mirror of
https://github.com/torvalds/linux.git
synced 2024-11-21 19:41:42 +00:00
94d356c033
Add an abstraction for viewing the string representation of a security context. This is needed by Rust Binder because it has a feature where a process can view the string representation of the security context for incoming transactions. The process can use that to authenticate incoming transactions, and since the feature is provided by the kernel, the process can trust that the security context is legitimate. This abstraction makes the following assumptions about the C side: * When a call to `security_secid_to_secctx` is successful, it returns a pointer and length. The pointer references a byte string and is valid for reading for that many bytes. * The string may be referenced until `security_release_secctx` is called. * If CONFIG_SECURITY is set, then the three methods mentioned in rust/helpers are available without a helper. (That is, they are not a #define or `static inline`.) Reviewed-by: Benno Lossin <benno.lossin@proton.me> Reviewed-by: Martin Rodriguez Reboredo <yakoyoku@gmail.com> Reviewed-by: Trevor Gross <tmgross@umich.edu> Reviewed-by: Gary Guo <gary@garyguo.net> Signed-off-by: Alice Ryhl <aliceryhl@google.com> Link: https://lore.kernel.org/r/20240915-alice-file-v10-5-88484f7a3dcf@google.com Acked-by: Paul Moore <paul@paul-moore.com> Reviewed-by: Kees Cook <kees@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org>
21 lines
470 B
C
21 lines
470 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
#include <linux/security.h>
|
|
|
|
#ifndef CONFIG_SECURITY
|
|
void rust_helper_security_cred_getsecid(const struct cred *c, u32 *secid)
|
|
{
|
|
security_cred_getsecid(c, secid);
|
|
}
|
|
|
|
int rust_helper_security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
|
|
{
|
|
return security_secid_to_secctx(secid, secdata, seclen);
|
|
}
|
|
|
|
void rust_helper_security_release_secctx(char *secdata, u32 seclen)
|
|
{
|
|
security_release_secctx(secdata, seclen);
|
|
}
|
|
#endif
|