mini-keyctl: support printing security label
Test: mini-keyctl security <key_id> Bug: 128607724 Change-Id: If92b41d0aa96d626933546391b964ca2a8a48703
This commit is contained in:
Victor Hsieh
parent
0e5b74deff
commit
327037f063
|
|
@ -20,8 +20,11 @@
|
|||
|
||||
#include "mini_keyctl_utils.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <android-base/parseint.h>
|
||||
|
||||
static void Usage(int exit_code) {
|
||||
fprintf(stderr, "usage: mini-keyctl <action> [args,]\n");
|
||||
fprintf(stderr, " mini-keyctl add <type> <desc> <data> <keyring>\n");
|
||||
|
|
@ -29,6 +32,7 @@ static void Usage(int exit_code) {
|
|||
fprintf(stderr, " mini-keyctl dadd <type> <desc_prefix> <cert_dir> <keyring>\n");
|
||||
fprintf(stderr, " mini-keyctl unlink <key> <keyring>\n");
|
||||
fprintf(stderr, " mini-keyctl restrict_keyring <keyring>\n");
|
||||
fprintf(stderr, " mini-keyctl security <key>\n");
|
||||
_exit(exit_code);
|
||||
}
|
||||
|
||||
|
|
@ -66,7 +70,23 @@ int main(int argc, const char** argv) {
|
|||
key_serial_t key = std::stoi(argv[2], nullptr, 16);
|
||||
const std::string keyring = argv[3];
|
||||
return Unlink(key, keyring);
|
||||
} else if (action == "security") {
|
||||
if (argc != 3) Usage(1);
|
||||
const char* key_str = argv[2];
|
||||
key_serial_t key;
|
||||
if (!android::base::ParseInt(key_str, &key)) {
|
||||
fprintf(stderr, "Unparsable key: '%s'\n", key_str);
|
||||
return 1;
|
||||
}
|
||||
std::string context = RetrieveSecurityContext(key);
|
||||
if (context.empty()) {
|
||||
perror(key_str);
|
||||
return 1;
|
||||
}
|
||||
fprintf(stderr, "%s\n", context.c_str());
|
||||
return 0;
|
||||
} else {
|
||||
fprintf(stderr, "Unrecognized action: %s\n", action.c_str());
|
||||
Usage(1);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -210,3 +210,21 @@ int RestrictKeyring(const std::string& keyring) {
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
std::string RetrieveSecurityContext(key_serial_t key) {
|
||||
// Simply assume this size is enough in practice.
|
||||
const int kMaxSupportedSize = 256;
|
||||
std::string context;
|
||||
context.resize(kMaxSupportedSize);
|
||||
long retval = keyctl_get_security(key, context.data(), kMaxSupportedSize);
|
||||
if (retval < 0) {
|
||||
PLOG(ERROR) << "Cannot get security context of key 0x" << std::hex << key;
|
||||
return std::string();
|
||||
}
|
||||
if (retval > kMaxSupportedSize) {
|
||||
LOG(ERROR) << "The key has unexpectedly long security context than " << kMaxSupportedSize;
|
||||
return std::string();
|
||||
}
|
||||
context.resize(retval);
|
||||
return context;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,3 +46,6 @@ int RestrictKeyring(const std::string& keyring);
|
|||
// information in the descritption section depending on the key type, only the first word in the
|
||||
// keyring description is used for searching.
|
||||
bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id);
|
||||
|
||||
// Retrieves a key's security context. Return the context string, or empty string on error.
|
||||
std::string RetrieveSecurityContext(key_serial_t key);
|
||||
|
|
|
|||
Loading…
Reference in New Issue