From 62297a33bc3822be1b7d874eef3186c072092cf8 Mon Sep 17 00:00:00 2001 From: Alice Ryhl Date: Tue, 4 Mar 2025 12:35:19 +0000 Subject: [PATCH] ANDROID: rust: security: mark Rust wrappers of security_binder_* inline This prevents Rust from generating Rust symbols that are just trivial wrappers around the underlying C symbols. $ nm vmlinux | grep ' _R.*security..binder' | rustfilt ffffffc0807829b0 T kernel::security::binder_transaction ffffffc080782ad0 T kernel::security::binder_transfer_file ffffffc080782920 T kernel::security::binder_set_context_mgr ffffffc080782a40 T kernel::security::binder_transfer_binder This is a follow-up to aosp/3477716. Bug: 403200195 Change-Id: I08e127243f7da354d09adb937b3f1d6ebeee751c Signed-off-by: Alice Ryhl --- rust/kernel/cred.rs | 1 + rust/kernel/security.rs | 4 ++++ security/security.c | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/rust/kernel/cred.rs b/rust/kernel/cred.rs index 169cd8590783..3aa2e4c4a50c 100644 --- a/rust/kernel/cred.rs +++ b/rust/kernel/cred.rs @@ -55,6 +55,7 @@ impl Credential { } /// Returns a raw pointer to the inner credential. + #[inline] pub fn as_ptr(&self) -> *const bindings::cred { self.0.get() } diff --git a/rust/kernel/security.rs b/rust/kernel/security.rs index 4bb41a8f07b7..bbc122ec6a42 100644 --- a/rust/kernel/security.rs +++ b/rust/kernel/security.rs @@ -15,6 +15,7 @@ use crate::{ /// Calls the security modules to determine if the given task can become the manager of a binder /// context. +#[inline] pub fn binder_set_context_mgr(mgr: &Credential) -> Result { // SAFETY: `mrg.0` is valid because the shared reference guarantees a nonzero refcount. to_result(unsafe { bindings::security_binder_set_context_mgr(mgr.as_ptr()) }) @@ -22,6 +23,7 @@ pub fn binder_set_context_mgr(mgr: &Credential) -> Result { /// Calls the security modules to determine if binder transactions are allowed from task `from` to /// task `to`. +#[inline] pub fn binder_transaction(from: &Credential, to: &Credential) -> Result { // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts. to_result(unsafe { bindings::security_binder_transaction(from.as_ptr(), to.as_ptr()) }) @@ -29,6 +31,7 @@ pub fn binder_transaction(from: &Credential, to: &Credential) -> Result { /// Calls the security modules to determine if task `from` is allowed to send binder objects /// (owned by itself or other processes) to task `to` through a binder transaction. +#[inline] pub fn binder_transfer_binder(from: &Credential, to: &Credential) -> Result { // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts. to_result(unsafe { bindings::security_binder_transfer_binder(from.as_ptr(), to.as_ptr()) }) @@ -36,6 +39,7 @@ pub fn binder_transfer_binder(from: &Credential, to: &Credential) -> Result { /// Calls the security modules to determine if task `from` is allowed to send the given file to /// task `to` (which would get its own file descriptor) through a binder transaction. +#[inline] pub fn binder_transfer_file(from: &Credential, to: &Credential, file: &File) -> Result { // SAFETY: `from`, `to` and `file` are valid because the shared references guarantee nonzero // refcounts. diff --git a/security/security.c b/security/security.c index c5981e558bc2..cb999f0f8094 100644 --- a/security/security.c +++ b/security/security.c @@ -997,6 +997,7 @@ int security_binder_set_context_mgr(const struct cred *mgr) { return call_int_hook(binder_set_context_mgr, mgr); } +EXPORT_SYMBOL_GPL(security_binder_set_context_mgr); /** * security_binder_transaction() - Check if a binder transaction is allowed @@ -1012,6 +1013,7 @@ int security_binder_transaction(const struct cred *from, { return call_int_hook(binder_transaction, from, to); } +EXPORT_SYMBOL_GPL(security_binder_transaction); /** * security_binder_transfer_binder() - Check if a binder transfer is allowed @@ -1027,6 +1029,7 @@ int security_binder_transfer_binder(const struct cred *from, { return call_int_hook(binder_transfer_binder, from, to); } +EXPORT_SYMBOL_GPL(security_binder_transfer_binder); /** * security_binder_transfer_file() - Check if a binder file xfer is allowed @@ -1043,6 +1046,7 @@ int security_binder_transfer_file(const struct cred *from, { return call_int_hook(binder_transfer_file, from, to, file); } +EXPORT_SYMBOL_GPL(security_binder_transfer_file); /** * security_ptrace_access_check() - Check if tracing is allowed