ANDROID: rust: add security::binder_* methods

I haven't upstreamed these since I intended to add them as part of sending binder itself upstream. As an alternative, this code could live in Rust Binder itself. Though this would require exporting the C versions of these functions. Bug: 388786466 Change-Id: I42d1f8aa9563266f5ebba5565cb707f9a3e6df09 Signed-off-by: Alice Ryhl <aliceryhl@google.com>
2025-01-29 14:41:17 +00:00
parent c0d8982f50
commit d5fd4e90e7
2 changed files with 38 additions and 0 deletions
--- a/rust/kernel/cred.rs
+++ b/rust/kernel/cred.rs
@@ -53,6 +53,11 @@ impl Credential {
        unsafe { &*ptr.cast() }
    }

+    /// Returns a raw pointer to the inner credential.
+    pub fn as_ptr(&self) -> *const bindings::cred {
+        self.0.get()
+    }
+
    /// Get the id for this security context.
    pub fn get_secid(&self) -> u32 {
        let mut secid = 0;
--- a/rust/kernel/security.rs
+++ b/rust/kernel/security.rs
@@ -8,9 +8,42 @@

 use crate::{
    bindings,
+    cred::Credential,
    error::{to_result, Result},
+    fs::File,
 };

+/// Calls the security modules to determine if the given task can become the manager of a binder
+/// context.
+pub fn binder_set_context_mgr(mgr: &Credential) -> Result {
+    // SAFETY: `mrg.0` is valid because the shared reference guarantees a nonzero refcount.
+    to_result(unsafe { bindings::security_binder_set_context_mgr(mgr.as_ptr()) })
+}
+
+/// Calls the security modules to determine if binder transactions are allowed from task `from` to
+/// task `to`.
+pub fn binder_transaction(from: &Credential, to: &Credential) -> Result {
+    // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts.
+    to_result(unsafe { bindings::security_binder_transaction(from.as_ptr(), to.as_ptr()) })
+}
+
+/// Calls the security modules to determine if task `from` is allowed to send binder objects
+/// (owned by itself or other processes) to task `to` through a binder transaction.
+pub fn binder_transfer_binder(from: &Credential, to: &Credential) -> Result {
+    // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts.
+    to_result(unsafe { bindings::security_binder_transfer_binder(from.as_ptr(), to.as_ptr()) })
+}
+
+/// Calls the security modules to determine if task `from` is allowed to send the given file to
+/// task `to` (which would get its own file descriptor) through a binder transaction.
+pub fn binder_transfer_file(from: &Credential, to: &Credential, file: &File) -> Result {
+    // SAFETY: `from`, `to` and `file` are valid because the shared references guarantee nonzero
+    // refcounts.
+    to_result(unsafe {
+        bindings::security_binder_transfer_file(from.as_ptr(), to.as_ptr(), file.as_ptr())
+    })
+}
+
 /// A security context string.
 ///
 /// # Invariants