diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/rustix/src/backend/linux_raw/rand | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/rustix/src/backend/linux_raw/rand')
| -rw-r--r-- | vendor/rustix/src/backend/linux_raw/rand/mod.rs | 2 | ||||
| -rw-r--r-- | vendor/rustix/src/backend/linux_raw/rand/syscalls.rs | 15 | ||||
| -rw-r--r-- | vendor/rustix/src/backend/linux_raw/rand/types.rs | 20 |
3 files changed, 0 insertions, 37 deletions
diff --git a/vendor/rustix/src/backend/linux_raw/rand/mod.rs b/vendor/rustix/src/backend/linux_raw/rand/mod.rs deleted file mode 100644 index 1e0181a9..00000000 --- a/vendor/rustix/src/backend/linux_raw/rand/mod.rs +++ /dev/null @@ -1,2 +0,0 @@ -pub(crate) mod syscalls; -pub(crate) mod types; diff --git a/vendor/rustix/src/backend/linux_raw/rand/syscalls.rs b/vendor/rustix/src/backend/linux_raw/rand/syscalls.rs deleted file mode 100644 index acea3968..00000000 --- a/vendor/rustix/src/backend/linux_raw/rand/syscalls.rs +++ /dev/null @@ -1,15 +0,0 @@ -//! linux_raw syscalls supporting `rustix::rand`. -//! -//! # Safety -//! -//! See the `rustix::backend` module documentation for details. -#![allow(unsafe_code, clippy::undocumented_unsafe_blocks)] - -use crate::backend::conv::{pass_usize, ret_usize}; -use crate::io; -use crate::rand::GetRandomFlags; - -#[inline] -pub(crate) unsafe fn getrandom(buf: (*mut u8, usize), flags: GetRandomFlags) -> io::Result<usize> { - ret_usize(syscall!(__NR_getrandom, buf.0, pass_usize(buf.1), flags)) -} diff --git a/vendor/rustix/src/backend/linux_raw/rand/types.rs b/vendor/rustix/src/backend/linux_raw/rand/types.rs deleted file mode 100644 index 9bc857fd..00000000 --- a/vendor/rustix/src/backend/linux_raw/rand/types.rs +++ /dev/null @@ -1,20 +0,0 @@ -use bitflags::bitflags; - -bitflags! { - /// `GRND_*` flags for use with [`getrandom`]. - /// - /// [`getrandom`]: crate::rand::getrandom - #[repr(transparent)] - #[derive(Copy, Clone, Eq, PartialEq, Hash, Debug)] - pub struct GetRandomFlags: u32 { - /// `GRND_RANDOM` - const RANDOM = linux_raw_sys::general::GRND_RANDOM; - /// `GRND_NONBLOCK` - const NONBLOCK = linux_raw_sys::general::GRND_NONBLOCK; - /// `GRND_INSECURE` - const INSECURE = linux_raw_sys::general::GRND_INSECURE; - - /// <https://docs.rs/bitflags/*/bitflags/#externally-defined-flags> - const _ = !0; - } -} |