Add libkeyutils.

Also move init over to it. Bug: http://b/37991155 Test: builds+boots Change-Id: I5113a9d96a5ce0a0f3bad71134d6cc4f7b41a57e
2017-05-09 17:09:06 -07:00 · 2017-05-09 17:09:06 -07:00 · 1eeee96676
commit 1eeee96676
parent bca78df5a4
8 changed files with 197 additions and 51 deletions
--- a/init/Android.mk
+++ b/init/Android.mk
@ -124,7 +124,8 @@ LOCAL_STATIC_LIBRARIES := \
    libsparse \
    libz \
    libprocessgroup \
-    libavb
+    libavb \
+    libkeyutils \

 # Create symlinks.
 LOCAL_POST_INSTALL_CMD := $(hide) mkdir -p $(TARGET_ROOT_OUT)/sbin; \
--- a/init/init.cpp
+++ b/init/init.cpp
@ -21,7 +21,6 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
-#include <keyutils.h>
 #include <libgen.h>
 #include <paths.h>
 #include <signal.h>
@ -39,10 +38,6 @@
 #include <sys/wait.h>
 #include <unistd.h>

-#include <selinux/selinux.h>
-#include <selinux/label.h>
-#include <selinux/android.h>
-
 #include <android-base/chrono_utils.h>
 #include <android-base/file.h>
 #include <android-base/logging.h>
@ -50,8 +45,12 @@
 #include <android-base/stringprintf.h>
 #include <android-base/strings.h>
 #include <android-base/unique_fd.h>
+#include <keyutils.h>
 #include <libavb/libavb.h>
 #include <private/android_filesystem_config.h>
+#include <selinux/android.h>
+#include <selinux/label.h>
+#include <selinux/selinux.h>

 #include <fstream>
 #include <memory>
@ -1055,7 +1054,7 @@ int main(int argc, char** argv) {
    // Set up a session keyring that all processes will have access to. It
    // will hold things like FBE encryption keys. No process should override
    // its session keyring.
-    keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_SESSION_KEYRING, 1);
+    keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1);

    // Indicate that booting is in progress to background fw loaders, etc.
    close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
--- a/init/keyutils.h
+++ b/init/keyutils.h
@ -1,44 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* Miniature version of a header-only keyutils.h (no library required) */
-
-#ifndef _INIT_KEYUTILS_H_
-#define _INIT_KEYUTILS_H_
-
-#ifndef KEYUTILS_H /* walk away if the _real_ one exists */
-
-#include <linux/keyctl.h>
-#include <stdarg.h>
-#include <sys/syscall.h>
-#include <unistd.h>
-
-static inline long keyctl(int cmd, ...) {
-    va_list va;
-    unsigned long arg2, arg3, arg4, arg5;
-
-    va_start(va, cmd);
-    arg2 = va_arg(va, unsigned long);
-    arg3 = va_arg(va, unsigned long);
-    arg4 = va_arg(va, unsigned long);
-    arg5 = va_arg(va, unsigned long);
-    va_end(va);
-    return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
-}
-
-#endif
-
-#endif
--- a/libkeyutils/.clang-format
+++ b/libkeyutils/.clang-format
@ -0,0 +1 @@
+../.clang-format-2
--- a/libkeyutils/Android.bp
+++ b/libkeyutils/Android.bp
@ -0,0 +1,16 @@
+cc_library {
+    name: "libkeyutils",
+    cflags: ["-Werror"],
+    defaults: ["linux_bionic_supported"],
+    export_include_dirs: ["include/"],
+    local_include_dirs: ["include/"],
+    srcs: ["keyutils.cpp"],
+    stl: "none",
+}
+
+cc_test {
+    name: "libkeyutils-tests",
+    cflags: ["-Werror"],
+    shared_libs: ["libkeyutils"],
+    srcs: ["keyutils_test.cpp"],
+}
--- a/libkeyutils/include/keyutils.h
+++ b/libkeyutils/include/keyutils.h
@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _KEYUTILS_H_
+#define _KEYUTILS_H_
+
+#include <linux/keyctl.h>
+#include <stdint.h>
+#include <sys/cdefs.h>
+
+__BEGIN_DECLS
+
+typedef int32_t key_serial_t;
+
+key_serial_t add_key(const char* type, const char* description, const void* payload,
+                     size_t payload_length, key_serial_t ring_id);
+
+key_serial_t keyctl_get_keyring_ID(key_serial_t id, int create);
+
+long keyctl_revoke(key_serial_t id); /* TODO: remove this */
+
+long keyctl_search(key_serial_t ring_id, const char* type, const char* description,
+                   key_serial_t dest_ring_id);
+
+long keyctl_setperm(key_serial_t id, int permissions);
+
+long keyctl_unlink(key_serial_t key, key_serial_t keyring);
+
+__END_DECLS
+
+#endif
--- a/libkeyutils/keyutils.cpp
+++ b/libkeyutils/keyutils.cpp
@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <keyutils.h>
+
+#include <stdarg.h>
+#include <sys/syscall.h>
+#include <unistd.h>
+
+// Deliberately not exposed. Callers should use the typed APIs instead.
+static long keyctl(int cmd, ...) {
+  va_list va;
+  va_start(va, cmd);
+  unsigned long arg2 = va_arg(va, unsigned long);
+  unsigned long arg3 = va_arg(va, unsigned long);
+  unsigned long arg4 = va_arg(va, unsigned long);
+  unsigned long arg5 = va_arg(va, unsigned long);
+  va_end(va);
+  return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
+}
+
+key_serial_t add_key(const char* type, const char* description, const void* payload,
+                     size_t payload_length, key_serial_t ring_id) {
+  return syscall(__NR_add_key, type, description, payload, payload_length, ring_id);
+}
+
+key_serial_t keyctl_get_keyring_ID(key_serial_t id, int create) {
+  return keyctl(KEYCTL_GET_KEYRING_ID, id, create);
+}
+
+long keyctl_revoke(key_serial_t id) {
+  return keyctl(KEYCTL_REVOKE, id);
+}
+
+long keyctl_search(key_serial_t ring_id, const char* type, const char* description,
+                   key_serial_t dest_ring_id) {
+  return keyctl(KEYCTL_SEARCH, ring_id, type, description, dest_ring_id);
+}
+
+long keyctl_setperm(key_serial_t id, int permissions) {
+  return keyctl(KEYCTL_SETPERM, id, permissions);
+}
+
+long keyctl_unlink(key_serial_t key, key_serial_t keyring) {
+  return keyctl(KEYCTL_UNLINK, key, keyring);
+}
--- a/libkeyutils/keyutils_test.cpp
+++ b/libkeyutils/keyutils_test.cpp
@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <keyutils.h>
+
+#include <dlfcn.h>
+
+#include <gtest/gtest.h>
+
+TEST(keyutils, smoke) {
+  // Check that the exported type is sane.
+  ASSERT_EQ(4U, sizeof(key_serial_t));
+
+  // Check that all the functions actually exist.
+  ASSERT_TRUE(dlsym(nullptr, "add_key") != nullptr);
+  ASSERT_TRUE(dlsym(nullptr, "keyctl_get_keyring_ID") != nullptr);
+  ASSERT_TRUE(dlsym(nullptr, "keyctl_revoke") != nullptr);
+  ASSERT_TRUE(dlsym(nullptr, "keyctl_search") != nullptr);
+  ASSERT_TRUE(dlsym(nullptr, "keyctl_setperm") != nullptr);
+  ASSERT_TRUE(dlsym(nullptr, "keyctl_unlink") != nullptr);
+}