diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/rustix/src/backend/libc/io/windows_syscalls.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/rustix/src/backend/libc/io/windows_syscalls.rs')
| -rw-r--r-- | vendor/rustix/src/backend/libc/io/windows_syscalls.rs | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/vendor/rustix/src/backend/libc/io/windows_syscalls.rs b/vendor/rustix/src/backend/libc/io/windows_syscalls.rs deleted file mode 100644 index 0f953d7f..00000000 --- a/vendor/rustix/src/backend/libc/io/windows_syscalls.rs +++ /dev/null @@ -1,58 +0,0 @@ -//! Windows system calls in the `io` module. - -use crate::backend::c; -#[cfg(feature = "try_close")] -use crate::backend::conv::ret; -use crate::backend::conv::{borrowed_fd, ret_c_int, ret_send_recv, send_recv_len}; -use crate::fd::{BorrowedFd, RawFd}; -use crate::io; -use crate::ioctl::{IoctlOutput, Opcode}; - -pub(crate) unsafe fn read(fd: BorrowedFd<'_>, buf: (*mut u8, usize)) -> io::Result<usize> { - // `read` on a socket is equivalent to `recv` with no flags. - ret_send_recv(c::recv( - borrowed_fd(fd), - buf.0.cast(), - send_recv_len(buf.1), - 0, - )) -} - -pub(crate) fn write(fd: BorrowedFd<'_>, buf: &[u8]) -> io::Result<usize> { - // `write` on a socket is equivalent to `send` with no flags. - unsafe { - ret_send_recv(c::send( - borrowed_fd(fd), - buf.as_ptr().cast(), - send_recv_len(buf.len()), - 0, - )) - } -} - -pub(crate) unsafe fn close(raw_fd: RawFd) { - let _ = c::closesocket(raw_fd as c::SOCKET); -} - -#[cfg(feature = "try_close")] -pub(crate) unsafe fn try_close(raw_fd: RawFd) -> io::Result<()> { - ret(c::closesocket(raw_fd as c::SOCKET)) -} - -#[inline] -pub(crate) unsafe fn ioctl( - fd: BorrowedFd<'_>, - request: Opcode, - arg: *mut c::c_void, -) -> io::Result<IoctlOutput> { - ret_c_int(c::ioctl(borrowed_fd(fd), request, arg.cast())) -} - -#[inline] -pub(crate) unsafe fn ioctl_readonly( - fd: BorrowedFd<'_>, - request: Opcode, - arg: *mut c::c_void, -) -> io::Result<IoctlOutput> { - ioctl(fd, request, arg) -} |