ANDROID: rust: add security::binder_* methods
I haven't upstreamed these since I intended to add them as part of sending binder itself upstream. As an alternative, this code could live in Rust Binder itself. Though this would require exporting the C versions of these functions. Bug: 388786466 Change-Id: I42d1f8aa9563266f5ebba5565cb707f9a3e6df09 Signed-off-by: Alice Ryhl <aliceryhl@google.com>
This commit is contained in:
@@ -53,6 +53,11 @@ impl Credential {
|
|||||||
unsafe { &*ptr.cast() }
|
unsafe { &*ptr.cast() }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Returns a raw pointer to the inner credential.
|
||||||
|
pub fn as_ptr(&self) -> *const bindings::cred {
|
||||||
|
self.0.get()
|
||||||
|
}
|
||||||
|
|
||||||
/// Get the id for this security context.
|
/// Get the id for this security context.
|
||||||
pub fn get_secid(&self) -> u32 {
|
pub fn get_secid(&self) -> u32 {
|
||||||
let mut secid = 0;
|
let mut secid = 0;
|
||||||
|
|||||||
@@ -8,9 +8,42 @@
|
|||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
bindings,
|
bindings,
|
||||||
|
cred::Credential,
|
||||||
error::{to_result, Result},
|
error::{to_result, Result},
|
||||||
|
fs::File,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/// Calls the security modules to determine if the given task can become the manager of a binder
|
||||||
|
/// context.
|
||||||
|
pub fn binder_set_context_mgr(mgr: &Credential) -> Result {
|
||||||
|
// SAFETY: `mrg.0` is valid because the shared reference guarantees a nonzero refcount.
|
||||||
|
to_result(unsafe { bindings::security_binder_set_context_mgr(mgr.as_ptr()) })
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Calls the security modules to determine if binder transactions are allowed from task `from` to
|
||||||
|
/// task `to`.
|
||||||
|
pub fn binder_transaction(from: &Credential, to: &Credential) -> Result {
|
||||||
|
// SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts.
|
||||||
|
to_result(unsafe { bindings::security_binder_transaction(from.as_ptr(), to.as_ptr()) })
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Calls the security modules to determine if task `from` is allowed to send binder objects
|
||||||
|
/// (owned by itself or other processes) to task `to` through a binder transaction.
|
||||||
|
pub fn binder_transfer_binder(from: &Credential, to: &Credential) -> Result {
|
||||||
|
// SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts.
|
||||||
|
to_result(unsafe { bindings::security_binder_transfer_binder(from.as_ptr(), to.as_ptr()) })
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Calls the security modules to determine if task `from` is allowed to send the given file to
|
||||||
|
/// task `to` (which would get its own file descriptor) through a binder transaction.
|
||||||
|
pub fn binder_transfer_file(from: &Credential, to: &Credential, file: &File) -> Result {
|
||||||
|
// SAFETY: `from`, `to` and `file` are valid because the shared references guarantee nonzero
|
||||||
|
// refcounts.
|
||||||
|
to_result(unsafe {
|
||||||
|
bindings::security_binder_transfer_file(from.as_ptr(), to.as_ptr(), file.as_ptr())
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
/// A security context string.
|
/// A security context string.
|
||||||
///
|
///
|
||||||
/// # Invariants
|
/// # Invariants
|
||||||
|
|||||||
Reference in New Issue
Block a user