diff options
author | Frederick Mayle <fmayle@google.com> | 2024-04-08 16:51:40 -0700 |
---|---|---|
committer | Frederick Mayle <fmayle@google.com> | 2024-04-09 16:05:43 -0700 |
commit | 42632079aa990e687382feb70260f76a4091a481 (patch) | |
tree | a87ad93cd2f1b944b24b4c11e95015dd6422e232 | |
parent | 3acb6db524b3a19989ac809c83ad4ee0ada1d032 (diff) | |
download | security-42632079aa990e687382feb70260f76a4091a481.tar.gz |
Upgrade nix to 0.28.0
Bug: 333427576
Test: TreeHugger
Change-Id: I549be37c37e99b4a73da2a12758675ad3191716b
-rw-r--r-- | keystore2/src/crypto/zvec.rs | 9 | ||||
-rw-r--r-- | keystore2/test_utils/run_as.rs | 27 |
2 files changed, 12 insertions, 24 deletions
diff --git a/keystore2/src/crypto/zvec.rs b/keystore2/src/crypto/zvec.rs index c917a898..00cbb1c8 100644 --- a/keystore2/src/crypto/zvec.rs +++ b/keystore2/src/crypto/zvec.rs @@ -20,6 +20,7 @@ use std::convert::TryFrom; use std::fmt; use std::ops::{Deref, DerefMut}; use std::ptr::write_volatile; +use std::ptr::NonNull; /// A semi fixed size u8 vector that is zeroed when dropped. It can shrink in /// size but cannot grow larger than the original size (and if it shrinks it @@ -46,7 +47,7 @@ impl ZVec { let b = v.into_boxed_slice(); if size > 0 { // SAFETY: The address range is part of our address space. - unsafe { mlock(b.as_ptr() as *const std::ffi::c_void, b.len()) }?; + unsafe { mlock(NonNull::from(&b).cast(), b.len()) }?; } Ok(Self { elems: b, len: size }) } @@ -79,9 +80,7 @@ impl Drop for ZVec { if let Err(e) = // SAFETY: The address range is part of our address space, and was previously locked // by `mlock` in `ZVec::new` or the `TryFrom<Vec<u8>>` implementation. - unsafe { - munlock(self.elems.as_ptr() as *const std::ffi::c_void, self.elems.len()) - } + unsafe { munlock(NonNull::from(&self.elems).cast(), self.elems.len()) } { log::error!("In ZVec::drop: `munlock` failed: {:?}.", e); } @@ -137,7 +136,7 @@ impl TryFrom<Vec<u8>> for ZVec { let b = v.into_boxed_slice(); if !b.is_empty() { // SAFETY: The address range is part of our address space. - unsafe { mlock(b.as_ptr() as *const std::ffi::c_void, b.len()) }?; + unsafe { mlock(NonNull::from(&b).cast(), b.len()) }?; } Ok(Self { elems: b, len }) } diff --git a/keystore2/test_utils/run_as.rs b/keystore2/test_utils/run_as.rs index be643b6b..d39d0697 100644 --- a/keystore2/test_utils/run_as.rs +++ b/keystore2/test_utils/run_as.rs @@ -29,13 +29,14 @@ use keystore2_selinux as selinux; use nix::sys::wait::{waitpid, WaitStatus}; use nix::unistd::{ - close, fork, pipe as nix_pipe, read as nix_read, setgid, setuid, write as nix_write, - ForkResult, Gid, Pid, Uid, + fork, pipe as nix_pipe, read as nix_read, setgid, setuid, write as nix_write, ForkResult, Gid, + Pid, Uid, }; use serde::{de::DeserializeOwned, Serialize}; use std::io::{Read, Write}; use std::marker::PhantomData; -use std::os::unix::io::RawFd; +use std::os::fd::AsRawFd; +use std::os::fd::OwnedFd; fn transition(se_context: selinux::Context, uid: Uid, gid: Gid) { setgid(gid).expect("Failed to set GID. This test might need more privileges."); @@ -48,35 +49,23 @@ fn transition(se_context: selinux::Context, uid: Uid, gid: Gid) { /// PipeReader is a simple wrapper around raw pipe file descriptors. /// It takes ownership of the file descriptor and closes it on drop. It provides `read_all`, which /// reads from the pipe into an expending vector, until no more data can be read. -struct PipeReader(RawFd); +struct PipeReader(OwnedFd); impl Read for PipeReader { fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> { - let bytes = nix_read(self.0, buf)?; + let bytes = nix_read(self.0.as_raw_fd(), buf)?; Ok(bytes) } } -impl Drop for PipeReader { - fn drop(&mut self) { - close(self.0).expect("Failed to close reader pipe fd."); - } -} - /// PipeWriter is a simple wrapper around raw pipe file descriptors. /// It takes ownership of the file descriptor and closes it on drop. It provides `write`, which /// writes the given buffer into the pipe, returning the number of bytes written. -struct PipeWriter(RawFd); - -impl Drop for PipeWriter { - fn drop(&mut self) { - close(self.0).expect("Failed to close writer pipe fd."); - } -} +struct PipeWriter(OwnedFd); impl Write for PipeWriter { fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> { - let written = nix_write(self.0, buf)?; + let written = nix_write(&self.0, buf)?; Ok(written) } |