diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/security-framework/src/os/macos/transform.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/security-framework/src/os/macos/transform.rs')
| -rw-r--r-- | vendor/security-framework/src/os/macos/transform.rs | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/vendor/security-framework/src/os/macos/transform.rs b/vendor/security-framework/src/os/macos/transform.rs deleted file mode 100644 index d03bc1f7..00000000 --- a/vendor/security-framework/src/os/macos/transform.rs +++ /dev/null @@ -1,54 +0,0 @@ -//! Transform support - -use core_foundation::base::{CFType, TCFType}; -use core_foundation::error::CFError; -use core_foundation::string::CFString; -use security_framework_sys::transform::*; -use std::ptr; - -declare_TCFType! { - /// A type representing a transform. - SecTransform, SecTransformRef -} -impl_TCFType!(SecTransform, SecTransformRef, SecTransformGetTypeID); - -unsafe impl Sync for SecTransform {} -unsafe impl Send for SecTransform {} - -impl SecTransform { - /// Sets an attribute of the transform. - pub fn set_attribute<T>(&mut self, key: &CFString, value: &T) -> Result<(), CFError> - where - T: TCFType, - { - unsafe { - let mut error = ptr::null_mut(); - SecTransformSetAttribute( - self.0, - key.as_concrete_TypeRef(), - value.as_CFTypeRef(), - &mut error, - ); - if !error.is_null() { - return Err(CFError::wrap_under_create_rule(error)); - } - - Ok(()) - } - } - - /// Executes the transform. - /// - /// The return type depends on the type of transform. - pub fn execute(&mut self) -> Result<CFType, CFError> { - unsafe { - let mut error = ptr::null_mut(); - let result = SecTransformExecute(self.0, &mut error); - if result.is_null() { - return Err(CFError::wrap_under_create_rule(error)); - } - - Ok(CFType::wrap_under_create_rule(result)) - } - } -} |