fapolicy_rules/decision.rs
1/*
2 * Copyright Concurrent Technologies Corporation 2021
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at https://mozilla.org/MPL/2.0/.
7 */
8
9use std::fmt::{Display, Formatter};
10
11/// # Decision
12/// If the rule triggers, this is the access decision that fapolicyd will tell the kernel.
13/// If the decision is one of the audit variety, then the decision will trigger a FANOTIFY audit event with all relevant information.
14/// You must have at least one audit rule loaded to generate an audit event.
15/// If the decision is one of the syslog variety, then the decision will trigger writing an event into syslog.
16/// If the decision is of one the log variety, then it will create an audit event and a syslog event.
17///
18/// Regardless of the notification, any rule with a deny in the keyword will deny access and any with an allow in the keyword will allow access.
19///
20#[derive(Clone, Debug, PartialEq)]
21pub enum Decision {
22 AllowAudit,
23 AllowSyslog,
24 AllowLog,
25 Allow,
26 Deny,
27 DenyLog,
28 DenyAudit,
29 DenySyslog,
30}
31
32impl Display for Decision {
33 fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
34 match self {
35 Decision::Allow => f.write_str("allow"),
36 Decision::Deny => f.write_str("deny"),
37 Decision::DenyAudit => f.write_str("deny_audit"),
38 Decision::AllowAudit => f.write_str("allow_audit"),
39 Decision::AllowSyslog => f.write_str("allow_syslog"),
40 Decision::AllowLog => f.write_str("allow_log"),
41 Decision::DenyLog => f.write_str("deny_log"),
42 Decision::DenySyslog => f.write_str("deny_syslog"),
43 }
44 }
45}
46
47#[cfg(test)]
48mod tests {
49 use super::*;
50
51 #[test]
52 fn display() {
53 assert_eq!(format!("{}", Decision::Allow), "allow");
54 assert_eq!(format!("{}", Decision::Deny), "deny");
55 assert_eq!(format!("{}", Decision::DenyAudit), "deny_audit");
56 }
57}