access: Move from_read() and from_write() into AccessFs

The from_read() and from_write() methods make sense for AccessFs but not
for the upcoming AccessNet.

This is a breaking change because the Access trait's signature is
modified.  In practice, it should not be an issue for most users.  Only
those implementing helpers explicitly using Access::from_read() or
Access::from_write() should be concerned.  In this case, they should
just use AccessFs instead.

Fix a typo in the from_all() comment.

Signed-off-by: Mickaël Salaün <mic@digikod.net>

src/access.rs

@@ -9,22 +9,7 @@ use crate::{make_bitflags, AccessFs, CompatLevel, CompatState, Compatibility};
 
 pub trait Access: PrivateAccess {
     /// Gets the access rights defined by a specific [`ABI`].
-    /// Union of [`from_read()`](Access::from_read) and [`from_write()`](Access::from_write).
-    fn from_all(abi: ABI) -> BitFlags<Self> {
-        // An empty access-right would be an error if passed to the kernel, but because the kernel
-        // doesn't support Landlock, no Landlock syscall should be called.  try_compat() should
-        // also return RestrictionStatus::Unrestricted when called with unsupported/empty
-        // access-righs.
-        Self::from_read(abi) | Self::from_write(abi)
-    }
-
-    /// Gets the access rights identified as read-only according to a specific ABI.
-    /// Exclusive with [`from_write()`](Access::from_write).
-    fn from_read(abi: ABI) -> BitFlags<Self>;
-
-    /// Gets the access rights identified as write-only according to a specific ABI.
-    /// Exclusive with [`from_read()`](Access::from_read).
-    fn from_write(abi: ABI) -> BitFlags<Self>;
+    fn from_all(abi: ABI) -> BitFlags<Self>;
 }
 
 pub trait PrivateAccess: BitFlag {

src/fs.rs

@@ -87,8 +87,21 @@ pub enum AccessFs {
 }
 
 impl Access for AccessFs {
+    /// Union of [`from_read()`](AccessFs::from_read) and [`from_write()`](AccessFs::from_write).
+    fn from_all(abi: ABI) -> BitFlags<Self> {
+        // An empty access-right would be an error if passed to the kernel, but because the kernel
+        // doesn't support Landlock, no Landlock syscall should be called.  try_compat() should
+        // also return RestrictionStatus::Unrestricted when called with unsupported/empty
+        // access-rights.
+        Self::from_read(abi) | Self::from_write(abi)
+    }
+}
+
+impl AccessFs {
     // Roughly read (i.e. not all FS actions are handled).
-    fn from_read(abi: ABI) -> BitFlags<Self> {
+    /// Gets the access rights identified as read-only according to a specific ABI.
+    /// Exclusive with [`from_write()`](AccessFs::from_write).
+    pub fn from_read(abi: ABI) -> BitFlags<Self> {
         match abi {
             ABI::Unsupported => BitFlags::EMPTY,
             ABI::V1 | ABI::V2 | ABI::V3 => make_bitflags!(AccessFs::{
@@ -100,7 +113,9 @@ impl Access for AccessFs {
     }
 
     // Roughly write (i.e. not all FS actions are handled).
-    fn from_write(abi: ABI) -> BitFlags<Self> {
+    /// Gets the access rights identified as write-only according to a specific ABI.
+    /// Exclusive with [`from_read()`](AccessFs::from_read).
+    pub fn from_write(abi: ABI) -> BitFlags<Self> {
         match abi {
             ABI::Unsupported => BitFlags::EMPTY,
             ABI::V1 => make_bitflags!(AccessFs::{
@@ -119,6 +134,11 @@ impl Access for AccessFs {
             ABI::V3 => Self::from_write(ABI::V2) | AccessFs::Truncate,
         }
     }
+
+    /// Gets the access rights legitimate for non-directory files.
+    pub fn from_file(abi: ABI) -> BitFlags<Self> {
+        Self::from_all(abi) & ACCESS_FILE
+    }
 }
 
 #[test]
@@ -132,13 +152,6 @@ fn consistent_access_fs_rw() {
     }
 }
 
-impl AccessFs {
-    /// Gets the access rights legitimate for non-directory files.
-    pub fn from_file(abi: ABI) -> BitFlags<Self> {
-        Self::from_all(abi) & ACCESS_FILE
-    }
-}
-
 impl PrivateAccess for AccessFs {
     fn ruleset_handle_access(
         ruleset: &mut Ruleset,