Loading libkeyutils/mini_keyctl_utils.cpp +48 −44 Original line number Diff line number Diff line Loading @@ -36,12 +36,59 @@ static constexpr int kMaxCertSize = 4096; std::vector<std::string> SplitBySpace(const std::string& s) { static std::vector<std::string> SplitBySpace(const std::string& s) { std::istringstream iss(s); return std::vector<std::string>{std::istream_iterator<std::string>{iss}, std::istream_iterator<std::string>{}}; } // Find the keyring id. Because request_key(2) syscall is not available or the key is // kernel keyring, the id is looked up from /proc/keys. The keyring description may contain other // information in the descritption section depending on the key type, only the first word in the // keyring description is used for searching. static bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id) { if (!keyring_id) { LOG(ERROR) << "keyring_id is null"; return false; } // If the keyring id is already a hex number, directly convert it to keyring id try { key_serial_t id = std::stoi(keyring_desc, nullptr, 16); *keyring_id = id; return true; } catch (const std::exception& e) { LOG(INFO) << "search /proc/keys for keyring id"; } // Only keys allowed by SELinux rules will be shown here. std::ifstream proc_keys_file("/proc/keys"); if (!proc_keys_file.is_open()) { PLOG(ERROR) << "Failed to open /proc/keys"; return false; } std::string line; while (getline(proc_keys_file, line)) { std::vector<std::string> tokens = SplitBySpace(line); if (tokens.size() < 9) { continue; } std::string key_id = tokens[0]; std::string key_type = tokens[7]; // The key description may contain space. std::string key_desc_prefix = tokens[8]; // The prefix has a ":" at the end std::string key_desc_pattern = keyring_desc + ":"; if (key_type != "keyring" || key_desc_prefix != key_desc_pattern) { continue; } *keyring_id = std::stoi(key_id, nullptr, 16); return true; } return false; } int AddCertsFromDir(const std::string& type, const std::string& desc_prefix, const std::string& cert_dir, const std::string& keyring) { key_serial_t keyring_id; Loading Loading @@ -89,49 +136,6 @@ int AddCertsFromDir(const std::string& type, const std::string& desc_prefix, return 0; } bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id) { if (!keyring_id) { LOG(ERROR) << "keyring_id is null"; return false; } // If the keyring id is already a hex number, directly convert it to keyring id try { key_serial_t id = std::stoi(keyring_desc, nullptr, 16); *keyring_id = id; return true; } catch (const std::exception& e) { LOG(INFO) << "search /proc/keys for keyring id"; } // Only keys allowed by SELinux rules will be shown here. std::ifstream proc_keys_file("/proc/keys"); if (!proc_keys_file.is_open()) { PLOG(ERROR) << "Failed to open /proc/keys"; return false; } std::string line; while (getline(proc_keys_file, line)) { std::vector<std::string> tokens = SplitBySpace(line); if (tokens.size() < 9) { continue; } std::string key_id = tokens[0]; std::string key_type = tokens[7]; // The key description may contain space. std::string key_desc_prefix = tokens[8]; // The prefix has a ":" at the end std::string key_desc_pattern = keyring_desc + ":"; if (key_type != "keyring" || key_desc_prefix != key_desc_pattern) { continue; } *keyring_id = std::stoi(key_id, nullptr, 16); return true; } return false; } int Unlink(key_serial_t key, const std::string& keyring) { key_serial_t keyring_id; if (!GetKeyringId(keyring, &keyring_id)) { Loading libkeyutils/mini_keyctl_utils.h +0 −11 Original line number Diff line number Diff line Loading @@ -23,11 +23,6 @@ int AddCertsFromDir(const std::string& type, const std::string& desc_prefix, const std::string& cert_dir, const std::string& keyring); // Add all the certs from directory path to keyring with keyring_id. Returns the number of keys // added. Returns non-zero if any error happens. int AddKeys(const std::string& path, const key_serial_t keyring_id, const std::string& type, const std::string& desc, int start_index); // Add key to a keyring. Returns non-zero if error happens. int Add(const std::string& type, const std::string& desc, const std::string& data, const std::string& keyring); Loading @@ -41,11 +36,5 @@ int Unlink(key_serial_t key, const std::string& keyring); // Apply key-linking to a keyring. Return non-zero if error happens. int RestrictKeyring(const std::string& keyring); // Find the keyring id. Because request_key(2) syscall is not available or the key is // kernel keyring, the id is looked up from /proc/keys. The keyring description may contain other // information in the descritption section depending on the key type, only the first word in the // keyring description is used for searching. bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id); // Retrieves a key's security context. Return the context string, or empty string on error. std::string RetrieveSecurityContext(key_serial_t key); Loading
libkeyutils/mini_keyctl_utils.cpp +48 −44 Original line number Diff line number Diff line Loading @@ -36,12 +36,59 @@ static constexpr int kMaxCertSize = 4096; std::vector<std::string> SplitBySpace(const std::string& s) { static std::vector<std::string> SplitBySpace(const std::string& s) { std::istringstream iss(s); return std::vector<std::string>{std::istream_iterator<std::string>{iss}, std::istream_iterator<std::string>{}}; } // Find the keyring id. Because request_key(2) syscall is not available or the key is // kernel keyring, the id is looked up from /proc/keys. The keyring description may contain other // information in the descritption section depending on the key type, only the first word in the // keyring description is used for searching. static bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id) { if (!keyring_id) { LOG(ERROR) << "keyring_id is null"; return false; } // If the keyring id is already a hex number, directly convert it to keyring id try { key_serial_t id = std::stoi(keyring_desc, nullptr, 16); *keyring_id = id; return true; } catch (const std::exception& e) { LOG(INFO) << "search /proc/keys for keyring id"; } // Only keys allowed by SELinux rules will be shown here. std::ifstream proc_keys_file("/proc/keys"); if (!proc_keys_file.is_open()) { PLOG(ERROR) << "Failed to open /proc/keys"; return false; } std::string line; while (getline(proc_keys_file, line)) { std::vector<std::string> tokens = SplitBySpace(line); if (tokens.size() < 9) { continue; } std::string key_id = tokens[0]; std::string key_type = tokens[7]; // The key description may contain space. std::string key_desc_prefix = tokens[8]; // The prefix has a ":" at the end std::string key_desc_pattern = keyring_desc + ":"; if (key_type != "keyring" || key_desc_prefix != key_desc_pattern) { continue; } *keyring_id = std::stoi(key_id, nullptr, 16); return true; } return false; } int AddCertsFromDir(const std::string& type, const std::string& desc_prefix, const std::string& cert_dir, const std::string& keyring) { key_serial_t keyring_id; Loading Loading @@ -89,49 +136,6 @@ int AddCertsFromDir(const std::string& type, const std::string& desc_prefix, return 0; } bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id) { if (!keyring_id) { LOG(ERROR) << "keyring_id is null"; return false; } // If the keyring id is already a hex number, directly convert it to keyring id try { key_serial_t id = std::stoi(keyring_desc, nullptr, 16); *keyring_id = id; return true; } catch (const std::exception& e) { LOG(INFO) << "search /proc/keys for keyring id"; } // Only keys allowed by SELinux rules will be shown here. std::ifstream proc_keys_file("/proc/keys"); if (!proc_keys_file.is_open()) { PLOG(ERROR) << "Failed to open /proc/keys"; return false; } std::string line; while (getline(proc_keys_file, line)) { std::vector<std::string> tokens = SplitBySpace(line); if (tokens.size() < 9) { continue; } std::string key_id = tokens[0]; std::string key_type = tokens[7]; // The key description may contain space. std::string key_desc_prefix = tokens[8]; // The prefix has a ":" at the end std::string key_desc_pattern = keyring_desc + ":"; if (key_type != "keyring" || key_desc_prefix != key_desc_pattern) { continue; } *keyring_id = std::stoi(key_id, nullptr, 16); return true; } return false; } int Unlink(key_serial_t key, const std::string& keyring) { key_serial_t keyring_id; if (!GetKeyringId(keyring, &keyring_id)) { Loading
libkeyutils/mini_keyctl_utils.h +0 −11 Original line number Diff line number Diff line Loading @@ -23,11 +23,6 @@ int AddCertsFromDir(const std::string& type, const std::string& desc_prefix, const std::string& cert_dir, const std::string& keyring); // Add all the certs from directory path to keyring with keyring_id. Returns the number of keys // added. Returns non-zero if any error happens. int AddKeys(const std::string& path, const key_serial_t keyring_id, const std::string& type, const std::string& desc, int start_index); // Add key to a keyring. Returns non-zero if error happens. int Add(const std::string& type, const std::string& desc, const std::string& data, const std::string& keyring); Loading @@ -41,11 +36,5 @@ int Unlink(key_serial_t key, const std::string& keyring); // Apply key-linking to a keyring. Return non-zero if error happens. int RestrictKeyring(const std::string& keyring); // Find the keyring id. Because request_key(2) syscall is not available or the key is // kernel keyring, the id is looked up from /proc/keys. The keyring description may contain other // information in the descritption section depending on the key type, only the first word in the // keyring description is used for searching. bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id); // Retrieves a key's security context. Return the context string, or empty string on error. std::string RetrieveSecurityContext(key_serial_t key);
