Skip to main content

DefaultPolicy

orcs_runtime::auth

Struct DefaultPolicy 

Source 
pub struct DefaultPolicy;
Expand description

Default permission policy.

§Rules

Scope/ActionStandardElevated
Global signalDeniedAllowed
Channel signalAllowedAllowed
Destructive opsDeniedAllowed
Command execDeniedAllowed
Spawn child/runnerDeniedAllowed

§Security Model

Command safety is enforced at the OS sandbox layer (SandboxPolicy), not by pattern-matching commands. This policy controls WHO can act (session-based), while SandboxPolicy controls WHERE actions reach.

§Audit Logging

All permission checks are logged for audit:

  • Allowed operations: debug level
  • Denied operations: warn level

Trait Implementations§

Source§

impl Clone for DefaultPolicy

Source§

fn clone(&self) -> DefaultPolicy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for DefaultPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for DefaultPolicy

Source§

fn default() -> DefaultPolicy

Returns the “default value” for a type. Read more
Source§

impl PermissionChecker for DefaultPolicy

Source§

fn check_command( &self, session: &Session, grants: &dyn GrantPolicy, cmd: &str, ) -> CommandCheckResult

Check command with dynamic grants and HIL approval support.

Flow:

  1. Reject empty commands
  2. Check dynamic grants (via GrantPolicy) -> Allowed
  3. Check elevated session -> Allowed
  4. Otherwise -> RequiresApproval (non-elevated session)

Command safety is enforced at the OS sandbox layer, not here. This method only controls WHO can execute, not WHAT can be executed.

Source§

impl PermissionPolicy for DefaultPolicy

Source§

fn can_signal(&self, session: &Session, scope: &SignalScope) -> bool

Check if session can send a signal with the given scope.
Source§

fn can_destructive(&self, session: &Session, action: &str) -> bool

Check if session can perform a destructive operation. Read more
Source§

fn can_execute_command(&self, session: &Session, cmd: &str) -> bool

Check if session can execute a shell command.
Source§

fn can_spawn_child(&self, session: &Session) -> bool

Check if session can spawn a child entity.
Source§

fn can_spawn_runner(&self, session: &Session) -> bool

Check if session can spawn a runner (parallel execution).
Source§

fn check_command_permission( &self, session: &Session, cmd: &str, ) -> CommandPermission

Check command with granular permission result. Read more
Source§

impl Copy for DefaultPolicy

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more