#[macro_export]
macro_rules! define_harden_function {
($visibility:vis fn $name:ident {$($($path:tt).+ = $rhs:tt,)*}) => {
$visibility fn $name() -> $crate::error::Result {
#[allow(unused_mut)]
let mut config = $crate::config::Config::DEFAULT;
$(
define_harden_function!(@@ config, $($path).+ = $rhs);
)*
config.harden_process()
}
};
(@@ $config:ident, anti_tracing = false) => {
$config.set_anti_tracing(false);
};
(@@ $config:ident, anti_tracing = true) => {
$config.set_anti_tracing(true);
};
(@@ $config:ident, fs = false) => {
$config.set_fs(false);
};
(@@ $config:ident, fs = true) => {
$config.set_fs(true);
};
(@@ $config:ident, fs.procfs = false) => {
$config.set_fs_procfs(false);
};
(@@ $config:ident, fs.procfs = true) => {
$config.set_fs_procfs(true);
};
(@@ $config:ident, unstable = false) => {
$config.set_unstable(false);
};
(@@ $config:ident, unstable = true) => {
$config.set_unstable(true);
};
(@@ $config:ident, unstable.win.ntapi = false) => {
$config.set_unstable_win_ntapi(false);
};
(@@ $config:ident, unstable.win.ntapi = true) => {
$config.set_unstable_win_ntapi(true);
};
(@@ $config:ident, unstable.win.kernelmem = false) => {
$config.set_unstable_win_kernelmem(false);
};
(@@ $config:ident, unstable.win.kernelmem = true) => {
$config.set_unstable_win_kernelmem(true);
};
(@@ $config:ident, unstable.assert_feature_enabled = true) => {
const _: () = core::assert!(
core::cfg!(feature = "unstable"),
"`secmem_proc` crate feature `unstable` is not enabled, \
while the configuration requires it"
);
};
(@@ $config:ident, win.dacl = default) => {
$config.set_win_dacl_default();
};
(@@ $config:ident, win.dacl = empty) => {
$config.set_win_dacl_empty();
};
(@@ $config:ident, win.dacl = custom_user_perm($access:expr)) => {
let access: $crate::config::WinDaclProcessAccess = $access;
$config.set_win_dacl_custom_user_perm(access);
};
(@@ $config:ident, win.dacl = custom_fnptr($fnptr:expr)) => {
let fnptr: fn() -> $crate::components::Result = $fnptr;
$config.set_win_dacl_custom_fn(fnptr);
};
}
pub use define_harden_function;
#[cfg(test)]
#[allow(dead_code)]
mod tests {
use super::define_harden_function;
#[test]
fn macrotest_empty() {
define_harden_function! {
fn harden {}
}
}
#[test]
fn macrotest_visibility() {
define_harden_function! {
pub(crate) fn harden {}
}
}
#[test]
fn macrotest_anti_tracing() {
define_harden_function! {
fn harden {
anti_tracing = false,
}
}
}
#[test]
fn macrotest_multisetting() {
define_harden_function! {
fn harden {
anti_tracing = false,
fs = false,
unstable = false,
}
}
}
#[test]
fn macrotest_subsetting() {
define_harden_function! {
fn harden {
fs.procfs = false,
}
}
}
#[cfg(feature = "unstable")]
#[test]
fn macrotest_assert_unstable_feature() {
define_harden_function! {
fn harden {
unstable.assert_feature_enabled = true,
}
}
}
}