On 1/18/24 15:36, Alice Ryhl wrote:
> Adds an abstraction for viewing the string representation of a security
> context.
>
> This is needed by Rust Binder because it has feature where a process can
> view the string representation of the security context for incoming
> transactions. The process can use that to authenticate incoming
> transactions, and since the feature is provided by the kernel, the
> process can trust that the security context is legitimate.
>
> Signed-off-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
I have one nit below, with that fixed:
Reviewed-by: Benno Lossin <benno.lossin@xxxxxxxxx>
> +impl Drop for SecurityCtx {
> + fn drop(&mut self) {
> + // SAFETY: This frees a pointer that came from a successful call to
I would add this to the beginning:
By the invariant of `Self`, this frees ...
--
Cheers,
Benno
> + // `security_secid_to_secctx` and has not yet been destroyed by `security_release_secctx`.
> + unsafe { bindings::security_release_secctx(self.secdata, self.seclen as u32) };
> + }
> +}
> --
> 2.43.0.381.gb435a96ce8-goog
>
