There is currently a build failure if you build with CONFIG_SECURITY=n.
This is because the LSM helpers for these methods are marked inline when
you disable CONFIG_SECURITY=n, so they can't be called from Rust. Add
helpers to handle this case.
Fixes: d5fd4e90e7 ("ANDROID: rust: add security::binder_* methods")
Change-Id: Ia3b8c1f004c00d01fcf707ea7b4adfeba322d945
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
Add an abstraction for viewing the string representation of a security
context.
This is needed by Rust Binder because it has a feature where a process
can view the string representation of the security context for incoming
transactions. The process can use that to authenticate incoming
transactions, and since the feature is provided by the kernel, the
process can trust that the security context is legitimate.
This abstraction makes the following assumptions about the C side:
* When a call to `security_secid_to_secctx` is successful, it returns a
pointer and length. The pointer references a byte string and is valid
for reading for that many bytes.
* The string may be referenced until `security_release_secctx` is
called.
* If CONFIG_SECURITY is set, then the three methods mentioned in
rust/helpers are available without a helper. (That is, they are not a
#define or `static inline`.)
Reviewed-by: Benno Lossin <benno.lossin@proton.me>
Reviewed-by: Martin Rodriguez Reboredo <yakoyoku@gmail.com>
Reviewed-by: Trevor Gross <tmgross@umich.edu>
Reviewed-by: Gary Guo <gary@garyguo.net>
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
Link: https://lore.kernel.org/r/20240915-alice-file-v10-5-88484f7a3dcf@google.com
Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Kees Cook <kees@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Bug: 370906207
(cherry picked from commit 94d356c0335f95412575c4fa3954b48722359c8a)
Change-Id: Idcc8c12800b59d3d91ed63f164d0a6c82fd1a94a
Signed-off-by: Alice Ryhl <aliceryhl@google.com>