Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 935e6c6d1ba20f0d8e4d8e3ed1968313fa664740^! / . / keystore2 / src / permission.rs
commit935e6c6d1ba20f0d8e4d8e3ed1968313fa664740[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Tue Aug 18 12:52:27 2020 -0700
committerJanis Danisevskis <jdanis@google.com>Thu Sep 03 10:20:58 2020 -0700
tree19786a6f488094a2b0bf07762dfa5e91af5ffb40
parent38637bf6482b51d34c01d9395310db14d814c602 [diff] [blame]
Keystore selinux and permission modules accept CStr instead of Context.

The libselinux wrapper provides a Context struct, that conveniently
wraps and owns a context string as returned by libselinux. However,
libbinder_rs provides a non owned string with a lifetime bounded
by the currently ongoing transaction. So instead of accepting
a reference to an owning Context, the check_access function in the
libselinux wrapper as well as the higher level permission function in
the permission module accept &CStr now which Context can also deref
into.

Test: keystore2_test
Bug: 160623310
Change-Id: Ib99435134bcabfd9c7f3217f719f8ac21d0fd84e

diff --git a/keystore2/src/permission.rs b/keystore2/src/permission.rs
index e5939c8..df59484 100644
--- a/keystore2/src/permission.rs
+++ b/keystore2/src/permission.rs

@@ -24,6 +24,7 @@
 
 use std::cmp::PartialEq;
 use std::convert::From;
+use std::ffi::CStr;
 
 use crate::error::Error as KsError;
 use keystore2_selinux as selinux;
@@ -412,10 +413,7 @@
 
 /// Uses `selinux::check_access` to check if the given caller context `caller_cxt` may access
 /// the given permision `perm` of the `keystore2` security class.
-pub fn check_keystore_permission(
-    caller_ctx: &selinux::Context,
-    perm: KeystorePerm,
-) -> anyhow::Result<()> {
+pub fn check_keystore_permission(caller_ctx: &CStr, perm: KeystorePerm) -> anyhow::Result<()> {
     let target_context = getcon().context("check_keystore_permission: getcon failed.")?;
     selinux::check_access(caller_ctx, &target_context, "keystore2", perm.to_selinux())
 }
@@ -434,7 +432,7 @@
 ///                      SELinux keystore key backend, and the result is used
 ///                      as target context.
 pub fn check_grant_permission(
-    caller_ctx: &selinux::Context,
+    caller_ctx: &CStr,
     access_vec: KeyPermSet,
     key: &KeyDescriptor,
 ) -> anyhow::Result<()> {
@@ -484,7 +482,7 @@
 ///                      was supplied. It is also produced if `Domain::KeyId` was selected, and
 ///                      on various unexpected backend failures.
 pub fn check_key_permission(
-    caller_ctx: &selinux::Context,
+    caller_ctx: &CStr,
     perm: KeyPerm,
     key: &KeyDescriptor,
     access_vector: &Option<KeyPermSet>,