Keystore selinux and permission modules accept CStr instead of Context.
The libselinux wrapper provides a Context struct, that conveniently
wraps and owns a context string as returned by libselinux. However,
libbinder_rs provides a non owned string with a lifetime bounded
by the currently ongoing transaction. So instead of accepting
a reference to an owning Context, the check_access function in the
libselinux wrapper as well as the higher level permission function in
the permission module accept &CStr now which Context can also deref
into.
Test: keystore2_test
Bug: 160623310
Change-Id: Ib99435134bcabfd9c7f3217f719f8ac21d0fd84e
diff --git a/keystore2/selinux/src/lib.rs b/keystore2/selinux/src/lib.rs
index 08d84b2..8bc3bc4 100644
--- a/keystore2/selinux/src/lib.rs
+++ b/keystore2/selinux/src/lib.rs
@@ -267,7 +267,7 @@
/// * Err(anyhow!(Error::perm()))) if the permission was denied.
/// * Err(anyhow!(ioError::last_os_error())) if any other error occurred while performing
/// the access check.
-pub fn check_access(source: &Context, target: &Context, tclass: &str, perm: &str) -> Result<()> {
+pub fn check_access(source: &CStr, target: &CStr, tclass: &str, perm: &str) -> Result<()> {
init_logger_once();
let c_tclass = CString::new(tclass).with_context(|| {
format!("check_access: Failed to convert tclass \"{}\" to CString.", tclass)
@@ -295,7 +295,7 @@
.with_context(|| {
format!(
concat!(
- "check_access: Failed with sctx: {} tctx: {}",
+ "check_access: Failed with sctx: {:?} tctx: {:?}",
" with target class: \"{}\" perm: \"{}\""
),
source, target, tclass, perm
diff --git a/keystore2/src/permission.rs b/keystore2/src/permission.rs
index e5939c8..df59484 100644
--- a/keystore2/src/permission.rs
+++ b/keystore2/src/permission.rs
@@ -24,6 +24,7 @@
use std::cmp::PartialEq;
use std::convert::From;
+use std::ffi::CStr;
use crate::error::Error as KsError;
use keystore2_selinux as selinux;
@@ -412,10 +413,7 @@
/// Uses `selinux::check_access` to check if the given caller context `caller_cxt` may access
/// the given permision `perm` of the `keystore2` security class.
-pub fn check_keystore_permission(
- caller_ctx: &selinux::Context,
- perm: KeystorePerm,
-) -> anyhow::Result<()> {
+pub fn check_keystore_permission(caller_ctx: &CStr, perm: KeystorePerm) -> anyhow::Result<()> {
let target_context = getcon().context("check_keystore_permission: getcon failed.")?;
selinux::check_access(caller_ctx, &target_context, "keystore2", perm.to_selinux())
}
@@ -434,7 +432,7 @@
/// SELinux keystore key backend, and the result is used
/// as target context.
pub fn check_grant_permission(
- caller_ctx: &selinux::Context,
+ caller_ctx: &CStr,
access_vec: KeyPermSet,
key: &KeyDescriptor,
) -> anyhow::Result<()> {
@@ -484,7 +482,7 @@
/// was supplied. It is also produced if `Domain::KeyId` was selected, and
/// on various unexpected backend failures.
pub fn check_key_permission(
- caller_ctx: &selinux::Context,
+ caller_ctx: &CStr,
perm: KeyPerm,
key: &KeyDescriptor,
access_vector: &Option<KeyPermSet>,