Blame - keystore2/src/permission.rs - android_system_security

2020-07-21 12:27:13 -0700

[diff] [blame]

1

2

//

3

// Licensed under the Apache License, Version 2.0 (the "License");

4

// you may not use this file except in compliance with the License.

5

// You may obtain a copy of the License at

6

//

7

// http://www.apache.org/licenses/LICENSE-2.0

8

//

9

// Unless required by applicable law or agreed to in writing, software

10

// distributed under the License is distributed on an "AS IS" BASIS,

11

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

12

// See the License for the specific language governing permissions and

13

// limitations under the License.

14

15

//! This crate provides access control primitives for Keystore 2.0.

16

//! It provides high level functions for checking permissions in the keystore2 and keystore2_key

17

//! SELinux classes based on the keystore2_selinux backend.

18

//! It also provides KeystorePerm and KeyPerm as convenience wrappers for the SELinux permission

19

//! defined by keystore2 and keystore2_key respectively.

20

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

21

use android_system_keystore2::aidl::android::system::keystore2::{

22

Domain::Domain, KeyDescriptor::KeyDescriptor, KeyPermission::KeyPermission,

23

};

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

24

25

use std::cmp::PartialEq;

26

use std::convert::From;

Janis Danisevskis

2020-08-18 12:52:27 -0700

[diff] [blame]

27

use std::ffi::CStr;

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

28

29

use crate::error::Error as KsError;

30

use keystore2_selinux as selinux;

31

32

use anyhow::Context as AnyhowContext;

33

34

use selinux::Backend;

35

Janis Danisevskis

4ad056f

2020-08-05 19:46:46 +0000

[diff] [blame]

36

use lazy_static::lazy_static;

37

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

38

// Replace getcon with a mock in the test situation

#[cfg(not(test))]

use selinux::getcon;

#[cfg(test)]

use tests::test_getcon as getcon;

43

Janis Danisevskis

4ad056f

2020-08-05 19:46:46 +0000

[diff] [blame]

44

lazy_static! {

45

// Panicking here is allowed because keystore cannot function without this backend

46

// and it would happen early and indicate a gross misconfiguration of the device.

47

static ref KEYSTORE2_KEY_LABEL_BACKEND: selinux::KeystoreKeyBackend =

48

selinux::KeystoreKeyBackend::new().unwrap();

49

}

50

51

fn lookup_keystore2_key_context(namespace: i64) -> anyhow::Result<selinux::Context> {

52

KEYSTORE2_KEY_LABEL_BACKEND.lookup(&namespace.to_string())

53

}

54

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

55

/// ## Background

56

///

57

/// AIDL enums are represented as constants of the form:

58

/// ```

59

/// mod EnumName {

60

/// pub type EnumName = i32;

61

/// pub const Variant1: EnumName = <value1>;

62

/// pub const Variant2: EnumName = <value2>;

/// ...

/// }

///```

/// This macro wraps the enum in a new type, e.g., `MyPerm` and maps each variant to an SELinux

67

/// permission while providing the following interface:

68

/// * From<EnumName> and Into<EnumName> are implemented. Where the implementation of From maps

69

/// any variant not specified to the default.

70

/// * Every variant has a constructor with a name corresponding to its lower case SELinux string

71

/// representation.

72

/// * `MyPerm.to_selinux(&self)` returns the SELinux string representation of the

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

73

/// represented permission.

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

74

///

75

/// ## Special behavior

76

/// If the keyword `use` appears as an selinux name `use_` is used as identifier for the

77

/// constructor function (e.g. `MePerm::use_()`) but the string returned by `to_selinux` will

78

/// still be `"use"`.

79

///

80

/// ## Example

81

/// ```

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

82

///

83

/// implement_permission!(

84

/// /// MyPerm documentation.

85

/// #[derive(Clone, Copy, Debug, PartialEq)]

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

86

/// MyPerm from EnumName with default (None, none) {}

87

/// Variant1, selinux name: variant1;

88

/// Variant2, selinux name: variant1;

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

89

/// }

90

/// );

91

/// ```

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

92

macro_rules! implement_permission_aidl {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

93

// This rule provides the public interface of the macro. And starts the preprocessing

94

// recursion (see below).

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

95

($(#[$m:meta])* $name:ident from $aidl_name:ident with default ($($def:tt)*)

96

{ $($element:tt)* })

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

97

=> {

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

98

implement_permission_aidl!(@replace_use $($m)*, $name, $aidl_name, ($($def)*), [],

99

$($element)*);

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

100

};

101

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

102

// The following three rules recurse through the elements of the form

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

103

// `<enum variant>, selinux name: <selinux_name>;`

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

104

// preprocessing the input.

105

106

// The first rule terminates the recursion and passes the processed arguments to the final

107

// rule that spills out the implementation.

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

108

(@replace_use $($m:meta)*, $name:ident, $aidl_name:ident, ($($def:tt)*), [$($out:tt)*], ) => {

109

implement_permission_aidl!(@end $($m)*, $name, $aidl_name, ($($def)*) { $($out)* } );

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

110

};

111

112

// The second rule is triggered if the selinux name of an element is literally `use`.

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

113

// It produces the tuple `<enum variant>, use_, use;`

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

114

// and appends it to the out list.

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

115

(@replace_use $($m:meta)*, $name:ident, $aidl_name:ident, ($($def:tt)*), [$($out:tt)*],

116

$e_name:ident, selinux name: use; $($element:tt)*)

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

117

=> {

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

118

implement_permission_aidl!(@replace_use $($m)*, $name, $aidl_name, ($($def)*),

119

[$($out)* $e_name, use_, use;], $($element)*);

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

120

};

121

122

// The third rule is the default rule which replaces every input tuple with

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

123

// `<enum variant>, <selinux_name>, <selinux_name>;`

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

124

// and appends the result to the out list.

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

125

(@replace_use $($m:meta)*, $name:ident, $aidl_name:ident, ($($def:tt)*), [$($out:tt)*],

126

$e_name:ident, selinux name: $e_str:ident; $($element:tt)*)

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

127

=> {

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

128

implement_permission_aidl!(@replace_use $($m)*, $name, $aidl_name, ($($def)*),

129

[$($out)* $e_name, $e_str, $e_str;], $($element)*);

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

130

};

131

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

132

(@end $($m:meta)*, $name:ident, $aidl_name:ident,

133

($def_name:ident, $def_selinux_name:ident) {

134

$($element_name:ident, $element_identifier:ident,

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

135

$selinux_name:ident;)*

})

=>

{

$(#[$m])*

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

140

pub struct $name(pub $aidl_name);

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

141

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

142

impl From<$aidl_name> for $name {

143

fn from (p: $aidl_name) -> Self {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

144

match p {

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

145

$aidl_name::$def_name => Self($aidl_name::$def_name),

146

$($aidl_name::$element_name => Self($aidl_name::$element_name),)*

147

_ => Self($aidl_name::$def_name),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

}

}

}

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

152

impl Into<$aidl_name> for $name {

153

fn into(self) -> $aidl_name {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

self.0

}

}

impl $name {

/// Returns a string representation of the permission as required by

160

/// `selinux::check_access`.

161

pub fn to_selinux(&self) -> &'static str {

162

match self {

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

163

Self($aidl_name::$def_name) => stringify!($def_selinux_name),

164

$(Self($aidl_name::$element_name) => stringify!($selinux_name),)*

165

_ => stringify!($def_selinux_name),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

}

}

/// Creates an instance representing a permission with the same name.

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

170

pub const fn $def_selinux_name() -> Self { Self($aidl_name::$def_name) }

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

171

$(

172

/// Creates an instance representing a permission with the same name.

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

173

pub const fn $element_identifier() -> Self { Self($aidl_name::$element_name) }

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

174

)*

175

}

176

};

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

177

}

178

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

179

implement_permission_aidl!(

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

180

/// KeyPerm provides a convenient abstraction from the SELinux class `keystore2_key`.

181

/// At the same time it maps `KeyPermissions` from the Keystore 2.0 AIDL Grant interface to

182

/// the SELinux permissions. With the implement_permission macro, we conveniently

183

/// provide mappings between the wire type bit field values, the rust enum and the SELinux

184

/// string representation.

///

/// ## Example

///

/// In this access check `KeyPerm::get_info().to_selinux()` would return the SELinux representation

189

/// "info".

190

/// ```

191

/// selinux::check_access(source_context, target_context, "keystore2_key",

192

/// KeyPerm::get_info().to_selinux());

193

/// ```

194

#[derive(Clone, Copy, Debug, Eq, PartialEq)]

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

195

KeyPerm from KeyPermission with default (NONE, none) {

196

DELETE, selinux name: delete;

197

GEN_UNIQUE_ID, selinux name: gen_unique_id;

198

GET_INFO, selinux name: get_info;

199

GRANT, selinux name: grant;

200

MANAGE_BLOB, selinux name: manage_blob;

201

REBIND, selinux name: rebind;

202

REQ_FORCED_OP, selinux name: req_forced_op;

203

UPDATE, selinux name: update;

204

USE, selinux name: use;

205

USE_DEV_ID, selinux name: use_dev_id;

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

}

);

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

209

/// This macro implements an enum with values mapped to SELinux permission names.

210

/// The below example wraps the enum MyPermission in the tuple struct `MyPerm` and implements

211

/// * From<i32> and Into<i32> are implemented. Where the implementation of From maps

212

/// any variant not specified to the default.

213

/// * Every variant has a constructor with a name corresponding to its lower case SELinux string

214

/// representation.

215

/// * `MyPerm.to_selinux(&self)` returns the SELinux string representation of the

216

/// represented permission.

///

/// ## Example

/// ```

/// implement_permission!(

221

/// /// MyPerm documentation.

222

/// #[derive(Clone, Copy, Debug, Eq, PartialEq)]

223

/// MyPerm with default (None = 0, none) {

224

/// Foo = 1, selinux name: foo;

225

/// Bar = 2, selinux name: bar;

/// }

/// );

/// ```

macro_rules! implement_permission {

230

// This rule provides the public interface of the macro. And starts the preprocessing

231

// recursion (see below).

232

($(#[$m:meta])* $name:ident with default

233

($def_name:ident = $def_val:expr, $def_selinux_name:ident)

234

{

235

$($(#[$element_meta:meta])*

236

$element_name:ident = $element_val:expr, selinux name: $selinux_name:ident;)*

})

=> {

$(#[$m])*

pub enum $name {

/// The default variant of an enum.

242

$def_name = $def_val,

243

$(

244

$(#[$element_meta])*

245

$element_name = $element_val,

)*

}

impl From<i32> for $name {

250

fn from (p: i32) -> Self {

251

match p {

252

$def_val => Self::$def_name,

253

$($element_val => Self::$element_name,)*

254

_ => Self::$def_name,

}

}

}

impl Into<i32> for $name {

260

fn into(self) -> i32 {

self as i32

}

}

impl $name {

/// Returns a string representation of the permission as required by

267

/// `selinux::check_access`.

268

pub fn to_selinux(&self) -> &'static str {

269

match self {

270

Self::$def_name => stringify!($def_selinux_name),

271

$(Self::$element_name => stringify!($selinux_name),)*

}

}

/// Creates an instance representing a permission with the same name.

276

pub const fn $def_selinux_name() -> Self { Self::$def_name }

277

$(

278

/// Creates an instance representing a permission with the same name.

279

pub const fn $selinux_name() -> Self { Self::$element_name }

280

)*

281

}

282

};

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

283

}

284

285

implement_permission!(

286

/// KeystorePerm provides a convenient abstraction from the SELinux class `keystore2`.

287

/// Using the implement_permission macro we get the same features as `KeyPerm`.

288

#[derive(Clone, Copy, Debug, PartialEq)]

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

289

KeystorePerm with default (None = 0, none) {

290

/// Checked when a new auth token is installed.

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

291

AddAuth = 1, selinux name: add_auth;

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

292

/// Checked when an app is uninstalled or wiped.

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

293

ClearNs = 2, selinux name: clear_ns;

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

294

/// Checked when Keystore 2.0 gets locked.

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

295

GetState = 4, selinux name: get_state;

Janis Danisevskis

2020-09-22 16:42:35 -0700

[diff] [blame]

296

/// Checked when Keystore 2.0 is asked to list a namespace that the caller

297

/// does not have the get_info permission for.

298

List = 8, selinux name: list;

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

299

/// Checked when Keystore 2.0 gets locked.

Janis Danisevskis

2020-09-22 16:42:35 -0700

[diff] [blame]

300

Lock = 0x10, selinux name: lock;

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

301

/// Checked when Keystore 2.0 shall be reset.

Janis Danisevskis

2020-09-22 16:42:35 -0700

[diff] [blame]

302

Reset = 0x20, selinux name: reset;

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

303

/// Checked when Keystore 2.0 shall be unlocked.

Janis Danisevskis

2020-09-22 16:42:35 -0700

[diff] [blame]

304

Unlock = 0x40, selinux name: unlock;

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

}

);

/// Represents a set of `KeyPerm` permissions.

309

/// `IntoIterator` is implemented for this struct allowing the iteration through all the

310

/// permissions in the set.

311

/// It also implements a function `includes(self, other)` that checks if the permissions

312

/// in `other` are included in `self`.

313

///

314

/// KeyPermSet can be created with the macro `key_perm_set![]`.

///

/// ## Example

/// ```

/// let perms1 = key_perm_set![KeyPerm::use_(), KeyPerm::manage_blob(), KeyPerm::grant()];

319

/// let perms2 = key_perm_set![KeyPerm::use_(), KeyPerm::manage_blob()];

320

///

321

/// assert!(perms1.includes(perms2))

322

/// assert!(!perms2.includes(perms1))

323

///

324

/// let i = perms1.into_iter();

325

/// // iteration in ascending order of the permission's numeric representation.

326

/// assert_eq(Some(KeyPerm::manage_blob()), i.next());

327

/// assert_eq(Some(KeyPerm::grant()), i.next());

328

/// assert_eq(Some(KeyPerm::use_()), i.next());

329

/// assert_eq(None, i.next());

330

/// ```

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

331

#[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd)]

332

pub struct KeyPermSet(pub i32);

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

mod perm {

use super::*;

pub struct IntoIter {

vec: KeyPermSet,

pos: u8,

}

impl IntoIter {

pub fn new(v: KeyPermSet) -> Self {

344

Self { vec: v, pos: 0 }

}

}

impl std::iter::Iterator for IntoIter {

349

type Item = KeyPerm;

350

351

fn next(&mut self) -> Option<Self::Item> {

loop {

if self.pos == 32 {

return None;

}

let p = self.vec.0 & (1 << self.pos);

357

self.pos += 1;

358

if p != 0 {

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

359

return Some(KeyPerm::from(KeyPermission(p)));

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

}

}

}

}

}

impl From<KeyPerm> for KeyPermSet {

367

fn from(p: KeyPerm) -> Self {

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

368

Self((p.0).0 as i32)

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

}

}

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

372

/// allow conversion from the AIDL wire type i32 to a permission set.

373

impl From<i32> for KeyPermSet {

374

fn from(p: i32) -> Self {

Self(p)

}

}

impl From<KeyPermSet> for i32 {

380

fn from(p: KeyPermSet) -> i32 {

p.0

}

}

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

385

impl KeyPermSet {

386

/// Returns true iff this permission set has all of the permissions that are in `other`.

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

387

pub fn includes<T: Into<KeyPermSet>>(&self, other: T) -> bool {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

388

let o: KeyPermSet = other.into();

389

(self.0 & o.0) == o.0

}

}

/// This macro can be used to create a `KeyPermSet` from a list of `KeyPerm` values.

///

/// ## Example

/// ```

/// let v = key_perm_set![Perm::delete(), Perm::manage_blob()];

398

/// ```

399

#[macro_export]

400

macro_rules! key_perm_set {

401

() => { KeyPermSet(0) };

402

($head:expr $(, $tail:expr)* $(,)?) => {

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

403

KeyPermSet(($head.0).0 $(| ($tail.0).0)*)

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

};

}

impl IntoIterator for KeyPermSet {

408

type Item = KeyPerm;

409

type IntoIter = perm::IntoIter;

410

411

fn into_iter(self) -> Self::IntoIter {

412

Self::IntoIter::new(self)

}

}

/// Uses `selinux::check_access` to check if the given caller context `caller_cxt` may access

417

/// the given permision `perm` of the `keystore2` security class.

Janis Danisevskis

2020-08-18 12:52:27 -0700

[diff] [blame]

418

pub fn check_keystore_permission(caller_ctx: &CStr, perm: KeystorePerm) -> anyhow::Result<()> {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

419

let target_context = getcon().context("check_keystore_permission: getcon failed.")?;

420

selinux::check_access(caller_ctx, &target_context, "keystore2", perm.to_selinux())

421

}

422

423

/// Uses `selinux::check_access` to check if the given caller context `caller_cxt` has

424

/// all the permissions indicated in `access_vec` for the target domain indicated by the key

425

/// descriptor `key` in the security class `keystore2_key`.

426

///

427

/// Also checks if the caller has the grant permission for the given target domain.

428

///

429

/// Attempts to grant the grant permission are always denied.

430

///

431

/// The only viable target domains are

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

432

/// * `Domain::APP` in which case u:r:keystore:s0 is used as target context and

433

/// * `Domain::SELINUX` in which case the `key.nspace` parameter is looked up in

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

434

/// SELinux keystore key backend, and the result is used

435

/// as target context.

436

pub fn check_grant_permission(

Janis Danisevskis

2020-08-18 12:52:27 -0700

[diff] [blame]

437

caller_ctx: &CStr,

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

438

access_vec: KeyPermSet,

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

439

key: &KeyDescriptor,

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

440

) -> anyhow::Result<()> {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

441

let target_context = match key.domain {

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

442

Domain::APP => getcon().context("check_grant_permission: getcon failed.")?,

443

Domain::SELINUX => lookup_keystore2_key_context(key.nspace)

444

.context("check_grant_permission: Domain::SELINUX: Failed to lookup namespace.")?,

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

445

_ => return Err(KsError::sys()).context(format!("Cannot grant {:?}.", key.domain)),

446

};

447

448

selinux::check_access(caller_ctx, &target_context, "keystore2_key", "grant")

449

.context("Grant permission is required when granting.")?;

450

451

if access_vec.includes(KeyPerm::grant()) {

452

return Err(selinux::Error::perm()).context("Grant permission cannot be granted.");

453

}

454

455

for p in access_vec.into_iter() {

456

selinux::check_access(caller_ctx, &target_context, "keystore2_key", p.to_selinux())

457

.context(concat!(

458

"check_grant_permission: check_access failed. ",

459

"The caller may have tried to grant a permission that they don't possess."

))?

}

Ok(())

}

/// Uses `selinux::check_access` to check if the given caller context `caller_cxt`

466

/// has the permissions indicated by `perm` for the target domain indicated by the key

467

/// descriptor `key` in the security class `keystore2_key`.

468

///

469

/// The behavior differs slightly depending on the selected target domain:

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

470

/// * `Domain::APP` u:r:keystore:s0 is used as target context.

471

/// * `Domain::SELINUX` `key.nspace` parameter is looked up in the SELinux keystore key

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

472

/// backend, and the result is used as target context.

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

473

/// * `Domain::BLOB` Same as SELinux but the "manage_blob" permission is always checked additionally

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

474

/// to the one supplied in `perm`.

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

475

/// * `Domain::GRANT` Does not use selinux::check_access. Instead the `access_vector`

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

476

/// parameter is queried for permission, which must be supplied in this case.

477

///

478

/// ## Return values.

479

/// * Ok(()) If the requested permissions were granted.

480

/// * Err(selinux::Error::perm()) If the requested permissions were denied.

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

481

/// * Err(KsError::sys()) This error is produced if `Domain::GRANT` is selected but no `access_vec`

482

/// was supplied. It is also produced if `Domain::KEY_ID` was selected, and

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

483

/// on various unexpected backend failures.

484

pub fn check_key_permission(

Janis Danisevskis

2020-08-18 12:52:27 -0700

[diff] [blame]

485

caller_ctx: &CStr,

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

486

perm: KeyPerm,

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

487

key: &KeyDescriptor,

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

488

access_vector: &Option<KeyPermSet>,

489

) -> anyhow::Result<()> {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

490

let target_context = match key.domain {

491

// apps get the default keystore context

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

492

Domain::APP => getcon().context("check_key_permission: getcon failed.")?,

493

Domain::SELINUX => lookup_keystore2_key_context(key.nspace)

494

.context("check_key_permission: Domain::SELINUX: Failed to lookup namespace.")?,

495

Domain::GRANT => {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

496

match access_vector {

497

Some(pv) => {

498

if pv.includes(perm) {

499

return Ok(());

500

} else {

501

return Err(selinux::Error::perm())

502

.context(format!("\"{}\" not granted", perm.to_selinux()));

}

}

None => {

// If DOMAIN_GRANT was selected an access vector must be supplied.

507

return Err(KsError::sys()).context(

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

508

"Cannot check permission for Domain::GRANT without access vector.",

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

);

}

}

}

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

513

Domain::KEY_ID => {

514

// We should never be called with `Domain::KEY_ID. The database

515

// lookup should have converted this into one of `Domain::APP`

516

// or `Domain::SELINUX`.

517

return Err(KsError::sys()).context("Cannot check permission for Domain::KEY_ID.");

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

518

}

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

519

Domain::BLOB => {

520

let tctx = lookup_keystore2_key_context(key.nspace)

521

.context("Domain::BLOB: Failed to lookup namespace.")?;

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

522

// If DOMAIN_KEY_BLOB was specified, we check for the "manage_blob"

523

// permission in addition to the requested permission.

524

selinux::check_access(

caller_ctx,

&tctx,

"keystore2_key",

KeyPerm::manage_blob().to_selinux(),

)?;

tctx

}

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

533

_ => {

534

return Err(KsError::sys())

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

535

.context(format!("Unknown domain value: \"{:?}\".", key.domain))

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

536

}

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

537

};

538

539

selinux::check_access(caller_ctx, &target_context, "keystore2_key", perm.to_selinux())

}

#[cfg(test)]

mod tests {

use super::*;

use anyhow::anyhow;

use anyhow::Result;

use keystore2_selinux::*;

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

548

549

const ALL_PERMS: KeyPermSet = key_perm_set![

550

KeyPerm::manage_blob(),

551

KeyPerm::delete(),

552

KeyPerm::use_dev_id(),

553

KeyPerm::req_forced_op(),

554

KeyPerm::gen_unique_id(),

555

KeyPerm::grant(),

556

KeyPerm::get_info(),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

KeyPerm::rebind(),

KeyPerm::update(),

KeyPerm::use_(),

];

const NOT_GRANT_PERMS: KeyPermSet = key_perm_set![

563

KeyPerm::manage_blob(),

564

KeyPerm::delete(),

565

KeyPerm::use_dev_id(),

566

KeyPerm::req_forced_op(),

567

KeyPerm::gen_unique_id(),

568

// No KeyPerm::grant()

569

KeyPerm::get_info(),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

KeyPerm::rebind(),

KeyPerm::update(),

KeyPerm::use_(),

];

const UNPRIV_PERMS: KeyPermSet = key_perm_set![

576

KeyPerm::delete(),

577

KeyPerm::get_info(),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

KeyPerm::rebind(),

KeyPerm::update(),

KeyPerm::use_(),

];

/// The su_key namespace as defined in su.te and keystore_key_contexts of the

584

/// SePolicy (system/sepolicy).

585

const SU_KEY_NAMESPACE: i32 = 0;

586

/// The shell_key namespace as defined in shell.te and keystore_key_contexts of the

587

/// SePolicy (system/sepolicy).

588

const SHELL_KEY_NAMESPACE: i32 = 1;

589

590

pub fn test_getcon() -> Result<Context> {

591

Context::new("u:object_r:keystore:s0")

592

}

593

594

// This macro evaluates the given expression and checks that

595

// a) evaluated to Result::Err() and that

596

// b) the wrapped error is selinux::Error::perm() (permission denied).

597

// We use a macro here because a function would mask which invocation caused the failure.

598

//

599

// TODO b/164121720 Replace this macro with a function when `track_caller` is available.

600

macro_rules! assert_perm_failed {

601

($test_function:expr) => {

602

let result = $test_function;

603

assert!(result.is_err(), "Permission check should have failed.");

604

assert_eq!(

605

Some(&selinux::Error::perm()),

606

result.err().unwrap().root_cause().downcast_ref::<selinux::Error>()

);

};

}

fn check_context() -> Result<(selinux::Context, i32, bool)> {

612

// Calling the non mocked selinux::getcon here intended.

613

let context = selinux::getcon()?;

614

match context.to_str().unwrap() {

615

"u:r:su:s0" => Ok((context, SU_KEY_NAMESPACE, true)),

616

"u:r:shell:s0" => Ok((context, SHELL_KEY_NAMESPACE, false)),

617

c => Err(anyhow!(format!(

618

"This test must be run as \"su\" or \"shell\". Current context: \"{}\"",

c

))),

}

}

#[test]

fn check_keystore_permission_test() -> Result<()> {

626

let system_server_ctx = Context::new("u:r:system_server:s0")?;

627

assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::add_auth()).is_ok());

628

assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::clear_ns()).is_ok());

629

assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::get_state()).is_ok());

Janis Danisevskis

2020-09-22 16:42:35 -0700

[diff] [blame]

630

assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::list()).is_ok());

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

631

assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::lock()).is_ok());

632

assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::reset()).is_ok());

633

assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::unlock()).is_ok());

634

let shell_ctx = Context::new("u:r:shell:s0")?;

635

assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::add_auth()));

636

assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::clear_ns()));

637

assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::get_state()));

Janis Danisevskis

2020-09-22 16:42:35 -0700

[diff] [blame]

638

assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::list()));

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

639

assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::lock()));

640

assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::reset()));

641

assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::unlock()));

Ok(())

}

#[test]

fn check_grant_permission_app() -> Result<()> {

647

let system_server_ctx = Context::new("u:r:system_server:s0")?;

648

let shell_ctx = Context::new("u:r:shell:s0")?;

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

649

let key = KeyDescriptor { domain: Domain::APP, nspace: 0, alias: None, blob: None };

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

650

assert!(check_grant_permission(&system_server_ctx, NOT_GRANT_PERMS, &key).is_ok());

651

// attempts to grant the grant permission must always fail even when privileged.

652

653

assert_perm_failed!(check_grant_permission(

654

&system_server_ctx,

655

KeyPerm::grant().into(),

656

&key

657

));

658

// unprivileged grant attempts always fail. shell does not have the grant permission.

659

assert_perm_failed!(check_grant_permission(&shell_ctx, UNPRIV_PERMS, &key));

Ok(())

}

#[test]

fn check_grant_permission_selinux() -> Result<()> {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

665

let (sctx, namespace, is_su) = check_context()?;

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

666

let key = KeyDescriptor {

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

667

domain: Domain::SELINUX,

668

nspace: namespace as i64,

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

alias: None,

blob: None,

};

if is_su {

assert!(check_grant_permission(&sctx, NOT_GRANT_PERMS, &key).is_ok());

674

// attempts to grant the grant permission must always fail even when privileged.

675

assert_perm_failed!(check_grant_permission(&sctx, KeyPerm::grant().into(), &key));

676

} else {

677

// unprivileged grant attempts always fail. shell does not have the grant permission.

678

assert_perm_failed!(check_grant_permission(&sctx, UNPRIV_PERMS, &key));

}

Ok(())

}

#[test]

fn check_key_permission_domain_grant() -> Result<()> {

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

685

let key = KeyDescriptor { domain: Domain::GRANT, nspace: 0, alias: None, blob: None };

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

686

687

assert_perm_failed!(check_key_permission(

688

&selinux::Context::new("ignored").unwrap(),

KeyPerm::grant(),

&key,

&Some(UNPRIV_PERMS)

));

check_key_permission(

695

&selinux::Context::new("ignored").unwrap(),

KeyPerm::use_(),

&key,

&Some(ALL_PERMS),

)

}

#[test]

fn check_key_permission_domain_app() -> Result<()> {

704

let system_server_ctx = Context::new("u:r:system_server:s0")?;

705

let shell_ctx = Context::new("u:r:shell:s0")?;

706

let gmscore_app = Context::new("u:r:gmscore_app:s0")?;

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

707

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

708

let key = KeyDescriptor { domain: Domain::APP, nspace: 0, alias: None, blob: None };

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

709

710

assert!(check_key_permission(&system_server_ctx, KeyPerm::use_(), &key, &None).is_ok());

711

assert!(check_key_permission(&system_server_ctx, KeyPerm::delete(), &key, &None).is_ok());

712

assert!(check_key_permission(&system_server_ctx, KeyPerm::get_info(), &key, &None).is_ok());

713

assert!(check_key_permission(&system_server_ctx, KeyPerm::rebind(), &key, &None).is_ok());

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

714

assert!(check_key_permission(&system_server_ctx, KeyPerm::update(), &key, &None).is_ok());

715

assert!(check_key_permission(&system_server_ctx, KeyPerm::grant(), &key, &None).is_ok());

716

assert!(

717

check_key_permission(&system_server_ctx, KeyPerm::use_dev_id(), &key, &None).is_ok()

718

);

719

assert!(check_key_permission(&gmscore_app, KeyPerm::gen_unique_id(), &key, &None).is_ok());

720

721

assert!(check_key_permission(&shell_ctx, KeyPerm::use_(), &key, &None).is_ok());

722

assert!(check_key_permission(&shell_ctx, KeyPerm::delete(), &key, &None).is_ok());

723

assert!(check_key_permission(&shell_ctx, KeyPerm::get_info(), &key, &None).is_ok());

724

assert!(check_key_permission(&shell_ctx, KeyPerm::rebind(), &key, &None).is_ok());

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

725

assert!(check_key_permission(&shell_ctx, KeyPerm::update(), &key, &None).is_ok());

726

assert_perm_failed!(check_key_permission(&shell_ctx, KeyPerm::grant(), &key, &None));

727

assert_perm_failed!(check_key_permission(

728

&shell_ctx,

729

KeyPerm::req_forced_op(),

&key,

&None

));

assert_perm_failed!(check_key_permission(&shell_ctx, KeyPerm::manage_blob(), &key, &None));

734

assert_perm_failed!(check_key_permission(&shell_ctx, KeyPerm::use_dev_id(), &key, &None));

735

assert_perm_failed!(check_key_permission(

736

&shell_ctx,

737

KeyPerm::gen_unique_id(),

&key,

&None

));

Ok(())

}

#[test]

fn check_key_permission_domain_selinux() -> Result<()> {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

747

let (sctx, namespace, is_su) = check_context()?;

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

748

let key = KeyDescriptor {

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

749

domain: Domain::SELINUX,

750

nspace: namespace as i64,

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

alias: None,

blob: None,

};

if is_su {

assert!(check_key_permission(&sctx, KeyPerm::use_(), &key, &None).is_ok());

757

assert!(check_key_permission(&sctx, KeyPerm::delete(), &key, &None).is_ok());

758

assert!(check_key_permission(&sctx, KeyPerm::get_info(), &key, &None).is_ok());

759

assert!(check_key_permission(&sctx, KeyPerm::rebind(), &key, &None).is_ok());

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

760

assert!(check_key_permission(&sctx, KeyPerm::update(), &key, &None).is_ok());

761

assert!(check_key_permission(&sctx, KeyPerm::grant(), &key, &None).is_ok());

762

assert!(check_key_permission(&sctx, KeyPerm::manage_blob(), &key, &None).is_ok());

763

assert!(check_key_permission(&sctx, KeyPerm::use_dev_id(), &key, &None).is_ok());

764

assert!(check_key_permission(&sctx, KeyPerm::gen_unique_id(), &key, &None).is_ok());

765

assert!(check_key_permission(&sctx, KeyPerm::req_forced_op(), &key, &None).is_ok());

766

} else {

767

assert!(check_key_permission(&sctx, KeyPerm::use_(), &key, &None).is_ok());

768

assert!(check_key_permission(&sctx, KeyPerm::delete(), &key, &None).is_ok());

769

assert!(check_key_permission(&sctx, KeyPerm::get_info(), &key, &None).is_ok());

770

assert!(check_key_permission(&sctx, KeyPerm::rebind(), &key, &None).is_ok());

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

771

assert!(check_key_permission(&sctx, KeyPerm::update(), &key, &None).is_ok());

772

assert_perm_failed!(check_key_permission(&sctx, KeyPerm::grant(), &key, &None));

773

assert_perm_failed!(check_key_permission(&sctx, KeyPerm::req_forced_op(), &key, &None));

774

assert_perm_failed!(check_key_permission(&sctx, KeyPerm::manage_blob(), &key, &None));

775

assert_perm_failed!(check_key_permission(&sctx, KeyPerm::use_dev_id(), &key, &None));

776

assert_perm_failed!(check_key_permission(&sctx, KeyPerm::gen_unique_id(), &key, &None));

}

Ok(())

}

#[test]

fn check_key_permission_domain_blob() -> Result<()> {

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

783

let (sctx, namespace, is_su) = check_context()?;

Janis Danisevskis

2020-08-07 12:39:56 -0700

[diff] [blame]

784

let key = KeyDescriptor {

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

785

domain: Domain::BLOB,

786

nspace: namespace as i64,

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

alias: None,

blob: None,

};

if is_su {

check_key_permission(&sctx, KeyPerm::use_(), &key, &None)

793

} else {

794

assert_perm_failed!(check_key_permission(&sctx, KeyPerm::use_(), &key, &None));

Ok(())

}

}

#[test]

fn check_key_permission_domain_key_id() -> Result<()> {

Janis Danisevskis

2020-09-11 13:27:37 -0700

[diff] [blame]

801

let key = KeyDescriptor { domain: Domain::KEY_ID, nspace: 0, alias: None, blob: None };

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

802

803

assert_eq!(

804

Some(&KsError::sys()),

805

check_key_permission(

806

&selinux::Context::new("ignored").unwrap(),

KeyPerm::use_(),

&key,

&None

)

.err()

.unwrap()

.root_cause()

.downcast_ref::<KsError>()

);

Ok(())

}

#[test]

fn key_perm_set_all_test() {

821

let v = key_perm_set![

822

KeyPerm::manage_blob(),

823

KeyPerm::delete(),

824

KeyPerm::use_dev_id(),

825

KeyPerm::req_forced_op(),

826

KeyPerm::gen_unique_id(),

827

KeyPerm::grant(),

828

KeyPerm::get_info(),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

829

KeyPerm::rebind(),

830

KeyPerm::update(),

831

KeyPerm::use_() // Test if the macro accepts missing comma at the end of the list.

832

];

833

let mut i = v.into_iter();

834

assert_eq!(i.next().unwrap().to_selinux(), "delete");

835

assert_eq!(i.next().unwrap().to_selinux(), "gen_unique_id");

836

assert_eq!(i.next().unwrap().to_selinux(), "get_info");

837

assert_eq!(i.next().unwrap().to_selinux(), "grant");

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

838

assert_eq!(i.next().unwrap().to_selinux(), "manage_blob");

839

assert_eq!(i.next().unwrap().to_selinux(), "rebind");

840

assert_eq!(i.next().unwrap().to_selinux(), "req_forced_op");

841

assert_eq!(i.next().unwrap().to_selinux(), "update");

842

assert_eq!(i.next().unwrap().to_selinux(), "use");

843

assert_eq!(i.next().unwrap().to_selinux(), "use_dev_id");

844

assert_eq!(None, i.next());

845

}

846

#[test]

847

fn key_perm_set_sparse_test() {

848

let v = key_perm_set![

849

KeyPerm::manage_blob(),

850

KeyPerm::req_forced_op(),

851

KeyPerm::gen_unique_id(),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

852

KeyPerm::update(),

853

KeyPerm::use_(), // Test if macro accepts the comma at the end of the list.

854

];

855

let mut i = v.into_iter();

856

assert_eq!(i.next().unwrap().to_selinux(), "gen_unique_id");

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

857

assert_eq!(i.next().unwrap().to_selinux(), "manage_blob");

858

assert_eq!(i.next().unwrap().to_selinux(), "req_forced_op");

859

assert_eq!(i.next().unwrap().to_selinux(), "update");

860

assert_eq!(i.next().unwrap().to_selinux(), "use");

861

assert_eq!(None, i.next());

862

}

863

#[test]

864

fn key_perm_set_empty_test() {

865

let v = key_perm_set![];

866

let mut i = v.into_iter();

867

assert_eq!(None, i.next());

868

}

869

#[test]

870

fn key_perm_set_include_subset_test() {

871

let v1 = key_perm_set![

872

KeyPerm::manage_blob(),

873

KeyPerm::delete(),

874

KeyPerm::use_dev_id(),

875

KeyPerm::req_forced_op(),

876

KeyPerm::gen_unique_id(),

877

KeyPerm::grant(),

878

KeyPerm::get_info(),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

KeyPerm::rebind(),

KeyPerm::update(),

KeyPerm::use_(),

];

let v2 = key_perm_set![

884

KeyPerm::manage_blob(),

885

KeyPerm::delete(),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

KeyPerm::rebind(),

KeyPerm::update(),

KeyPerm::use_(),

];

assert!(v1.includes(v2));

891

assert!(!v2.includes(v1));

892

}

893

#[test]

894

fn key_perm_set_include_equal_test() {

895

let v1 = key_perm_set![

896

KeyPerm::manage_blob(),

897

KeyPerm::delete(),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

KeyPerm::rebind(),

KeyPerm::update(),

KeyPerm::use_(),

];

let v2 = key_perm_set![

903

KeyPerm::manage_blob(),

904

KeyPerm::delete(),

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

KeyPerm::rebind(),

KeyPerm::update(),

KeyPerm::use_(),

];

assert!(v1.includes(v2));

910

assert!(v2.includes(v1));

911

}

912

#[test]

913

fn key_perm_set_include_overlap_test() {

914

let v1 = key_perm_set![

915

KeyPerm::manage_blob(),

916

KeyPerm::delete(),

917

KeyPerm::grant(), // only in v1

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

KeyPerm::rebind(),

KeyPerm::update(),

KeyPerm::use_(),

];

let v2 = key_perm_set![

923

KeyPerm::manage_blob(),

924

KeyPerm::delete(),

925

KeyPerm::req_forced_op(), // only in v2

Janis Danisevskis

2020-07-21 12:27:13 -0700

[diff] [blame]

KeyPerm::rebind(),

KeyPerm::update(),

KeyPerm::use_(),

];

assert!(!v1.includes(v2));

931

assert!(!v2.includes(v1));

932

}

933

#[test]

934

fn key_perm_set_include_no_overlap_test() {

935

let v1 = key_perm_set![KeyPerm::manage_blob(), KeyPerm::delete(), KeyPerm::grant(),];

936

let v2 = key_perm_set![

937

KeyPerm::req_forced_op(),

Janis Danisevskis