ruvector_memopt/security/
privileges.rs

1//! Privilege management
2
3use tracing::info;
4
5#[derive(Debug, Clone, PartialEq)]
6pub enum PrivilegeLevel {
7    /// Standard user - limited optimization
8    Standard,
9    /// Elevated admin - full optimization
10    Admin,
11    /// System service - background operation
12    System,
13}
14
15pub struct PrivilegeManager {
16    level: PrivilegeLevel,
17}
18
19impl PrivilegeManager {
20    pub fn new() -> Self {
21        let level = Self::detect_level();
22        info!("Running with privilege level: {:?}", level);
23        Self { level }
24    }
25    
26    fn detect_level() -> PrivilegeLevel {
27        #[cfg(windows)]
28        {
29            // Check if running as service
30            if std::env::var("RUNNING_AS_SERVICE").is_ok() {
31                return PrivilegeLevel::System;
32            }
33            
34            // Check admin
35            if is_elevated() {
36                return PrivilegeLevel::Admin;
37            }
38        }
39        
40        PrivilegeLevel::Standard
41    }
42    
43    pub fn level(&self) -> &PrivilegeLevel {
44        &self.level
45    }
46    
47    pub fn can_clear_standby(&self) -> bool {
48        matches!(self.level, PrivilegeLevel::Admin | PrivilegeLevel::System)
49    }
50    
51    pub fn can_trim_system_processes(&self) -> bool {
52        matches!(self.level, PrivilegeLevel::System)
53    }
54    
55    pub fn can_install_service(&self) -> bool {
56        matches!(self.level, PrivilegeLevel::Admin)
57    }
58}
59
60#[cfg(windows)]
61fn is_elevated() -> bool {
62    std::process::Command::new("net")
63        .args(["session"])
64        .output()
65        .map(|o| o.status.success())
66        .unwrap_or(false)
67}
68
69impl Default for PrivilegeManager {
70    fn default() -> Self { Self::new() }
71}
ruvector_memopt/security/privileges.rs

ruvector_memopt/security/
privileges.rs
