Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / daf73bcdaace0d8193b2fe51add3940c45bd47a9 / . / keystore2 / src / permission.rs
blob: e6d61b07a05e081b586841877e907807957af2d0 [file] [log] [blame]
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]1// Copyright 2020, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! This crate provides access control primitives for Keystore 2.0.
16//! It provides high level functions for checking permissions in the keystore2 and keystore2_key
17//! SELinux classes based on the keystore2_selinux backend.
18//! It also provides KeystorePerm and KeyPerm as convenience wrappers for the SELinux permission
19//! defined by keystore2 and keystore2_key respectively.
20
Janis Danisevskisa2f48502021-10-18 16:07:09 -0700[diff] [blame]21use crate::error::Error as KsError;
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]22use android_system_keystore2::aidl::android::system::keystore2::{
23 Domain::Domain, KeyDescriptor::KeyDescriptor, KeyPermission::KeyPermission,
24};
Janis Danisevskisa2f48502021-10-18 16:07:09 -0700[diff] [blame]25use anyhow::Context as AnyhowContext;
26use keystore2_selinux as selinux;
27use lazy_static::lazy_static;
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]28use selinux::{implement_class, Backend, ClassPermission};
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]29use std::cmp::PartialEq;
30use std::convert::From;
Janis Danisevskis935e6c62020-08-18 12:52:27 -0700[diff] [blame]31use std::ffi::CStr;
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]32
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]33// Replace getcon with a mock in the test situation
34#[cfg(not(test))]
35use selinux::getcon;
36#[cfg(test)]
37use tests::test_getcon as getcon;
38
Janis Danisevskis4ad056f2020-08-05 19:46:46 +0000[diff] [blame]39lazy_static! {
40 // Panicking here is allowed because keystore cannot function without this backend
41 // and it would happen early and indicate a gross misconfiguration of the device.
42 static ref KEYSTORE2_KEY_LABEL_BACKEND: selinux::KeystoreKeyBackend =
43 selinux::KeystoreKeyBackend::new().unwrap();
44}
45
46fn lookup_keystore2_key_context(namespace: i64) -> anyhow::Result<selinux::Context> {
47 KEYSTORE2_KEY_LABEL_BACKEND.lookup(&namespace.to_string())
48}
49
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]50implement_class!(
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]51 /// KeyPerm provides a convenient abstraction from the SELinux class `keystore2_key`.
52 /// At the same time it maps `KeyPermissions` from the Keystore 2.0 AIDL Grant interface to
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]53 /// the SELinux permissions.
54 #[repr(i32)]
55 #[selinux(class_name = keystore2_key)]
56 #[derive(Clone, Copy, Debug, PartialEq)]
57 pub enum KeyPerm {
58 /// Checked when convert_storage_key_to_ephemeral is called.
59 #[selinux(name = convert_storage_key_to_ephemeral)]
60 ConvertStorageKeyToEphemeral = KeyPermission::CONVERT_STORAGE_KEY_TO_EPHEMERAL.0,
61 /// Checked when the caller tries do delete a key.
62 #[selinux(name = delete)]
63 Delete = KeyPermission::DELETE.0,
64 /// Checked when the caller tries to use a unique id.
65 #[selinux(name = gen_unique_id)]
66 GenUniqueId = KeyPermission::GEN_UNIQUE_ID.0,
67 /// Checked when the caller tries to load a key.
68 #[selinux(name = get_info)]
69 GetInfo = KeyPermission::GET_INFO.0,
70 /// Checked when the caller attempts to grant a key to another uid.
71 /// Also used for gating key migration attempts.
72 #[selinux(name = grant)]
73 Grant = KeyPermission::GRANT.0,
74 /// Checked when the caller attempts to use Domain::BLOB.
75 #[selinux(name = manage_blob)]
76 ManageBlob = KeyPermission::MANAGE_BLOB.0,
77 /// Checked when the caller tries to create a key which implies rebinding
78 /// an alias to the new key.
79 #[selinux(name = rebind)]
80 Rebind = KeyPermission::REBIND.0,
81 /// Checked when the caller attempts to create a forced operation.
82 #[selinux(name = req_forced_op)]
83 ReqForcedOp = KeyPermission::REQ_FORCED_OP.0,
84 /// Checked when the caller attempts to update public key artifacts.
85 #[selinux(name = update)]
86 Update = KeyPermission::UPDATE.0,
87 /// Checked when the caller attempts to use a private or public key.
88 #[selinux(name = use)]
89 Use = KeyPermission::USE.0,
90 /// Checked when the caller attempts to use device ids for attestation.
91 #[selinux(name = use_dev_id)]
92 UseDevId = KeyPermission::USE_DEV_ID.0,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]93 }
94);
95
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]96implement_class!(
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]97 /// KeystorePerm provides a convenient abstraction from the SELinux class `keystore2`.
98 /// Using the implement_permission macro we get the same features as `KeyPerm`.
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]99 #[selinux(class_name = keystore2)]
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]100 #[derive(Clone, Copy, Debug, PartialEq)]
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]101 pub enum KeystorePerm {
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]102 /// Checked when a new auth token is installed.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]103 #[selinux(name = add_auth)]
104 AddAuth,
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]105 /// Checked when an app is uninstalled or wiped.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]106 #[selinux(name = clear_ns)]
107 ClearNs,
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]108 /// Checked when the user state is queried from Keystore 2.0.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]109 #[selinux(name = get_state)]
110 GetState,
Janis Danisevskisee10b5f2020-09-22 16:42:35 -0700[diff] [blame]111 /// Checked when Keystore 2.0 is asked to list a namespace that the caller
112 /// does not have the get_info permission for.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]113 #[selinux(name = list)]
114 List,
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]115 /// Checked when Keystore 2.0 gets locked.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]116 #[selinux(name = lock)]
117 Lock,
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]118 /// Checked when Keystore 2.0 shall be reset.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]119 #[selinux(name = reset)]
120 Reset,
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]121 /// Checked when Keystore 2.0 shall be unlocked.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]122 #[selinux(name = unlock)]
123 Unlock,
Hasini Gunasinghe803c2d42021-01-27 00:48:40 +0000[diff] [blame]124 /// Checked when user is added or removed.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]125 #[selinux(name = change_user)]
126 ChangeUser,
Hasini Gunasinghe803c2d42021-01-27 00:48:40 +0000[diff] [blame]127 /// Checked when password of the user is changed.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]128 #[selinux(name = change_password)]
129 ChangePassword,
Hasini Gunasinghe803c2d42021-01-27 00:48:40 +0000[diff] [blame]130 /// Checked when a UID is cleared.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]131 #[selinux(name = clear_uid)]
132 ClearUID,
Hasini Gunasinghe5fc95252020-12-04 00:35:08 +0000[diff] [blame]133 /// Checked when Credstore calls IKeystoreAuthorization to obtain auth tokens.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]134 #[selinux(name = get_auth_token)]
135 GetAuthToken,
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]136 /// Checked when earlyBootEnded() is called.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]137 #[selinux(name = early_boot_ended)]
138 EarlyBootEnded,
Janis Danisevskis333b7c02021-03-23 18:57:41 -0700[diff] [blame]139 /// Checked when IKeystoreMaintenance::onDeviceOffBody is called.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]140 #[selinux(name = report_off_body)]
141 ReportOffBody,
142 /// Checked when IkeystoreMetrics::pullMetrics is called.
143 #[selinux(name = pull_metrics)]
144 PullMetrics,
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]145 /// Checked when IKeystoreMaintenance::deleteAllKeys is called.
Janis Danisevskis751d2c82021-10-18 15:37:09 -0700[diff] [blame]146 #[selinux(name = delete_all_keys)]
147 DeleteAllKeys,
Ashwini Orugantidaf73bc2021-11-15 10:46:31 -0800[diff] [blame^]148 /// Checked when migrating any key from any namespace to any other namespace. It was
149 /// introduced for migrating keys when an app leaves a sharedUserId.
150 #[selinux(name = migrate_any_key)]
151 MigrateAnyKey,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]152 }
153);
154
155/// Represents a set of `KeyPerm` permissions.
156/// `IntoIterator` is implemented for this struct allowing the iteration through all the
157/// permissions in the set.
158/// It also implements a function `includes(self, other)` that checks if the permissions
159/// in `other` are included in `self`.
160///
161/// KeyPermSet can be created with the macro `key_perm_set![]`.
162///
163/// ## Example
164/// ```
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]165/// let perms1 = key_perm_set![KeyPerm::Use, KeyPerm::ManageBlob, KeyPerm::Grant];
166/// let perms2 = key_perm_set![KeyPerm::Use, KeyPerm::ManageBlob];
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]167///
168/// assert!(perms1.includes(perms2))
169/// assert!(!perms2.includes(perms1))
170///
171/// let i = perms1.into_iter();
172/// // iteration in ascending order of the permission's numeric representation.
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]173/// assert_eq(Some(KeyPerm::ManageBlob), i.next());
174/// assert_eq(Some(KeyPerm::Grant), i.next());
175/// assert_eq(Some(KeyPerm::Use), i.next());
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]176/// assert_eq(None, i.next());
177/// ```
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]178#[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd)]
179pub struct KeyPermSet(pub i32);
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]180
181mod perm {
182 use super::*;
183
184 pub struct IntoIter {
185 vec: KeyPermSet,
186 pos: u8,
187 }
188
189 impl IntoIter {
190 pub fn new(v: KeyPermSet) -> Self {
191 Self { vec: v, pos: 0 }
192 }
193 }
194
195 impl std::iter::Iterator for IntoIter {
196 type Item = KeyPerm;
197
198 fn next(&mut self) -> Option<Self::Item> {
199 loop {
200 if self.pos == 32 {
201 return None;
202 }
203 let p = self.vec.0 & (1 << self.pos);
204 self.pos += 1;
205 if p != 0 {
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]206 return Some(KeyPerm::from(p));
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]207 }
208 }
209 }
210 }
211}
212
213impl From<KeyPerm> for KeyPermSet {
214 fn from(p: KeyPerm) -> Self {
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]215 Self(p as i32)
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]216 }
217}
218
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]219/// allow conversion from the AIDL wire type i32 to a permission set.
220impl From<i32> for KeyPermSet {
221 fn from(p: i32) -> Self {
222 Self(p)
223 }
224}
225
226impl From<KeyPermSet> for i32 {
227 fn from(p: KeyPermSet) -> i32 {
228 p.0
229 }
230}
231
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]232impl KeyPermSet {
233 /// Returns true iff this permission set has all of the permissions that are in `other`.
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]234 pub fn includes<T: Into<KeyPermSet>>(&self, other: T) -> bool {
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]235 let o: KeyPermSet = other.into();
236 (self.0 & o.0) == o.0
237 }
238}
239
240/// This macro can be used to create a `KeyPermSet` from a list of `KeyPerm` values.
241///
242/// ## Example
243/// ```
244/// let v = key_perm_set![Perm::delete(), Perm::manage_blob()];
245/// ```
246#[macro_export]
247macro_rules! key_perm_set {
248 () => { KeyPermSet(0) };
249 ($head:expr $(, $tail:expr)* $(,)?) => {
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]250 KeyPermSet($head as i32 $(| $tail as i32)*)
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]251 };
252}
253
254impl IntoIterator for KeyPermSet {
255 type Item = KeyPerm;
256 type IntoIter = perm::IntoIter;
257
258 fn into_iter(self) -> Self::IntoIter {
259 Self::IntoIter::new(self)
260 }
261}
262
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]263/// Uses `selinux::check_permission` to check if the given caller context `caller_cxt` may access
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]264/// the given permision `perm` of the `keystore2` security class.
Janis Danisevskis935e6c62020-08-18 12:52:27 -0700[diff] [blame]265pub fn check_keystore_permission(caller_ctx: &CStr, perm: KeystorePerm) -> anyhow::Result<()> {
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]266 let target_context = getcon().context("check_keystore_permission: getcon failed.")?;
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]267 selinux::check_permission(caller_ctx, &target_context, perm)
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]268}
269
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]270/// Uses `selinux::check_permission` to check if the given caller context `caller_cxt` has
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]271/// all the permissions indicated in `access_vec` for the target domain indicated by the key
272/// descriptor `key` in the security class `keystore2_key`.
273///
274/// Also checks if the caller has the grant permission for the given target domain.
275///
276/// Attempts to grant the grant permission are always denied.
277///
278/// The only viable target domains are
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]279/// * `Domain::APP` in which case u:r:keystore:s0 is used as target context and
280/// * `Domain::SELINUX` in which case the `key.nspace` parameter is looked up in
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]281/// SELinux keystore key backend, and the result is used
282/// as target context.
283pub fn check_grant_permission(
Janis Danisevskis935e6c62020-08-18 12:52:27 -0700[diff] [blame]284 caller_ctx: &CStr,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]285 access_vec: KeyPermSet,
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]286 key: &KeyDescriptor,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]287) -> anyhow::Result<()> {
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]288 let target_context = match key.domain {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]289 Domain::APP => getcon().context("check_grant_permission: getcon failed.")?,
290 Domain::SELINUX => lookup_keystore2_key_context(key.nspace)
291 .context("check_grant_permission: Domain::SELINUX: Failed to lookup namespace.")?,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]292 _ => return Err(KsError::sys()).context(format!("Cannot grant {:?}.", key.domain)),
293 };
294
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]295 selinux::check_permission(caller_ctx, &target_context, KeyPerm::Grant)
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]296 .context("Grant permission is required when granting.")?;
297
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]298 if access_vec.includes(KeyPerm::Grant) {
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]299 return Err(selinux::Error::perm()).context("Grant permission cannot be granted.");
300 }
301
302 for p in access_vec.into_iter() {
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]303 selinux::check_permission(caller_ctx, &target_context, p).context(format!(
304 "check_grant_permission: check_permission failed. \
305 The caller may have tried to grant a permission that they don't possess. {:?}",
306 p
307 ))?
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]308 }
309 Ok(())
310}
311
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]312/// Uses `selinux::check_permission` to check if the given caller context `caller_cxt`
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]313/// has the permissions indicated by `perm` for the target domain indicated by the key
314/// descriptor `key` in the security class `keystore2_key`.
315///
316/// The behavior differs slightly depending on the selected target domain:
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]317/// * `Domain::APP` u:r:keystore:s0 is used as target context.
318/// * `Domain::SELINUX` `key.nspace` parameter is looked up in the SELinux keystore key
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]319/// backend, and the result is used as target context.
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]320/// * `Domain::BLOB` Same as SELinux but the "manage_blob" permission is always checked additionally
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]321/// to the one supplied in `perm`.
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]322/// * `Domain::GRANT` Does not use selinux::check_permission. Instead the `access_vector`
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]323/// parameter is queried for permission, which must be supplied in this case.
324///
325/// ## Return values.
326/// * Ok(()) If the requested permissions were granted.
327/// * Err(selinux::Error::perm()) If the requested permissions were denied.
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]328/// * Err(KsError::sys()) This error is produced if `Domain::GRANT` is selected but no `access_vec`
329/// was supplied. It is also produced if `Domain::KEY_ID` was selected, and
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]330/// on various unexpected backend failures.
331pub fn check_key_permission(
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]332 caller_uid: u32,
Janis Danisevskis935e6c62020-08-18 12:52:27 -0700[diff] [blame]333 caller_ctx: &CStr,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]334 perm: KeyPerm,
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]335 key: &KeyDescriptor,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]336 access_vector: &Option<KeyPermSet>,
337) -> anyhow::Result<()> {
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]338 // If an access vector was supplied, the key is either accessed by GRANT or by KEY_ID.
339 // In the former case, key.domain was set to GRANT and we check the failure cases
340 // further below. If the access is requested by KEY_ID, key.domain would have been
341 // resolved to APP or SELINUX depending on where the key actually resides.
342 // Either way we can return here immediately if the access vector covers the requested
343 // permission. If it does not, we can still check if the caller has access by means of
344 // ownership.
345 if let Some(access_vector) = access_vector {
346 if access_vector.includes(perm) {
347 return Ok(());
348 }
349 }
350
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]351 let target_context = match key.domain {
352 // apps get the default keystore context
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]353 Domain::APP => {
354 if caller_uid as i64 != key.nspace {
355 return Err(selinux::Error::perm())
356 .context("Trying to access key without ownership.");
357 }
358 getcon().context("check_key_permission: getcon failed.")?
359 }
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]360 Domain::SELINUX => lookup_keystore2_key_context(key.nspace)
361 .context("check_key_permission: Domain::SELINUX: Failed to lookup namespace.")?,
362 Domain::GRANT => {
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]363 match access_vector {
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]364 Some(_) => {
365 return Err(selinux::Error::perm())
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]366 .context(format!("\"{}\" not granted", perm.name()));
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]367 }
368 None => {
369 // If DOMAIN_GRANT was selected an access vector must be supplied.
370 return Err(KsError::sys()).context(
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]371 "Cannot check permission for Domain::GRANT without access vector.",
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]372 );
373 }
374 }
375 }
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]376 Domain::KEY_ID => {
377 // We should never be called with `Domain::KEY_ID. The database
378 // lookup should have converted this into one of `Domain::APP`
379 // or `Domain::SELINUX`.
380 return Err(KsError::sys()).context("Cannot check permission for Domain::KEY_ID.");
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]381 }
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]382 Domain::BLOB => {
383 let tctx = lookup_keystore2_key_context(key.nspace)
384 .context("Domain::BLOB: Failed to lookup namespace.")?;
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]385 // If DOMAIN_KEY_BLOB was specified, we check for the "manage_blob"
386 // permission in addition to the requested permission.
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]387 selinux::check_permission(caller_ctx, &tctx, KeyPerm::ManageBlob)?;
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]388
389 tctx
390 }
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]391 _ => {
392 return Err(KsError::sys())
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]393 .context(format!("Unknown domain value: \"{:?}\".", key.domain))
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]394 }
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]395 };
396
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]397 selinux::check_permission(caller_ctx, &target_context, perm)
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]398}
399
400#[cfg(test)]
401mod tests {
402 use super::*;
403 use anyhow::anyhow;
404 use anyhow::Result;
405 use keystore2_selinux::*;
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]406
407 const ALL_PERMS: KeyPermSet = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]408 KeyPerm::ManageBlob,
409 KeyPerm::Delete,
410 KeyPerm::UseDevId,
411 KeyPerm::ReqForcedOp,
412 KeyPerm::GenUniqueId,
413 KeyPerm::Grant,
414 KeyPerm::GetInfo,
415 KeyPerm::Rebind,
416 KeyPerm::Update,
417 KeyPerm::Use,
418 KeyPerm::ConvertStorageKeyToEphemeral,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]419 ];
420
Janis Danisevskisa31dd9e2021-01-30 00:13:17 -0800[diff] [blame]421 const SYSTEM_SERVER_PERMISSIONS_NO_GRANT: KeyPermSet = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]422 KeyPerm::Delete,
423 KeyPerm::UseDevId,
424 // No KeyPerm::Grant
425 KeyPerm::GetInfo,
426 KeyPerm::Rebind,
427 KeyPerm::Update,
428 KeyPerm::Use,
Janis Danisevskisa31dd9e2021-01-30 00:13:17 -0800[diff] [blame]429 ];
430
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]431 const NOT_GRANT_PERMS: KeyPermSet = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]432 KeyPerm::ManageBlob,
433 KeyPerm::Delete,
434 KeyPerm::UseDevId,
435 KeyPerm::ReqForcedOp,
436 KeyPerm::GenUniqueId,
437 // No KeyPerm::Grant
438 KeyPerm::GetInfo,
439 KeyPerm::Rebind,
440 KeyPerm::Update,
441 KeyPerm::Use,
442 KeyPerm::ConvertStorageKeyToEphemeral,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]443 ];
444
445 const UNPRIV_PERMS: KeyPermSet = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]446 KeyPerm::Delete,
447 KeyPerm::GetInfo,
448 KeyPerm::Rebind,
449 KeyPerm::Update,
450 KeyPerm::Use,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]451 ];
452
453 /// The su_key namespace as defined in su.te and keystore_key_contexts of the
454 /// SePolicy (system/sepolicy).
455 const SU_KEY_NAMESPACE: i32 = 0;
456 /// The shell_key namespace as defined in shell.te and keystore_key_contexts of the
457 /// SePolicy (system/sepolicy).
458 const SHELL_KEY_NAMESPACE: i32 = 1;
459
460 pub fn test_getcon() -> Result<Context> {
461 Context::new("u:object_r:keystore:s0")
462 }
463
464 // This macro evaluates the given expression and checks that
465 // a) evaluated to Result::Err() and that
466 // b) the wrapped error is selinux::Error::perm() (permission denied).
467 // We use a macro here because a function would mask which invocation caused the failure.
468 //
469 // TODO b/164121720 Replace this macro with a function when `track_caller` is available.
470 macro_rules! assert_perm_failed {
471 ($test_function:expr) => {
472 let result = $test_function;
473 assert!(result.is_err(), "Permission check should have failed.");
474 assert_eq!(
475 Some(&selinux::Error::perm()),
476 result.err().unwrap().root_cause().downcast_ref::<selinux::Error>()
477 );
478 };
479 }
480
481 fn check_context() -> Result<(selinux::Context, i32, bool)> {
482 // Calling the non mocked selinux::getcon here intended.
483 let context = selinux::getcon()?;
484 match context.to_str().unwrap() {
485 "u:r:su:s0" => Ok((context, SU_KEY_NAMESPACE, true)),
486 "u:r:shell:s0" => Ok((context, SHELL_KEY_NAMESPACE, false)),
487 c => Err(anyhow!(format!(
488 "This test must be run as \"su\" or \"shell\". Current context: \"{}\"",
489 c
490 ))),
491 }
492 }
493
494 #[test]
495 fn check_keystore_permission_test() -> Result<()> {
496 let system_server_ctx = Context::new("u:r:system_server:s0")?;
Janis Danisevskisa916d992021-10-19 15:46:09 -0700[diff] [blame]497 assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::AddAuth).is_ok());
498 assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::ClearNs).is_ok());
499 assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::GetState).is_ok());
500 assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::Lock).is_ok());
501 assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::Reset).is_ok());
502 assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::Unlock).is_ok());
503 assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::ChangeUser).is_ok());
504 assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::ChangePassword).is_ok());
505 assert!(check_keystore_permission(&system_server_ctx, KeystorePerm::ClearUID).is_ok());
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]506 let shell_ctx = Context::new("u:r:shell:s0")?;
Janis Danisevskisa916d992021-10-19 15:46:09 -0700[diff] [blame]507 assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::AddAuth));
508 assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::ClearNs));
509 assert!(check_keystore_permission(&shell_ctx, KeystorePerm::GetState).is_ok());
510 assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::List));
511 assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::Lock));
512 assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::Reset));
513 assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::Unlock));
514 assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::ChangeUser));
515 assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::ChangePassword));
516 assert_perm_failed!(check_keystore_permission(&shell_ctx, KeystorePerm::ClearUID));
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]517 Ok(())
518 }
519
520 #[test]
521 fn check_grant_permission_app() -> Result<()> {
522 let system_server_ctx = Context::new("u:r:system_server:s0")?;
523 let shell_ctx = Context::new("u:r:shell:s0")?;
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]524 let key = KeyDescriptor { domain: Domain::APP, nspace: 0, alias: None, blob: None };
Janis Danisevskisa31dd9e2021-01-30 00:13:17 -0800[diff] [blame]525 check_grant_permission(&system_server_ctx, SYSTEM_SERVER_PERMISSIONS_NO_GRANT, &key)
526 .expect("Grant permission check failed.");
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]527
Janis Danisevskisa31dd9e2021-01-30 00:13:17 -0800[diff] [blame]528 // attempts to grant the grant permission must always fail even when privileged.
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]529 assert_perm_failed!(check_grant_permission(
530 &system_server_ctx,
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]531 KeyPerm::Grant.into(),
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]532 &key
533 ));
534 // unprivileged grant attempts always fail. shell does not have the grant permission.
535 assert_perm_failed!(check_grant_permission(&shell_ctx, UNPRIV_PERMS, &key));
536 Ok(())
537 }
538
539 #[test]
540 fn check_grant_permission_selinux() -> Result<()> {
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]541 let (sctx, namespace, is_su) = check_context()?;
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]542 let key = KeyDescriptor {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]543 domain: Domain::SELINUX,
544 nspace: namespace as i64,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]545 alias: None,
546 blob: None,
547 };
548 if is_su {
549 assert!(check_grant_permission(&sctx, NOT_GRANT_PERMS, &key).is_ok());
550 // attempts to grant the grant permission must always fail even when privileged.
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]551 assert_perm_failed!(check_grant_permission(&sctx, KeyPerm::Grant.into(), &key));
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]552 } else {
553 // unprivileged grant attempts always fail. shell does not have the grant permission.
554 assert_perm_failed!(check_grant_permission(&sctx, UNPRIV_PERMS, &key));
555 }
556 Ok(())
557 }
558
559 #[test]
560 fn check_key_permission_domain_grant() -> Result<()> {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]561 let key = KeyDescriptor { domain: Domain::GRANT, nspace: 0, alias: None, blob: None };
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]562
563 assert_perm_failed!(check_key_permission(
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]564 0,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]565 &selinux::Context::new("ignored").unwrap(),
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]566 KeyPerm::Grant,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]567 &key,
568 &Some(UNPRIV_PERMS)
569 ));
570
571 check_key_permission(
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]572 0,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]573 &selinux::Context::new("ignored").unwrap(),
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]574 KeyPerm::Use,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]575 &key,
576 &Some(ALL_PERMS),
577 )
578 }
579
580 #[test]
581 fn check_key_permission_domain_app() -> Result<()> {
582 let system_server_ctx = Context::new("u:r:system_server:s0")?;
583 let shell_ctx = Context::new("u:r:shell:s0")?;
584 let gmscore_app = Context::new("u:r:gmscore_app:s0")?;
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]585
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]586 let key = KeyDescriptor { domain: Domain::APP, nspace: 0, alias: None, blob: None };
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]587
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]588 assert!(check_key_permission(0, &system_server_ctx, KeyPerm::Use, &key, &None).is_ok());
589 assert!(check_key_permission(0, &system_server_ctx, KeyPerm::Delete, &key, &None).is_ok());
590 assert!(check_key_permission(0, &system_server_ctx, KeyPerm::GetInfo, &key, &None).is_ok());
591 assert!(check_key_permission(0, &system_server_ctx, KeyPerm::Rebind, &key, &None).is_ok());
592 assert!(check_key_permission(0, &system_server_ctx, KeyPerm::Update, &key, &None).is_ok());
593 assert!(check_key_permission(0, &system_server_ctx, KeyPerm::Grant, &key, &None).is_ok());
594 assert!(check_key_permission(0, &system_server_ctx, KeyPerm::UseDevId, &key, &None).is_ok());
595 assert!(check_key_permission(0, &gmscore_app, KeyPerm::GenUniqueId, &key, &None).is_ok());
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]596
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]597 assert!(check_key_permission(0, &shell_ctx, KeyPerm::Use, &key, &None).is_ok());
598 assert!(check_key_permission(0, &shell_ctx, KeyPerm::Delete, &key, &None).is_ok());
599 assert!(check_key_permission(0, &shell_ctx, KeyPerm::GetInfo, &key, &None).is_ok());
600 assert!(check_key_permission(0, &shell_ctx, KeyPerm::Rebind, &key, &None).is_ok());
601 assert!(check_key_permission(0, &shell_ctx, KeyPerm::Update, &key, &None).is_ok());
602 assert_perm_failed!(check_key_permission(0, &shell_ctx, KeyPerm::Grant, &key, &None));
603 assert_perm_failed!(check_key_permission(0, &shell_ctx, KeyPerm::ReqForcedOp, &key, &None));
604 assert_perm_failed!(check_key_permission(0, &shell_ctx, KeyPerm::ManageBlob, &key, &None));
605 assert_perm_failed!(check_key_permission(0, &shell_ctx, KeyPerm::UseDevId, &key, &None));
606 assert_perm_failed!(check_key_permission(0, &shell_ctx, KeyPerm::GenUniqueId, &key, &None));
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]607
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]608 // Also make sure that the permission fails if the caller is not the owner.
609 assert_perm_failed!(check_key_permission(
610 1, // the owner is 0
611 &system_server_ctx,
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]612 KeyPerm::Use,
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]613 &key,
614 &None
615 ));
616 // Unless there was a grant.
617 assert!(check_key_permission(
618 1,
619 &system_server_ctx,
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]620 KeyPerm::Use,
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]621 &key,
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]622 &Some(key_perm_set![KeyPerm::Use])
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]623 )
624 .is_ok());
625 // But fail if the grant did not cover the requested permission.
626 assert_perm_failed!(check_key_permission(
627 1,
628 &system_server_ctx,
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]629 KeyPerm::Use,
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]630 &key,
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]631 &Some(key_perm_set![KeyPerm::GetInfo])
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]632 ));
633
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]634 Ok(())
635 }
636
637 #[test]
638 fn check_key_permission_domain_selinux() -> Result<()> {
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]639 let (sctx, namespace, is_su) = check_context()?;
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]640 let key = KeyDescriptor {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]641 domain: Domain::SELINUX,
642 nspace: namespace as i64,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]643 alias: None,
644 blob: None,
645 };
646
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]647 assert!(check_key_permission(0, &sctx, KeyPerm::Use, &key, &None).is_ok());
648 assert!(check_key_permission(0, &sctx, KeyPerm::Delete, &key, &None).is_ok());
649 assert!(check_key_permission(0, &sctx, KeyPerm::GetInfo, &key, &None).is_ok());
650 assert!(check_key_permission(0, &sctx, KeyPerm::Rebind, &key, &None).is_ok());
651 assert!(check_key_permission(0, &sctx, KeyPerm::Update, &key, &None).is_ok());
Chris Wailes3877f292021-07-26 19:24:18 -0700[diff] [blame]652
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]653 if is_su {
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]654 assert!(check_key_permission(0, &sctx, KeyPerm::Grant, &key, &None).is_ok());
655 assert!(check_key_permission(0, &sctx, KeyPerm::ManageBlob, &key, &None).is_ok());
656 assert!(check_key_permission(0, &sctx, KeyPerm::UseDevId, &key, &None).is_ok());
657 assert!(check_key_permission(0, &sctx, KeyPerm::GenUniqueId, &key, &None).is_ok());
658 assert!(check_key_permission(0, &sctx, KeyPerm::ReqForcedOp, &key, &None).is_ok());
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]659 } else {
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]660 assert_perm_failed!(check_key_permission(0, &sctx, KeyPerm::Grant, &key, &None));
661 assert_perm_failed!(check_key_permission(0, &sctx, KeyPerm::ReqForcedOp, &key, &None));
662 assert_perm_failed!(check_key_permission(0, &sctx, KeyPerm::ManageBlob, &key, &None));
663 assert_perm_failed!(check_key_permission(0, &sctx, KeyPerm::UseDevId, &key, &None));
664 assert_perm_failed!(check_key_permission(0, &sctx, KeyPerm::GenUniqueId, &key, &None));
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]665 }
666 Ok(())
667 }
668
669 #[test]
670 fn check_key_permission_domain_blob() -> Result<()> {
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]671 let (sctx, namespace, is_su) = check_context()?;
Janis Danisevskis1b3a6e22020-08-07 12:39:56 -0700[diff] [blame]672 let key = KeyDescriptor {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]673 domain: Domain::BLOB,
674 nspace: namespace as i64,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]675 alias: None,
676 blob: None,
677 };
678
679 if is_su {
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]680 check_key_permission(0, &sctx, KeyPerm::Use, &key, &None)
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]681 } else {
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]682 assert_perm_failed!(check_key_permission(0, &sctx, KeyPerm::Use, &key, &None));
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]683 Ok(())
684 }
685 }
686
687 #[test]
688 fn check_key_permission_domain_key_id() -> Result<()> {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700[diff] [blame]689 let key = KeyDescriptor { domain: Domain::KEY_ID, nspace: 0, alias: None, blob: None };
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]690
691 assert_eq!(
692 Some(&KsError::sys()),
693 check_key_permission(
Janis Danisevskis45760022021-01-19 16:34:10 -0800[diff] [blame]694 0,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]695 &selinux::Context::new("ignored").unwrap(),
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]696 KeyPerm::Use,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]697 &key,
698 &None
699 )
700 .err()
701 .unwrap()
702 .root_cause()
703 .downcast_ref::<KsError>()
704 );
705 Ok(())
706 }
707
708 #[test]
709 fn key_perm_set_all_test() {
710 let v = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]711 KeyPerm::ManageBlob,
712 KeyPerm::Delete,
713 KeyPerm::UseDevId,
714 KeyPerm::ReqForcedOp,
715 KeyPerm::GenUniqueId,
716 KeyPerm::Grant,
717 KeyPerm::GetInfo,
718 KeyPerm::Rebind,
719 KeyPerm::Update,
720 KeyPerm::Use // Test if the macro accepts missing comma at the end of the list.
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]721 ];
722 let mut i = v.into_iter();
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]723 assert_eq!(i.next().unwrap().name(), "delete");
724 assert_eq!(i.next().unwrap().name(), "gen_unique_id");
725 assert_eq!(i.next().unwrap().name(), "get_info");
726 assert_eq!(i.next().unwrap().name(), "grant");
727 assert_eq!(i.next().unwrap().name(), "manage_blob");
728 assert_eq!(i.next().unwrap().name(), "rebind");
729 assert_eq!(i.next().unwrap().name(), "req_forced_op");
730 assert_eq!(i.next().unwrap().name(), "update");
731 assert_eq!(i.next().unwrap().name(), "use");
732 assert_eq!(i.next().unwrap().name(), "use_dev_id");
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]733 assert_eq!(None, i.next());
734 }
735 #[test]
736 fn key_perm_set_sparse_test() {
737 let v = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]738 KeyPerm::ManageBlob,
739 KeyPerm::ReqForcedOp,
740 KeyPerm::GenUniqueId,
741 KeyPerm::Update,
742 KeyPerm::Use, // Test if macro accepts the comma at the end of the list.
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]743 ];
744 let mut i = v.into_iter();
Janis Danisevskis56af0312021-10-18 16:11:41 -0700[diff] [blame]745 assert_eq!(i.next().unwrap().name(), "gen_unique_id");
746 assert_eq!(i.next().unwrap().name(), "manage_blob");
747 assert_eq!(i.next().unwrap().name(), "req_forced_op");
748 assert_eq!(i.next().unwrap().name(), "update");
749 assert_eq!(i.next().unwrap().name(), "use");
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]750 assert_eq!(None, i.next());
751 }
752 #[test]
753 fn key_perm_set_empty_test() {
754 let v = key_perm_set![];
755 let mut i = v.into_iter();
756 assert_eq!(None, i.next());
757 }
758 #[test]
759 fn key_perm_set_include_subset_test() {
760 let v1 = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]761 KeyPerm::ManageBlob,
762 KeyPerm::Delete,
763 KeyPerm::UseDevId,
764 KeyPerm::ReqForcedOp,
765 KeyPerm::GenUniqueId,
766 KeyPerm::Grant,
767 KeyPerm::GetInfo,
768 KeyPerm::Rebind,
769 KeyPerm::Update,
770 KeyPerm::Use,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]771 ];
772 let v2 = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]773 KeyPerm::ManageBlob,
774 KeyPerm::Delete,
775 KeyPerm::Rebind,
776 KeyPerm::Update,
777 KeyPerm::Use,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]778 ];
779 assert!(v1.includes(v2));
780 assert!(!v2.includes(v1));
781 }
782 #[test]
783 fn key_perm_set_include_equal_test() {
784 let v1 = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]785 KeyPerm::ManageBlob,
786 KeyPerm::Delete,
787 KeyPerm::Rebind,
788 KeyPerm::Update,
789 KeyPerm::Use,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]790 ];
791 let v2 = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]792 KeyPerm::ManageBlob,
793 KeyPerm::Delete,
794 KeyPerm::Rebind,
795 KeyPerm::Update,
796 KeyPerm::Use,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]797 ];
798 assert!(v1.includes(v2));
799 assert!(v2.includes(v1));
800 }
801 #[test]
802 fn key_perm_set_include_overlap_test() {
803 let v1 = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]804 KeyPerm::ManageBlob,
805 KeyPerm::Delete,
806 KeyPerm::Grant, // only in v1
807 KeyPerm::Rebind,
808 KeyPerm::Update,
809 KeyPerm::Use,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]810 ];
811 let v2 = key_perm_set![
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]812 KeyPerm::ManageBlob,
813 KeyPerm::Delete,
814 KeyPerm::ReqForcedOp, // only in v2
815 KeyPerm::Rebind,
816 KeyPerm::Update,
817 KeyPerm::Use,
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]818 ];
819 assert!(!v1.includes(v2));
820 assert!(!v2.includes(v1));
821 }
822 #[test]
823 fn key_perm_set_include_no_overlap_test() {
Janis Danisevskis39d57e72021-10-19 16:56:20 -0700[diff] [blame]824 let v1 = key_perm_set![KeyPerm::ManageBlob, KeyPerm::Delete, KeyPerm::Grant,];
825 let v2 =
826 key_perm_set![KeyPerm::ReqForcedOp, KeyPerm::Rebind, KeyPerm::Update, KeyPerm::Use,];
Janis Danisevskis78bd48c2020-07-21 12:27:13 -0700[diff] [blame]827 assert!(!v1.includes(v2));
828 assert!(!v2.includes(v1));
829 }
830}