memfd/
sealing.rs

1use rustix::fs::SealFlags;
2use std::collections::HashSet;
3
4/// An `HashSet` specialized on `FileSeal`.
5pub type SealsHashSet = HashSet<FileSeal>;
6
7/// Seal that can be applied to a [`Memfd`].
8///
9/// [`Memfd`]: crate::Memfd
10#[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)]
11pub enum FileSeal {
12    /// File cannot be reduced in size.
13    ///
14    /// Corresponds to `F_SEAL_SHRINK`.
15    SealShrink,
16    /// File cannot be grown in size.
17    ///
18    /// Corresponds to `F_SEAL_GROW`.
19    SealGrow,
20    /// File cannot be written.
21    ///
22    /// Corresponds to `F_SEAL_WRITE`.
23    SealWrite,
24    /// File sealing cannot be further manipulated.
25    ///
26    /// Corresponds to `F_SEAL_SEAL`.
27    SealSeal,
28    /// Like `F_SEAL_WRITE`, but may still be written to through pre-existing
29    /// writeable mappings. Introduced in Linux 5.1.
30    ///
31    /// Corresponds to `F_SEAL_FUTURE_WRITE`.
32    #[cfg(any(target_os = "android", target_os = "linux"))]
33    SealFutureWrite,
34}
35
36impl FileSeal {
37    /// Return the bit-wise flag value of this seal.
38    pub(crate) const fn bitflags(self) -> SealFlags {
39        match self {
40            Self::SealSeal => SealFlags::SEAL,
41            Self::SealShrink => SealFlags::SHRINK,
42            Self::SealGrow => SealFlags::GROW,
43            Self::SealWrite => SealFlags::WRITE,
44            #[cfg(any(target_os = "android", target_os = "linux"))]
45            Self::SealFutureWrite => SealFlags::FUTURE_WRITE,
46        }
47    }
48}
49
50/// Convert a set of seals into a bitflags value.
51pub(crate) fn seals_to_bitflags<'a>(seals: impl IntoIterator<Item = &'a FileSeal>) -> SealFlags {
52    let mut bits = SealFlags::empty();
53    for seal in seals {
54        bits |= seal.bitflags();
55    }
56    bits
57}
58
59/// Convert a bitflags value to a set of seals.
60pub(crate) fn bitflags_to_seals(bitflags: SealFlags) -> SealsHashSet {
61    let mut sset = SealsHashSet::new();
62    if bitflags.contains(SealFlags::SEAL) {
63        sset.insert(FileSeal::SealSeal);
64    }
65    if bitflags.contains(SealFlags::SHRINK) {
66        sset.insert(FileSeal::SealShrink);
67    }
68    if bitflags.contains(SealFlags::GROW) {
69        sset.insert(FileSeal::SealGrow);
70    }
71    if bitflags.contains(SealFlags::WRITE) {
72        sset.insert(FileSeal::SealWrite);
73    }
74    #[cfg(any(target_os = "android", target_os = "linux"))]
75    if bitflags.contains(SealFlags::FUTURE_WRITE) {
76        sset.insert(FileSeal::SealFutureWrite);
77    }
78    sset
79}
memfd/sealing.rs

memfd/
sealing.rs
