NAH 1.0.6
Native Application Host - Library API Reference
Loading...
Searching...
No Matches
capabilities.hpp
Go to the documentation of this file.
1#pragma once
2
3#include "nah/types.hpp"
4#include "nah/warnings.hpp"
5#include "nah/host_profile.hpp"
6
7#include <string>
8#include <vector>
9#include <optional>
10
11namespace nah {
12
13// ============================================================================
14// Permission Parsing
15// ============================================================================
16
17// Parsed permission structure
18struct ParsedPermission {
19 std::string type; // "fs" or "net"
20 std::string operation; // "read", "write", "execute", "connect", "listen", "bind"
21 std::string resource; // The resource path or URL
22};
23
24// Parse a permission string in the format "type:operation:resource"
25std::optional<ParsedPermission> parse_permission_string(const std::string& permission);
26
27// ============================================================================
28// Capability Derivation (per SPEC L1096-L1141)
29// ============================================================================
30
31// Derive a capability from an operation and resource
32// Returns nullopt for unknown operations
33std::optional<Capability> derive_capability(const std::string& operation,
34 const std::string& resource);
35
36// Derive a capability from a permission string (with warning collection)
37Capability derive_capability(const std::string& permission, WarningCollector& warnings);
38
39// Derive capabilities from a list of permissions
40std::vector<Capability> derive_capabilities_from_permissions(
41 const std::vector<std::string>& permissions);
42
43// ============================================================================
44// Enforcement Mapping (per SPEC Step 9 of Composition)
45// ============================================================================
46
47// Map a capability key to an enforcement ID using the profile
48std::optional<std::string> derive_enforcement(const std::string& capability_key,
49 const HostProfile& profile);
50
51struct EnforcementResult {
52 std::vector<std::string> filesystem;
53 std::vector<std::string> network;
54 CapabilityUsage capability_usage;
55};
56
57// Derive capabilities and enforcement from manifest permissions
58// Collects all permissions, derives capability keys, and maps to enforcement IDs
59EnforcementResult derive_enforcement(
60 const std::vector<std::string>& filesystem_permissions,
61 const std::vector<std::string>& network_permissions,
62 const HostProfile& profile,
63 WarningCollector& warnings);
64
65} // namespace nah
nah::Result
Result type for fallible operations.
Definition nahhost.hpp:109
host_profile.hpp
nah::derive_capability
std::optional< Capability > derive_capability(const std::string &operation, const std::string &resource)
nah::derive_capabilities_from_permissions
std::vector< Capability > derive_capabilities_from_permissions(const std::vector< std::string > &permissions)
nah::derive_enforcement
std::optional< std::string > derive_enforcement(const std::string &capability_key, const HostProfile &profile)
nah::parse_permission_string
std::optional< ParsedPermission > parse_permission_string(const std::string &permission)
nah::EnforcementResult::network
std::vector< std::string > network
Definition capabilities.hpp:53
nah::EnforcementResult::capability_usage
CapabilityUsage capability_usage
Definition capabilities.hpp:54
nah::EnforcementResult::filesystem
std::vector< std::string > filesystem
Definition capabilities.hpp:52