Linux Audio

Check our new training course

Open Menu / rust / kernel / security.rs
Loading...
Note: File does not exist in v6.9.4.
 1// SPDX-License-Identifier: GPL-2.0
 2
 3// Copyright (C) 2024 Google LLC.
 4
 5//! Linux Security Modules (LSM).
 6//!
 7//! C header: [`include/linux/security.h`](srctree/include/linux/security.h).
 8
 9use crate::{
10    bindings,
11    error::{to_result, Result},
12};
13
14/// A security context string.
15///
16/// # Invariants
17///
18/// The `secdata` and `seclen` fields correspond to a valid security context as returned by a
19/// successful call to `security_secid_to_secctx`, that has not yet been destroyed by calling
20/// `security_release_secctx`.
21pub struct SecurityCtx {
22    secdata: *mut crate::ffi::c_char,
23    seclen: usize,
24}
25
26impl SecurityCtx {
27    /// Get the security context given its id.
28    pub fn from_secid(secid: u32) -> Result<Self> {
29        let mut secdata = core::ptr::null_mut();
30        let mut seclen = 0u32;
31        // SAFETY: Just a C FFI call. The pointers are valid for writes.
32        to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut secdata, &mut seclen) })?;
33
34        // INVARIANT: If the above call did not fail, then we have a valid security context.
35        Ok(Self {
36            secdata,
37            seclen: seclen as usize,
38        })
39    }
40
41    /// Returns whether the security context is empty.
42    pub fn is_empty(&self) -> bool {
43        self.seclen == 0
44    }
45
46    /// Returns the length of this security context.
47    pub fn len(&self) -> usize {
48        self.seclen
49    }
50
51    /// Returns the bytes for this security context.
52    pub fn as_bytes(&self) -> &[u8] {
53        let ptr = self.secdata;
54        if ptr.is_null() {
55            debug_assert_eq!(self.seclen, 0);
56            // We can't pass a null pointer to `slice::from_raw_parts` even if the length is zero.
57            return &[];
58        }
59
60        // SAFETY: The call to `security_secid_to_secctx` guarantees that the pointer is valid for
61        // `seclen` bytes. Furthermore, if the length is zero, then we have ensured that the
62        // pointer is not null.
63        unsafe { core::slice::from_raw_parts(ptr.cast(), self.seclen) }
64    }
65}
66
67impl Drop for SecurityCtx {
68    fn drop(&mut self) {
69        // SAFETY: By the invariant of `Self`, this frees a pointer that came from a successful
70        // call to `security_secid_to_secctx` and has not yet been destroyed by
71        // `security_release_secctx`.
72        unsafe { bindings::security_release_secctx(self.secdata, self.seclen as u32) };
73    }
74}