policy: &NewPolicy) -> Result<(), ValidateError> {
64 Ok(())
66 }
67}
68
69impl Validate for PermissionId {
70 fn validate(&self, _policy: &NewPolicy) -> Result<(), ValidateError> {
71 Ok(())
72 }
73}