netlink_packet_audit/rules/
field.rs

1// SPDX-License-Identifier: MIT
2
3use crate::constants::*;
4
5#[derive(Debug, PartialEq, Eq, Clone)]
6#[non_exhaustive]
7pub enum RuleField {
8    Pid(u32),
9    Uid(u32),
10    Euid(u32),
11    Suid(u32),
12    Fsuid(u32),
13    Gid(u32),
14    Egid(u32),
15    Sgid(u32),
16    Fsgid(u32),
17    Loginuid(u32),
18    Pers(u32),
19    Arch(u32),
20    Msgtype(u32),
21    Ppid(u32),
22    LoginuidSet(u32),
23    Sessionid(u32),
24    Fstype(u32),
25    Devmajor(u32),
26    Devminor(u32),
27    Inode(u32),
28    Exit(u32),
29    Success(u32),
30    Perm(u32),
31    Filetype(u32),
32    ObjUid(u32),
33    ObjGid(u32),
34    FieldCompare(u32),
35    Exe(u32),
36    Arg0(u32),
37    Arg1(u32),
38    Arg2(u32),
39    Arg3(u32),
40
41    Watch(String),
42    Dir(String),
43    Filterkey(String),
44
45    SubjUser(String),
46    SubjRole(String),
47    SubjType(String),
48    SubjSen(String),
49    SubjClr(String),
50
51    ObjUser(String),
52    ObjRole(String),
53    ObjType(String),
54    ObjLevLow(String),
55    ObjLevHigh(String),
56}
57
58#[derive(Copy, Debug, PartialEq, Eq, Clone)]
59#[non_exhaustive]
60pub enum RuleFieldFlags {
61    BitMask,
62    BitTest,
63    LessThan,
64    GreaterThan,
65    NotEqual,
66    Equal,
67    LessThanOrEqual,
68    GreaterThanOrEqual,
69    None,
70    Unknown(u32),
71}
72
73impl From<u32> for RuleFieldFlags {
74    fn from(value: u32) -> Self {
75        use self::RuleFieldFlags::*;
76        match value {
77            AUDIT_BIT_MASK => BitMask,
78            AUDIT_BIT_TEST => BitTest,
79            AUDIT_LESS_THAN => LessThan,
80            AUDIT_GREATER_THAN => GreaterThan,
81            AUDIT_NOT_EQUAL => NotEqual,
82            AUDIT_EQUAL => Equal,
83            AUDIT_LESS_THAN_OR_EQUAL => LessThanOrEqual,
84            AUDIT_GREATER_THAN_OR_EQUAL => GreaterThanOrEqual,
85            0 => None,
86            _ => Unknown(value),
87        }
88    }
89}
90
91impl From<RuleFieldFlags> for u32 {
92    fn from(value: RuleFieldFlags) -> Self {
93        use self::RuleFieldFlags::*;
94        match value {
95            BitMask => AUDIT_BIT_MASK,
96            BitTest => AUDIT_BIT_TEST,
97            LessThan => AUDIT_LESS_THAN,
98            GreaterThan => AUDIT_GREATER_THAN,
99            NotEqual => AUDIT_NOT_EQUAL,
100            Equal => AUDIT_EQUAL,
101            LessThanOrEqual => AUDIT_LESS_THAN_OR_EQUAL,
102            GreaterThanOrEqual => AUDIT_GREATER_THAN_OR_EQUAL,
103            None => 0,
104            Unknown(value) => value,
105        }
106    }
107}