From d5fd4e90e7bd5918b81b7b1ddf57fff18d551e6a Mon Sep 17 00:00:00 2001
From: Alice Ryhl <aliceryhl@google.com>
Date: Wed, 29 Jan 2025 14:41:17 +0000
Subject: [PATCH] ANDROID: rust: add security::binder_* methods

I haven't upstreamed these since I intended to add them as part of
sending binder itself upstream.

As an alternative, this code could live in Rust Binder itself. Though
this would require exporting the C versions of these functions.

Bug: 388786466
Change-Id: I42d1f8aa9563266f5ebba5565cb707f9a3e6df09
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
---
 rust/kernel/cred.rs     |  5 +++++
 rust/kernel/security.rs | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/rust/kernel/cred.rs b/rust/kernel/cred.rs
index 81d67789b16f..77eb190fe214 100644
--- a/rust/kernel/cred.rs
+++ b/rust/kernel/cred.rs
@@ -53,6 +53,11 @@ impl Credential {
         unsafe { &*ptr.cast() }
     }
 
+    /// Returns a raw pointer to the inner credential.
+    pub fn as_ptr(&self) -> *const bindings::cred {
+        self.0.get()
+    }
+
     /// Get the id for this security context.
     pub fn get_secid(&self) -> u32 {
         let mut secid = 0;
diff --git a/rust/kernel/security.rs b/rust/kernel/security.rs
index 2522868862a1..7e50b375df26 100644
--- a/rust/kernel/security.rs
+++ b/rust/kernel/security.rs
@@ -8,9 +8,42 @@
 
 use crate::{
     bindings,
+    cred::Credential,
     error::{to_result, Result},
+    fs::File,
 };
 
+/// Calls the security modules to determine if the given task can become the manager of a binder
+/// context.
+pub fn binder_set_context_mgr(mgr: &Credential) -> Result {
+    // SAFETY: `mrg.0` is valid because the shared reference guarantees a nonzero refcount.
+    to_result(unsafe { bindings::security_binder_set_context_mgr(mgr.as_ptr()) })
+}
+
+/// Calls the security modules to determine if binder transactions are allowed from task `from` to
+/// task `to`.
+pub fn binder_transaction(from: &Credential, to: &Credential) -> Result {
+    // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts.
+    to_result(unsafe { bindings::security_binder_transaction(from.as_ptr(), to.as_ptr()) })
+}
+
+/// Calls the security modules to determine if task `from` is allowed to send binder objects
+/// (owned by itself or other processes) to task `to` through a binder transaction.
+pub fn binder_transfer_binder(from: &Credential, to: &Credential) -> Result {
+    // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts.
+    to_result(unsafe { bindings::security_binder_transfer_binder(from.as_ptr(), to.as_ptr()) })
+}
+
+/// Calls the security modules to determine if task `from` is allowed to send the given file to
+/// task `to` (which would get its own file descriptor) through a binder transaction.
+pub fn binder_transfer_file(from: &Credential, to: &Credential, file: &File) -> Result {
+    // SAFETY: `from`, `to` and `file` are valid because the shared references guarantee nonzero
+    // refcounts.
+    to_result(unsafe {
+        bindings::security_binder_transfer_file(from.as_ptr(), to.as_ptr(), file.as_ptr())
+    })
+}
+
 /// A security context string.
 ///
 /// # Invariants