Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 7f30e5415896226e1aa9d4903593dc7fc868c2e7^! / . / diced / open_dice / src / bcc.rs
commit7f30e5415896226e1aa9d4903593dc7fc868c2e7[log] [tgz]
authorAndrew Walbran <qwandor@google.com>Fri Jul 07 13:42:25 2023 +0100
committerAndrew Walbran <qwandor@google.com>Fri Jul 07 13:42:25 2023 +0100
treeaa4b4804f3afca41df612d2fe021e56c30112b45
parentd6f1ea334492159eda6e826b1c0855c71c29f3e2 [diff] [blame]
Standardise safety comments for unsafe blocks.

These will soon be required by a lint.

Bug: 290018030
Test: m pvmfw_bin
Change-Id: I4faf7eb14eb8825af542c2da886d93c096068cb6

diff --git a/diced/open_dice/src/bcc.rs b/diced/open_dice/src/bcc.rs
index f9c6a34..ca2136f 100644
--- a/diced/open_dice/src/bcc.rs
+++ b/diced/open_dice/src/bcc.rs

@@ -48,9 +48,9 @@
     };
 
     let mut buffer_size = 0;
-    // SAFETY: The function writes to the buffer, within the given bounds, and only reads the
-    // input values. It writes its result to buffer_size.
     check_result(
+        // SAFETY: The function writes to the buffer, within the given bounds, and only reads the
+        // input values. It writes its result to buffer_size.
         unsafe {
             BccFormatConfigDescriptor(&values, buffer.len(), buffer.as_mut_ptr(), &mut buffer_size)
         },
@@ -72,11 +72,11 @@
     next_bcc: &mut [u8],
 ) -> Result<usize> {
     let mut next_bcc_size = 0;
-    // SAFETY: `BccMainFlow` only reads the current `bcc` and CDI values and writes
-    // to `next_bcc` and next CDI values within its bounds. It also reads
-    // `input_values` as a constant input and doesn't store any pointer.
-    // The first argument can be null and is not used in the current implementation.
     check_result(
+        // SAFETY: `BccMainFlow` only reads the current `bcc` and CDI values and writes
+        // to `next_bcc` and next CDI values within its bounds. It also reads
+        // `input_values` as a constant input and doesn't store any pointer.
+        // The first argument can be null and is not used in the current implementation.
         unsafe {
             BccMainFlow(
                 ptr::null_mut(), // context
@@ -108,11 +108,11 @@
     next_bcc_handover: &mut [u8],
 ) -> Result<usize> {
     let mut next_bcc_handover_size = 0;
-    // SAFETY - The function only reads `current_bcc_handover` and writes to `next_bcc_handover`
-    // within its bounds,
-    // It also reads `input_values` as a constant input and doesn't store any pointer.
-    // The first argument can be null and is not used in the current implementation.
     check_result(
+        // SAFETY: The function only reads `current_bcc_handover` and writes to `next_bcc_handover`
+        // within its bounds,
+        // It also reads `input_values` as a constant input and doesn't store any pointer.
+        // The first argument can be null and is not used in the current implementation.
         unsafe {
             BccHandoverMainFlow(
                 ptr::null_mut(), // context
@@ -165,9 +165,9 @@
     let mut cdi_seal: *const u8 = ptr::null();
     let mut bcc: *const u8 = ptr::null();
     let mut bcc_size = 0;
-    // SAFETY: The `bcc_handover` is only read and never stored and the returned pointers should all
-    // point within the address range of the `bcc_handover` or be NULL.
     check_result(
+        // SAFETY: The `bcc_handover` is only read and never stored and the returned pointers should
+        // all point within the address range of the `bcc_handover` or be NULL.
         unsafe {
             BccHandoverParse(
                 bcc_handover.as_ptr(),