commit 6c86f7e85794f021f38df1ada1edb0bcdb073bfc
author David Drysdale <drysdale@google.com> Tue Jan 07 01:42:07 2025 -0800
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jan 07 01:42:07 2025 -0800
tree c2c9c1f9bf914d78735d9a4228c935bef7004993
parent e197d5710684d1a383e9308599d40fd63bceef29
parent 7c4ce7e4a90dc4afd1c293180f6d9e1ff976e1c3

Merge "Remove Rust wrapper for getpidcon" into main

keystore2/selinux/src/lib.rs

diff --git a/keystore2/selinux/src/lib.rs b/keystore2/selinux/src/lib.rs
index d57a99a..1f1e692 100644
--- a/keystore2/selinux/src/lib.rs
+++ b/keystore2/selinux/src/lib.rs
@@ -247,34 +247,6 @@
     }
 }
 
-/// Safe wrapper around libselinux `getpidcon`. It initializes the `Context::Raw` variant of the
-/// returned `Context`.
-///
-/// ## Return
-///  * Ok(Context::Raw()) if successful.
-///  * Err(Error::sys()) if getpidcon succeeded but returned a NULL pointer.
-///  * Err(io::Error::last_os_error()) if getpidcon failed.
-pub fn getpidcon(pid: selinux::pid_t) -> Result<Context> {
-    init_logger_once();
-    let _lock = LIB_SELINUX_LOCK.lock().unwrap();
-
-    let mut con: *mut c_char = ptr::null_mut();
-    match unsafe { selinux::getpidcon(pid, &mut con) } {
-        0 => {
-            if !con.is_null() {
-                Ok(Context::Raw(con))
-            } else {
-                Err(anyhow!(Error::sys(format!(
-                    "getpidcon returned a NULL context for pid {}",
-                    pid
-                ))))
-            }
-        }
-        _ => Err(anyhow!(io::Error::last_os_error()))
-            .context(format!("getpidcon failed for pid {}", pid)),
-    }
-}
-
 /// Safe wrapper around selinux_check_access.
 ///
 /// ## Return
@@ -796,12 +768,4 @@
         check_keystore_perm!(reset);
         check_keystore_perm!(unlock);
     }
-
-    #[test]
-    fn test_getpidcon() {
-        // Check that `getpidcon` of our pid is equal to what `getcon` returns.
-        // And by using `unwrap` we make sure that both also have to return successfully
-        // fully to pass the test.
-        assert_eq!(getpidcon(std::process::id() as i32).unwrap(), getcon().unwrap());
-    }
 }

keystore2/src/fuzzers/keystore2_unsafe_fuzzer.rs

diff --git a/keystore2/src/fuzzers/keystore2_unsafe_fuzzer.rs b/keystore2/src/fuzzers/keystore2_unsafe_fuzzer.rs
index fb4c9ad..62167fb 100644
--- a/keystore2/src/fuzzers/keystore2_unsafe_fuzzer.rs
+++ b/keystore2/src/fuzzers/keystore2_unsafe_fuzzer.rs
@@ -26,7 +26,7 @@
     hmac_sha256, parse_subject_from_certificate, Password, ZVec,
 };
 use keystore2_hal_names::get_hidl_instances;
-use keystore2_selinux::{check_access, getpidcon, setcon, Backend, Context, KeystoreKeyBackend};
+use keystore2_selinux::{check_access, setcon, Backend, Context, KeystoreKeyBackend};
 use libfuzzer_sys::{arbitrary::Arbitrary, fuzz_target};
 use std::{ffi::CString, sync::Arc};
 
@@ -108,9 +108,6 @@
     Backend {
         namespace: &'a str,
     },
-    GetPidCon {
-        pid: i32,
-    },
     CheckAccess {
         source: &'a [u8],
         target: &'a [u8],
@@ -216,9 +213,6 @@
                     let _res = backend.lookup(namespace);
                 }
             }
-            FuzzCommand::GetPidCon { pid } => {
-                let _res = getpidcon(pid);
-            }
             FuzzCommand::CheckAccess { source, target, tclass, perm } => {
                 let source = get_valid_cstring_data(source);
                 let target = get_valid_cstring_data(target);