diff options
Diffstat (limited to 'libkeyutils')
| -rw-r--r-- | libkeyutils/mini_keyctl.cpp | 20 | ||||
| -rw-r--r-- | libkeyutils/mini_keyctl_utils.cpp | 18 | ||||
| -rw-r--r-- | libkeyutils/mini_keyctl_utils.h | 3 |
3 files changed, 41 insertions, 0 deletions
diff --git a/libkeyutils/mini_keyctl.cpp b/libkeyutils/mini_keyctl.cpp index 4fe4c3c51..844f873bc 100644 --- a/libkeyutils/mini_keyctl.cpp +++ b/libkeyutils/mini_keyctl.cpp @@ -20,8 +20,11 @@ #include "mini_keyctl_utils.h" +#include <stdio.h> #include <unistd.h> +#include <android-base/parseint.h> + static void Usage(int exit_code) { fprintf(stderr, "usage: mini-keyctl <action> [args,]\n"); fprintf(stderr, " mini-keyctl add <type> <desc> <data> <keyring>\n"); @@ -29,6 +32,7 @@ static void Usage(int exit_code) { fprintf(stderr, " mini-keyctl dadd <type> <desc_prefix> <cert_dir> <keyring>\n"); fprintf(stderr, " mini-keyctl unlink <key> <keyring>\n"); fprintf(stderr, " mini-keyctl restrict_keyring <keyring>\n"); + fprintf(stderr, " mini-keyctl security <key>\n"); _exit(exit_code); } @@ -66,7 +70,23 @@ int main(int argc, const char** argv) { key_serial_t key = std::stoi(argv[2], nullptr, 16); const std::string keyring = argv[3]; return Unlink(key, keyring); + } else if (action == "security") { + if (argc != 3) Usage(1); + const char* key_str = argv[2]; + key_serial_t key; + if (!android::base::ParseInt(key_str, &key)) { + fprintf(stderr, "Unparsable key: '%s'\n", key_str); + return 1; + } + std::string context = RetrieveSecurityContext(key); + if (context.empty()) { + perror(key_str); + return 1; + } + fprintf(stderr, "%s\n", context.c_str()); + return 0; } else { + fprintf(stderr, "Unrecognized action: %s\n", action.c_str()); Usage(1); } diff --git a/libkeyutils/mini_keyctl_utils.cpp b/libkeyutils/mini_keyctl_utils.cpp index c4fc96cc6..3651606db 100644 --- a/libkeyutils/mini_keyctl_utils.cpp +++ b/libkeyutils/mini_keyctl_utils.cpp @@ -210,3 +210,21 @@ int RestrictKeyring(const std::string& keyring) { } return 0; } + +std::string RetrieveSecurityContext(key_serial_t key) { + // Simply assume this size is enough in practice. + const int kMaxSupportedSize = 256; + std::string context; + context.resize(kMaxSupportedSize); + long retval = keyctl_get_security(key, context.data(), kMaxSupportedSize); + if (retval < 0) { + PLOG(ERROR) << "Cannot get security context of key 0x" << std::hex << key; + return std::string(); + } + if (retval > kMaxSupportedSize) { + LOG(ERROR) << "The key has unexpectedly long security context than " << kMaxSupportedSize; + return std::string(); + } + context.resize(retval); + return context; +} diff --git a/libkeyutils/mini_keyctl_utils.h b/libkeyutils/mini_keyctl_utils.h index 3c6961170..150967ddd 100644 --- a/libkeyutils/mini_keyctl_utils.h +++ b/libkeyutils/mini_keyctl_utils.h @@ -46,3 +46,6 @@ int RestrictKeyring(const std::string& keyring); // information in the descritption section depending on the key type, only the first word in the // keyring description is used for searching. bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id); + +// Retrieves a key's security context. Return the context string, or empty string on error. +std::string RetrieveSecurityContext(key_serial_t key); |