landlock/scope.rs
1// SPDX-License-Identifier: Apache-2.0 OR MIT
2
3use crate::{uapi, Access, ABI};
4use enumflags2::{bitflags, BitFlags};
5
6/// Scope right.
7///
8/// Each variant of `Scope` is a
9/// [scope flag](https://www.kernel.org/doc/html/latest/userspace-api/landlock.html#scope-flags).
10/// A set of scopes can be created with [`BitFlags<Scope>`](BitFlags).
11///
12/// # Example
13///
14/// ```
15/// use landlock::{ABI, Access, Scope, BitFlags, make_bitflags};
16///
17/// let signal = Scope::Signal;
18///
19/// let signal_set: BitFlags<Scope> = signal.into();
20///
21/// let signal_uds = make_bitflags!(Scope::{Signal | AbstractUnixSocket});
22///
23/// let scope_v6 = Scope::from_all(ABI::V6);
24///
25/// assert_eq!(signal_uds, scope_v6);
26/// ```
27///
28/// # Warning
29///
30/// To avoid unknown restrictions **don't use `BitFlags::<Scope>::all()` nor `BitFlags::ALL`**,
31/// but use a version you tested and vetted instead,
32/// for instance [`Scope::from_all(ABI::V6)`](Access::from_all).
33/// Direct use of **the [`BitFlags`] API is deprecated**.
34/// See [`ABI`] for the rationale and help to test it.
35#[bitflags]
36#[repr(u64)]
37#[derive(Copy, Clone, Debug, PartialEq, Eq)]
38#[non_exhaustive]
39pub enum Scope {
40 /// Restrict from connecting to abstract UNIX sockets created outside the sandbox.
41 AbstractUnixSocket = uapi::LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET as u64,
42 /// Restrict from sending signals to processes outside the sandbox.
43 Signal = uapi::LANDLOCK_SCOPE_SIGNAL as u64,
44}
45
46/// # Warning
47///
48/// If `ABI <= ABI::V5`, `Scope::from_all()` returns an empty `BitFlags<AccessScope>`, which
49/// makes `Ruleset::handle_access(AccessScope::from_all(ABI::V5))` return an error.
50impl Access for Scope {
51 fn from_all(abi: ABI) -> BitFlags<Self> {
52 match abi {
53 ABI::Unsupported | ABI::V1 | ABI::V2 | ABI::V3 | ABI::V4 | ABI::V5 => BitFlags::EMPTY,
54 ABI::V6 => Scope::AbstractUnixSocket | Scope::Signal,
55 }
56 }
57}