Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2024-12-28 16:52:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

rust: replace lsm context+len with lsm_context

Browse Source 
This brings the Rust SecurityCtx abstraction [1] up to date with the new
API where context+len is replaced with an lsm_context [2] struct.

Link: https://lore.kernel.org/r/20240915-alice-file-v10-5-88484f7a3dcf@google.com [1]
Link: https://lore.kernel.org/r/20241023212158.18718-3-casey@schaufler-ca.com [2]
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Closes: https://lore.kernel.org/r/CA+G9fYv_Y2tzs+uYhMGtfUK9dSYV2mFr6WyKEzJazDsdk9o5zw@mail.gmail.com
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
[PM: subj line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Alice Ryhl 2024-11-01 09:56:20 +00:00 committed by Paul Moore
parent a4626e9786
commit 9c76eaf784
2 changed files with 21 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
rust/helpers/security.c
View File

@ -8,13 +8,13 @@ void rust_helper_security_cred_getsecid(const struct cred *c, u32 *secid)
security_cred_getsecid(c, secid); security_cred_getsecid(c, secid);
} }
int rust_helper_security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) int rust_helper_security_secid_to_secctx(u32 secid, struct lsm_context *cp)
{ {
return security_secid_to_secctx(secid, secdata, seclen); return security_secid_to_secctx(secid, cp);
} }
void rust_helper_security_release_secctx(char *secdata, u32 seclen) void rust_helper_security_release_secctx(struct lsm_context *cp)
{ {
security_release_secctx(secdata, seclen); security_release_secctx(cp);
} }
#endif #endif

38
rust/kernel/security.rs
View File

@ -15,60 +15,56 @@
/// ///
/// # Invariants /// # Invariants
/// ///
/// The `secdata` and `seclen` fields correspond to a valid security context as returned by a /// The `ctx` field corresponds to a valid security context as returned by a successful call to
/// successful call to `security_secid_to_secctx`, that has not yet been destroyed by calling /// `security_secid_to_secctx`, that has not yet been destroyed by `security_release_secctx`.
/// `security_release_secctx`.
pub struct SecurityCtx { pub struct SecurityCtx {
secdata: *mut core::ffi::c_char, ctx: bindings::lsm_context,
seclen: usize,
} }
impl SecurityCtx { impl SecurityCtx {
/// Get the security context given its id. /// Get the security context given its id.
pub fn from_secid(secid: u32) -> Result<Self> { pub fn from_secid(secid: u32) -> Result<Self> {
let mut secdata = core::ptr::null_mut(); // SAFETY: `struct lsm_context` can be initialized to all zeros.
let mut seclen = 0u32; let mut ctx: bindings::lsm_context = unsafe { core::mem::zeroed() };
// SAFETY: Just a C FFI call. The pointers are valid for writes.
to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut secdata, &mut seclen) })?; // SAFETY: Just a C FFI call. The pointer is valid for writes.
to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut ctx) })?;
// INVARIANT: If the above call did not fail, then we have a valid security context. // INVARIANT: If the above call did not fail, then we have a valid security context.
Ok(Self { Ok(Self { ctx })
secdata,
seclen: seclen as usize,
})
} }
/// Returns whether the security context is empty. /// Returns whether the security context is empty.
pub fn is_empty(&self) -> bool { pub fn is_empty(&self) -> bool {
self.seclen == 0 self.ctx.len == 0
} }
/// Returns the length of this security context. /// Returns the length of this security context.
pub fn len(&self) -> usize { pub fn len(&self) -> usize {
self.seclen self.ctx.len as usize
} }
/// Returns the bytes for this security context. /// Returns the bytes for this security context.
pub fn as_bytes(&self) -> &[u8] { pub fn as_bytes(&self) -> &[u8] {
let ptr = self.secdata; let ptr = self.ctx.context;
if ptr.is_null() { if ptr.is_null() {
debug_assert_eq!(self.seclen, 0); debug_assert_eq!(self.len(), 0);
// We can't pass a null pointer to `slice::from_raw_parts` even if the length is zero. // We can't pass a null pointer to `slice::from_raw_parts` even if the length is zero.
return &[]; return &[];
} }
// SAFETY: The call to `security_secid_to_secctx` guarantees that the pointer is valid for // SAFETY: The call to `security_secid_to_secctx` guarantees that the pointer is valid for
// `seclen` bytes. Furthermore, if the length is zero, then we have ensured that the // `self.len()` bytes. Furthermore, if the length is zero, then we have ensured that the
// pointer is not null. // pointer is not null.
unsafe { core::slice::from_raw_parts(ptr.cast(), self.seclen) } unsafe { core::slice::from_raw_parts(ptr.cast(), self.len()) }
} }
} }
impl Drop for SecurityCtx { impl Drop for SecurityCtx {
fn drop(&mut self) { fn drop(&mut self) {
// SAFETY: By the invariant of `Self`, this frees a pointer that came from a successful // SAFETY: By the invariant of `Self`, this frees a context that came from a successful
// call to `security_secid_to_secctx` and has not yet been destroyed by // call to `security_secid_to_secctx` and has not yet been destroyed by
// `security_release_secctx`. // `security_release_secctx`.
unsafe { bindings::security_release_secctx(self.secdata, self.seclen as u32) }; unsafe { bindings::security_release_secctx(&mut self.ctx) };
} }
} }