blob: f9b2cee9cdc285234ccfb6d2fc3cd35d5ed73132 [file] [log] [blame]
// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include <base/macros.h>
namespace permission_broker {
// A Rule represents a single unit of policy used to decide to which paths
// access is granted. Each time a Rule processes a path it can return one of
// three values: |ALLOW|, |DENY|, or |IGNORE|. If a Rule returns |ALLOW|, it
// means that the policy it represents would allow access to the requested path.
// If |DENY| is returned, then the rule is explicitly denying access to the
// resource. |IGNORE| means that the Rule makes no decision one way or another.
class Rule {
enum Result { ALLOW, DENY, IGNORE };
enum SpecialInterfaces { ANY_INTERFACE = -1 };
static const char* ResultToString(const Result& result);
virtual ~Rule() = default;
const std::string& name() const;
virtual Result Process(const std::string& path, const int interface_id) = 0;
explicit Rule(const std::string& name);
const std::string name_;
} // namespace permission_broker