mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-22 07:53:11 -05:00
rust: replace lsm context+len with lsm_context
This brings the Rust SecurityCtx abstraction [1] up to date with the new API where context+len is replaced with an lsm_context [2] struct. Link: https://lore.kernel.org/r/20240915-alice-file-v10-5-88484f7a3dcf@google.com [1] Link: https://lore.kernel.org/r/20241023212158.18718-3-casey@schaufler-ca.com [2] Reported-by: Linux Kernel Functional Testing <lkft@linaro.org> Closes: https://lore.kernel.org/r/CA+G9fYv_Y2tzs+uYhMGtfUK9dSYV2mFr6WyKEzJazDsdk9o5zw@mail.gmail.com Signed-off-by: Alice Ryhl <aliceryhl@google.com> [PM: subj line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
a4626e9786
commit
9c76eaf784
2 changed files with 21 additions and 25 deletions
|
@ -8,13 +8,13 @@ void rust_helper_security_cred_getsecid(const struct cred *c, u32 *secid)
|
|||
security_cred_getsecid(c, secid);
|
||||
}
|
||||
|
||||
int rust_helper_security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
|
||||
int rust_helper_security_secid_to_secctx(u32 secid, struct lsm_context *cp)
|
||||
{
|
||||
return security_secid_to_secctx(secid, secdata, seclen);
|
||||
return security_secid_to_secctx(secid, cp);
|
||||
}
|
||||
|
||||
void rust_helper_security_release_secctx(char *secdata, u32 seclen)
|
||||
void rust_helper_security_release_secctx(struct lsm_context *cp)
|
||||
{
|
||||
security_release_secctx(secdata, seclen);
|
||||
security_release_secctx(cp);
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -15,60 +15,56 @@
|
|||
///
|
||||
/// # Invariants
|
||||
///
|
||||
/// The `secdata` and `seclen` fields correspond to a valid security context as returned by a
|
||||
/// successful call to `security_secid_to_secctx`, that has not yet been destroyed by calling
|
||||
/// `security_release_secctx`.
|
||||
/// The `ctx` field corresponds to a valid security context as returned by a successful call to
|
||||
/// `security_secid_to_secctx`, that has not yet been destroyed by `security_release_secctx`.
|
||||
pub struct SecurityCtx {
|
||||
secdata: *mut core::ffi::c_char,
|
||||
seclen: usize,
|
||||
ctx: bindings::lsm_context,
|
||||
}
|
||||
|
||||
impl SecurityCtx {
|
||||
/// Get the security context given its id.
|
||||
pub fn from_secid(secid: u32) -> Result<Self> {
|
||||
let mut secdata = core::ptr::null_mut();
|
||||
let mut seclen = 0u32;
|
||||
// SAFETY: Just a C FFI call. The pointers are valid for writes.
|
||||
to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut secdata, &mut seclen) })?;
|
||||
// SAFETY: `struct lsm_context` can be initialized to all zeros.
|
||||
let mut ctx: bindings::lsm_context = unsafe { core::mem::zeroed() };
|
||||
|
||||
// SAFETY: Just a C FFI call. The pointer is valid for writes.
|
||||
to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut ctx) })?;
|
||||
|
||||
// INVARIANT: If the above call did not fail, then we have a valid security context.
|
||||
Ok(Self {
|
||||
secdata,
|
||||
seclen: seclen as usize,
|
||||
})
|
||||
Ok(Self { ctx })
|
||||
}
|
||||
|
||||
/// Returns whether the security context is empty.
|
||||
pub fn is_empty(&self) -> bool {
|
||||
self.seclen == 0
|
||||
self.ctx.len == 0
|
||||
}
|
||||
|
||||
/// Returns the length of this security context.
|
||||
pub fn len(&self) -> usize {
|
||||
self.seclen
|
||||
self.ctx.len as usize
|
||||
}
|
||||
|
||||
/// Returns the bytes for this security context.
|
||||
pub fn as_bytes(&self) -> &[u8] {
|
||||
let ptr = self.secdata;
|
||||
let ptr = self.ctx.context;
|
||||
if ptr.is_null() {
|
||||
debug_assert_eq!(self.seclen, 0);
|
||||
debug_assert_eq!(self.len(), 0);
|
||||
// We can't pass a null pointer to `slice::from_raw_parts` even if the length is zero.
|
||||
return &[];
|
||||
}
|
||||
|
||||
// SAFETY: The call to `security_secid_to_secctx` guarantees that the pointer is valid for
|
||||
// `seclen` bytes. Furthermore, if the length is zero, then we have ensured that the
|
||||
// `self.len()` bytes. Furthermore, if the length is zero, then we have ensured that the
|
||||
// pointer is not null.
|
||||
unsafe { core::slice::from_raw_parts(ptr.cast(), self.seclen) }
|
||||
unsafe { core::slice::from_raw_parts(ptr.cast(), self.len()) }
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for SecurityCtx {
|
||||
fn drop(&mut self) {
|
||||
// SAFETY: By the invariant of `Self`, this frees a pointer that came from a successful
|
||||
// SAFETY: By the invariant of `Self`, this frees a context that came from a successful
|
||||
// call to `security_secid_to_secctx` and has not yet been destroyed by
|
||||
// `security_release_secctx`.
|
||||
unsafe { bindings::security_release_secctx(self.secdata, self.seclen as u32) };
|
||||
unsafe { bindings::security_release_secctx(&mut self.ctx) };
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue