Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 327037f0 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

mini-keyctl: support printing security label 

Test: mini-keyctl security <key_id>
Bug: 128607724
Change-Id: If92b41d0aa96d626933546391b964ca2a8a48703
parent 0e5b74de

libkeyutils/mini_keyctl.cpp

+20 −0
Original line number Diff line number Diff line
@@ -20,8 +20,11 @@ 


#include "mini_keyctl_utils.h"



#include <stdio.h>

#include <unistd.h>



#include <android-base/parseint.h>



static void Usage(int exit_code) {

  fprintf(stderr, "usage: mini-keyctl <action> [args,]\n");

  fprintf(stderr, "       mini-keyctl add <type> <desc> <data> <keyring>\n");
@@ -29,6 +32,7 @@ static void Usage(int exit_code) { 
  fprintf(stderr, "       mini-keyctl dadd <type> <desc_prefix> <cert_dir> <keyring>\n");

  fprintf(stderr, "       mini-keyctl unlink <key> <keyring>\n");

  fprintf(stderr, "       mini-keyctl restrict_keyring <keyring>\n");

  fprintf(stderr, "       mini-keyctl security <key>\n");

  _exit(exit_code);

}
@@ -66,7 +70,23 @@ int main(int argc, const char** argv) { 
    key_serial_t key = std::stoi(argv[2], nullptr, 16);

    const std::string keyring = argv[3];

    return Unlink(key, keyring);

  } else if (action == "security") {

    if (argc != 3) Usage(1);

    const char* key_str = argv[2];

    key_serial_t key;

    if (!android::base::ParseInt(key_str, &key)) {

      fprintf(stderr, "Unparsable key: '%s'\n", key_str);

      return 1;

    }

    std::string context = RetrieveSecurityContext(key);

    if (context.empty()) {

      perror(key_str);

      return 1;

    }

    fprintf(stderr, "%s\n", context.c_str());

    return 0;

  } else {

    fprintf(stderr, "Unrecognized action: %s\n", action.c_str());

    Usage(1);

  }

libkeyutils/mini_keyctl_utils.cpp

+18 −0
Original line number Diff line number Diff line
@@ -210,3 +210,21 @@ int RestrictKeyring(const std::string& keyring) { 
  }

  return 0;

}



std::string RetrieveSecurityContext(key_serial_t key) {

  // Simply assume this size is enough in practice.

  const int kMaxSupportedSize = 256;

  std::string context;

  context.resize(kMaxSupportedSize);

  long retval = keyctl_get_security(key, context.data(), kMaxSupportedSize);

  if (retval < 0) {

    PLOG(ERROR) << "Cannot get security context of key 0x" << std::hex << key;

    return std::string();

  }

  if (retval > kMaxSupportedSize) {

    LOG(ERROR) << "The key has unexpectedly long security context than " << kMaxSupportedSize;

    return std::string();

  }

  context.resize(retval);

  return context;

}

libkeyutils/mini_keyctl_utils.h

+3 −0
Original line number Diff line number Diff line
@@ -46,3 +46,6 @@ int RestrictKeyring(const std::string& keyring); 
// information in the descritption section depending on the key type, only the first word in the

// keyring description is used for searching.

bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id);



// Retrieves a key's security context. Return the context string, or empty string on error.

std::string RetrieveSecurityContext(key_serial_t key);