prompting

package
v0.0.0-...-263a040 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2024 License: GPL-3.0 Imports: 13 Imported by: 0

Documentation

Overview

Package prompting provides common types and functions related to AppArmor prompting.

Index

Constants

This section is empty.

Variables

View Source 
var (

	// SupportedRuleLifespans is exported so interfaces/promptin/requestrules
	// can use it when constructing a ErrRuleLifespanSingle
	SupportedRuleLifespans = []string{string(LifespanForever), string(LifespanTimespan)}
)

Functions

func AbstractPermissionsFromAppArmorPermissions 

func AbstractPermissionsFromAppArmorPermissions(iface string, permissions any) ([]string, error)

AbstractPermissionsFromAppArmorPermissions returns the list of permissions corresponding to the given AppArmor permissions for the given interface.

func AbstractPermissionsToAppArmorPermissions 

func AbstractPermissionsToAppArmorPermissions(iface string, permissions []string) (any, error)

AbstractPermissionsToAppArmorPermissions returns AppArmor permissions corresponding to the given permissions for the given interface.

func AvailablePermissions 

func AvailablePermissions(iface string) ([]string, error)

AvailablePermissions returns the list of available permissions for the given interface.

func EnsureStateDir 

func EnsureStateDir() error

EnsureStateDir creates the state directory with appropriate permissions.

func StateDir 

func StateDir() string

StateDir returns the path to the prompting state directory.

Types

type Constraints 

type Constraints struct {
	PathPattern *patterns.PathPattern `json:"path-pattern,omitempty"`
	Permissions []string              `json:"permissions,omitempty"`
}

Constraints hold information about the applicability of a rule to particular paths or permissions. A request matches the constraints if the requested path is matched by the path pattern (according to bash's globstar matching) and the requested permissions are contained in the constraints' permissions.

func (*Constraints) ContainPermissions 

func (c *Constraints) ContainPermissions(permissions []string) bool

ContainPermissions returns true if the constraints include every one of the given permissions.

func (*Constraints) Match 

func (c *Constraints) Match(path string) (bool, error)

Match returns true if the constraints match the given path, otherwise false.

If the constraints or path are invalid, returns an error.

func (*Constraints) ValidateForInterface 

func (c *Constraints) ValidateForInterface(iface string) error

ValidateForInterface returns nil if the constraints are valid for the given interface, otherwise returns an error.

type IDType 

type IDType uint64

func IDFromString 

func IDFromString(idStr string) (IDType, error)

func (*IDType) MarshalJSON 

func (i *IDType) MarshalJSON() ([]byte, error)

func (IDType) String 

func (i IDType) String() string

func (*IDType) UnmarshalJSON 

func (i *IDType) UnmarshalJSON(b []byte) error

type LifespanType 

type LifespanType string

LifespanType describes the temporal scope for which a reply or rule applies. 

const (
	// LifespanUnset indicates that no lifespan was specified, and should only
	// be used while unmarshalling lifespan fields marked as omitempty.
	LifespanUnset LifespanType = ""
	// LifespanForever indicates that the reply/rule should never expire.
	LifespanForever LifespanType = "forever"
	// LifespanSingle indicates that a reply should only apply once, and should
	// not be used to create a rule.
	LifespanSingle LifespanType = "single"
	// LifespanTimespan indicates that a reply/rule should apply for a given
	// duration or until a given expiration timestamp.
	LifespanTimespan LifespanType = "timespan"
)

func (LifespanType) ParseDuration 

func (lifespan LifespanType) ParseDuration(duration string, currTime time.Time) (time.Time, error)

ParseDuration checks that the given duration is valid for the receiver lifespan and parses it into an expiration timestamp.

If the lifespan is LifespanTimespan, then duration must be a string parsable by time.ParseDuration(), representing the duration of time for which the rule should be valid. Otherwise, it must be empty. Returns an error if any of the above are invalid, otherwise computes the expiration time of the rule based on the given currTime and the given duration and returns it.

func (*LifespanType) UnmarshalJSON 

func (lifespan *LifespanType) UnmarshalJSON(data []byte) error

func (LifespanType) ValidateExpiration 

func (lifespan LifespanType) ValidateExpiration(expiration time.Time, currTime time.Time) error

ValidateExpiration checks that the given expiration is valid for the receiver lifespan.

If the lifespan is LifespanTimespan, then expiration must be non-zero and be after the given currTime. Otherwise, it must be zero. Returns an error if any of the above are invalid.

type Metadata 

type Metadata struct {
	// User is the UID of the subject (user) triggering the applicable requests.
	User uint32
	// Snap is the instance name of the snap for which the prompt or rule applies.
	Snap string
	// Interface is the interface for which the prompt or rule applies.
	Interface string
}

Metadata stores information about the origin or applicability of a prompt or rule.

type OutcomeType 

type OutcomeType string

OutcomeType describes the outcome associated with a reply or rule. 

const (
	// OutcomeUnset indicates that no outcome was specified, and should only
	// be used while unmarshalling outcome fields marked as omitempty.
	OutcomeUnset OutcomeType = ""
	// OutcomeAllow indicates that a corresponding request should be allowed.
	OutcomeAllow OutcomeType = "allow"
	// OutcomeDeny indicates that a corresponding request should be denied.
	OutcomeDeny OutcomeType = "deny"
)

func (OutcomeType) AsBool 

func (outcome OutcomeType) AsBool() (bool, error)

AsBool returns true if the outcome is OutcomeAllow, false if the outcome is OutcomeDeny, or an error if it cannot be parsed.

func (*OutcomeType) UnmarshalJSON 

func (outcome *OutcomeType) UnmarshalJSON(data []byte) error

Source Files

View all Source files

Directories

Path Synopsis
The errors package defines common error types which are used across the prompting subsystems, along with constructors for specific errors based on those broader types.
 The errors package defines common error types which are used across the prompting subsystems, along with constructors for specific errors based on those broader types.
internal
maxidmmap
Package maxidmmap provides a type for working with atomically unique prompting-related IDs, backed by a memory mapped file.
 Package maxidmmap provides a type for working with atomically unique prompting-related IDs, backed by a memory mapped file.
Package patterns provides types and functions for working with path patterns for request rules related to AppArmor Prompting.
 Package patterns provides types and functions for working with path patterns for request rules related to AppArmor Prompting.
Package requestrules provides support for holding outstanding request prompts for AppArmor prompting.
 Package requestrules provides support for holding outstanding request prompts for AppArmor prompting.
Package requestrules provides support for storing request rules for AppArmor prompting.
 Package requestrules provides support for storing request rules for AppArmor prompting.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.