Re: [PATCH v3 3/9] rust: security: add abstraction for secctx

From: Benno Lossin
Date: Fri Jan 19 2024 - 04:42:18 EST

Next message: Lin Ma: "Re: [PATCH net-next v1] nl80211/cfg80211: add nla_policy for S1G band"
Previous message: Andrew Jones: "Re: [PATCH v2] riscv: lib: Check if output in asm goto supported"
In reply to: Alice Ryhl: "[PATCH v3 3/9] rust: security: add abstraction for secctx"
Next in thread: Alice Ryhl: "[PATCH v3 4/9] rust: types: add `NotThreadSafe`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/18/24 15:36, Alice Ryhl wrote:
> Adds an abstraction for viewing the string representation of a security
> context.
>
> This is needed by Rust Binder because it has feature where a process can
> view the string representation of the security context for incoming
> transactions. The process can use that to authenticate incoming
> transactions, and since the feature is provided by the kernel, the
> process can trust that the security context is legitimate.
>
> Signed-off-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>

I have one nit below, with that fixed:

Reviewed-by: Benno Lossin <benno.lossin@xxxxxxxxx>

> +impl Drop for SecurityCtx {
> + fn drop(&mut self) {
> + // SAFETY: This frees a pointer that came from a successful call to

I would add this to the beginning:

By the invariant of `Self`, this frees ...

--
Cheers,
Benno

> + // `security_secid_to_secctx` and has not yet been destroyed by `security_release_secctx`.
> + unsafe { bindings::security_release_secctx(self.secdata, self.seclen as u32) };
> + }
> +}
> --
> 2.43.0.381.gb435a96ce8-goog
>

Next message: Lin Ma: "Re: [PATCH net-next v1] nl80211/cfg80211: add nla_policy for S1G band"
Previous message: Andrew Jones: "Re: [PATCH v2] riscv: lib: Check if output in asm goto supported"
In reply to: Alice Ryhl: "[PATCH v3 3/9] rust: security: add abstraction for secctx"
Next in thread: Alice Ryhl: "[PATCH v3 4/9] rust: types: add `NotThreadSafe`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]