1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.libraries.pcc.chronicle.analysis
18 
19 import com.android.libraries.pcc.chronicle.api.ConnectionRequest
20 import com.android.libraries.pcc.chronicle.api.policy.Policy
21 import com.android.libraries.pcc.chronicle.api.policy.builder.PolicyCheckResult
22 
23 /**
24  * A [PolicyEngine] is capable of comparing a known [Policy] against the state of Chronicle, as
25  * represented by a [ChronicleContext].
26  */
27 interface PolicyEngine {
28   /**
29    * Checks the supplied [context] for adherence to the provided [policy] and returns either
30    * [PolicyCheckResult.Pass] or [PolicyCheckResult.Fail].
31    */
checkPolicynull32   fun checkPolicy(
33     policy: Policy,
34     request: ConnectionRequest<*>,
35     context: ChronicleContext,
36   ): PolicyCheckResult
37 
38   /**
39    * Checks that all [ConnectionProvider]-provided [WriteConnections'][WriteConnection]
40    * [ManagedDataTypes][ManagedDataType] abide by (or are more restrictive-than) the retention and
41    * ttl data outlined for their types in the [policySet].
42    *
43    * **Note:** We are currently very strict in applying the policy rules. We enforce that all write
44    * connections' strategies are at least as strong as the strongest requirement from policies. We
45    * may relax this restraint in the future, with appropriate tooling to support it.
46    *
47    * **Also:** If any [ManagedDataType] in the [ChronicleContext's][ChronicleContext]
48    * [ConnectionProvider] collection isn't mentioned by any [Policy]
49    * - a [PolicyCheckResult.Fail] will be returned.
50    */
51   fun checkWriteConnections(context: ChronicleContext): PolicyCheckResult
52 }
53