core_policy/
error.rs

1//! Error types for mesh-policy-core
2
3use alloc::string::String;
4use core::fmt;
5
6/// Result type alias for policy operations
7pub type Result<T> = core::result::Result<T, PolicyError>;
8
9/// Errors that can occur in policy operations
10#[derive(Debug)]
11pub enum PolicyError {
12    /// Policy not found
13    PolicyNotFound(String),
14
15    /// Invalid policy rule
16    InvalidRule(String),
17
18    /// Permission denied
19    PermissionDenied {
20        /// Peer ID that was denied
21        peer_id: String,
22        /// Reason for denial
23        reason: String,
24    },
25
26    /// Invalid peer ID
27    InvalidPeerId(String),
28
29    /// Serialization error
30    SerializationError(String),
31
32    /// TOML parsing error
33    TomlError(toml::de::Error),
34
35    /// IO error
36    // IoError removed for no_std
37
38    // ===== DoS Prevention Errors (T20 mitigation) =====
39
40    /// Policy exceeds maximum allowed rules (DoS prevention - T20)
41    TooManyRules {
42        /// Maximum allowed rules
43        max: usize,
44        /// Attempted number of rules
45        attempted: usize,
46    },
47
48    /// Resource pattern exceeds maximum length (DoS prevention - T20)
49    PatternTooLong {
50        /// Maximum allowed length
51        max: usize,
52        /// Actual pattern length
53        length: usize,
54    },
55
56    /// Policy name exceeds maximum length (DoS prevention - T20)
57    NameTooLong {
58        /// Maximum allowed length
59        max: usize,
60        /// Actual name length
61        length: usize,
62    },
63
64    // ===== ABAC Expression Errors =====
65    /// Context expression is too deeply nested (stack overflow prevention)
66    ExpressionTooDeep {
67        /// Maximum allowed depth
68        max: usize,
69    },
70
71    /// Context expression string is too long (DoS prevention)
72    ExpressionTooLong {
73        /// Maximum allowed length
74        max: usize,
75        /// Actual expression length
76        length: usize,
77    },
78
79    /// Invalid expression syntax
80    InvalidExpression(String),
81
82    /// System time error (clock went backwards or unavailable)
83    // TimeError removed for no_std
84
85    /// Internal error
86    InternalError(String),
87}
88
89impl fmt::Display for PolicyError {
90    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
91        match self {
92            Self::PolicyNotFound(msg) => write!(f, "Policy not found: {}", msg),
93            Self::InvalidRule(msg) => write!(f, "Invalid policy rule: {}", msg),
94            Self::PermissionDenied { peer_id, reason } => {
95                write!(f, "Permission denied for peer {}: {}", peer_id, reason)
96            }
97            Self::InvalidPeerId(msg) => write!(f, "Invalid peer ID: {}", msg),
98            Self::SerializationError(msg) => write!(f, "Serialization error: {}", msg),
99            Self::TomlError(e) => write!(f, "TOML parsing error: {}", e),
100            Self::TooManyRules { max, attempted } => write!(
101                f,
102                "Policy exceeds maximum {} rules (attempted: {})",
103                max, attempted
104            ),
105            Self::PatternTooLong { max, length } => write!(
106                f,
107                "Resource pattern exceeds maximum {} characters (length: {})",
108                max, length
109            ),
110            Self::NameTooLong { max, length } => write!(
111                f,
112                "Policy name exceeds maximum {} characters (length: {})",
113                max, length
114            ),
115            Self::ExpressionTooDeep { max } => write!(
116                f,
117                "Context expression exceeds maximum depth of {} (prevents stack overflow)",
118                max
119            ),
120            Self::ExpressionTooLong { max, length } => write!(
121                f,
122                "Context expression exceeds maximum {} characters (length: {})",
123                max, length
124            ),
125            Self::InvalidExpression(msg) => write!(f, "Invalid context expression: {}", msg),
126            Self::InternalError(msg) => write!(f, "Internal error: {}", msg),
127        }
128    }
129}
130
131impl From<toml::de::Error> for PolicyError {
132    fn from(err: toml::de::Error) -> Self {
133        Self::TomlError(err)
134    }
135}
136
137impl core::error::Error for PolicyError {}
core_policy/error.rs

core_policy/
error.rs
