diff options
| author | Andrew Walbran <qwandor@google.com> | 2023-07-21 17:23:56 +0100 |
|---|---|---|
| committer | Andrew Walbran <qwandor@google.com> | 2023-07-28 10:32:08 +0100 |
| commit | a47698a88fc422c208628f443d156e64343c51ca (patch) | |
| tree | 292dcebe59c1d9f2108eac6e5ffd60ff0299b911 /keystore2/tests | |
| parent | 6e9f564dd640b2a4c5a72b870d2932a3dc35c8c2 (diff) | |
| download | security-a47698a88fc422c208628f443d156e64343c51ca.tar.gz | |
Add, standardise or temporarily opt out of safety comments for keystore2.
These will soon be required by a lint.
Some functions were incorrectly marked as safe which were not actually
safe, so I've fixed those too.
Bug: 290018030
Test: m rust
Change-Id: I38df6a8162d430617f123ab1aace38b741458fce
Diffstat (limited to 'keystore2/tests')
7 files changed, 98 insertions, 33 deletions
diff --git a/keystore2/tests/keystore2_client_ec_key_tests.rs b/keystore2/tests/keystore2_client_ec_key_tests.rs index c2034ded..82671402 100644 --- a/keystore2/tests/keystore2_client_ec_key_tests.rs +++ b/keystore2/tests/keystore2_client_ec_key_tests.rs @@ -432,15 +432,18 @@ fn keystore2_key_owner_validation() { // Client#1: Generate a key and create an operation using generated key. // Wait until the parent notifies to continue. Once the parent notifies, this operation // is expected to be completed successfully. - let mut child_handle = execute_op_run_as_child( - TARGET_CTX, - Domain::APP, - -1, - Some(alias.to_string()), - Uid::from_raw(uid1), - Gid::from_raw(gid1), - ForcedOp(false), - ); + // SAFETY: The test is run in a separate process with no other threads. + let mut child_handle = unsafe { + execute_op_run_as_child( + TARGET_CTX, + Domain::APP, + -1, + Some(alias.to_string()), + Uid::from_raw(uid1), + Gid::from_raw(gid1), + ForcedOp(false), + ) + }; // Wait until (client#1) child process notifies us to continue, so that there will be a key // generated by client#1. @@ -450,6 +453,7 @@ fn keystore2_key_owner_validation() { const APPLICATION_ID_2: u32 = 10602; let uid2 = USER_ID * AID_USER_OFFSET + APPLICATION_ID_2; let gid2 = USER_ID * AID_USER_OFFSET + APPLICATION_ID_2; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(uid2), Gid::from_raw(gid2), move || { let keystore2_inst = get_keystore_service(); diff --git a/keystore2/tests/keystore2_client_grant_key_tests.rs b/keystore2/tests/keystore2_client_grant_key_tests.rs index bde872d0..516869a1 100644 --- a/keystore2/tests/keystore2_client_grant_key_tests.rs +++ b/keystore2/tests/keystore2_client_grant_key_tests.rs @@ -114,6 +114,7 @@ fn keystore2_grant_key_with_perm_none() { static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID; static GRANTEE_GID: u32 = GRANTEE_UID; + // SAFETY: The test is run in a separate process with no other threads. let grant_key_nspace = unsafe { run_as::run_as(TARGET_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let empty_access_vector = KeyPermission::NONE.0; @@ -132,6 +133,7 @@ fn keystore2_grant_key_with_perm_none() { // In grantee context try to load the key, it should fail to load the granted key as it is // granted with empty access vector. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -169,6 +171,7 @@ fn keystore2_grant_get_info_use_key_perm() { static GRANTEE_GID: u32 = GRANTEE_UID; // Generate a key and grant it to a user with GET_INFO|USE key permissions. + // SAFETY: The test is run in a separate process with no other threads. let grant_key_nspace = unsafe { run_as::run_as(TARGET_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let access_vector = KeyPermission::GET_INFO.0 | KeyPermission::USE.0; @@ -185,6 +188,7 @@ fn keystore2_grant_get_info_use_key_perm() { }; // In grantee context load the key and try to perform crypto operation. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -251,6 +255,7 @@ fn keystore2_grant_delete_key_success() { static ALIAS: &str = "ks_grant_key_delete_success"; // Generate a key and grant it to a user with DELETE permission. + // SAFETY: The test is run in a separate process with no other threads. let grant_key_nspace = unsafe { run_as::run_as(GRANTOR_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -270,6 +275,7 @@ fn keystore2_grant_delete_key_success() { }; // Grantee context, delete the key. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -290,6 +296,7 @@ fn keystore2_grant_delete_key_success() { }; // Verify whether key got deleted in grantor's context. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(GRANTOR_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), move || { let keystore2_inst = get_keystore_service(); @@ -325,6 +332,7 @@ fn keystore2_grant_key_fails_with_permission_denied() { static SEC_GRANTEE_GID: u32 = SEC_GRANTEE_UID; // Generate a key and grant it to a user with GET_INFO permission. + // SAFETY: The test is run in a separate process with no other threads. let grant_key_nspace = unsafe { run_as::run_as(GRANTOR_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -345,6 +353,7 @@ fn keystore2_grant_key_fails_with_permission_denied() { }; // Grantee context, load the granted key and try to grant it to `SEC_GRANTEE_UID` grantee. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -375,6 +384,7 @@ fn keystore2_grant_key_fails_with_permission_denied() { }; // Make sure second grantee shouldn't have access to the above granted key. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -457,6 +467,7 @@ fn keystore2_ungrant_key_success() { static GRANTEE_GID: u32 = GRANTEE_UID; // Generate a key and grant it to a user with GET_INFO permission. + // SAFETY: The test is run in a separate process with no other threads. let grant_key_nspace = unsafe { run_as::run_as(GRANTOR_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -492,6 +503,7 @@ fn keystore2_ungrant_key_success() { }; // Grantee context, try to load the ungranted key. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -527,6 +539,7 @@ fn keystore2_ungrant_fails_with_non_existing_key_expect_key_not_found_error() { static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID; static GRANTEE_GID: u32 = GRANTEE_UID; + // SAFETY: The test is run in a separate process with no other threads. let grant_key_nspace = unsafe { run_as::run_as(GRANTOR_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -576,6 +589,7 @@ fn keystore2_ungrant_fails_with_non_existing_key_expect_key_not_found_error() { // Make sure grant did not persist, try to access the earlier granted key in grantee context. // Grantee context should fail to load the granted key as its associated key is deleted in // grantor context. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -614,6 +628,7 @@ fn keystore2_grant_key_to_multi_users_success() { static GRANTEE_2_GID: u32 = GRANTEE_2_UID; // Generate a key and grant it to multiple users with GET_INFO|USE permissions. + // SAFETY: The test is run in a separate process with no other threads. let mut grant_keys = unsafe { run_as::run_as(GRANTOR_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -636,6 +651,7 @@ fn keystore2_grant_key_to_multi_users_success() { &[(GRANTEE_1_UID, GRANTEE_1_GID), (GRANTEE_2_UID, GRANTEE_2_GID)] { let grant_key_nspace = grant_keys.remove(0); + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -678,6 +694,7 @@ fn keystore2_grant_key_to_multi_users_delete_fails_with_key_not_found_error() { static GRANTEE_2_GID: u32 = GRANTEE_2_UID; // Generate a key and grant it to multiple users with GET_INFO permission. + // SAFETY: The test is run in a separate process with no other threads. let mut grant_keys = unsafe { run_as::run_as(GRANTOR_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -699,6 +716,7 @@ fn keystore2_grant_key_to_multi_users_delete_fails_with_key_not_found_error() { // Grantee #1 context let grant_key1_nspace = grant_keys.remove(0); + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -733,6 +751,7 @@ fn keystore2_grant_key_to_multi_users_delete_fails_with_key_not_found_error() { // Grantee #2 context let grant_key2_nspace = grant_keys.remove(0); + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, diff --git a/keystore2/tests/keystore2_client_keystore_engine_tests.rs b/keystore2/tests/keystore2_client_keystore_engine_tests.rs index 1aed8e62..339eb60f 100644 --- a/keystore2/tests/keystore2_client_keystore_engine_tests.rs +++ b/keystore2/tests/keystore2_client_keystore_engine_tests.rs @@ -167,6 +167,7 @@ fn keystore2_perofrm_crypto_op_using_keystore2_engine_rsa_key_success() { static GRANTEE_GID: u32 = GRANTEE_UID; // Generate a key and grant it to a user with GET_INFO|USE|DELETE key permissions. + // SAFETY: The test is run in a separate process with no other threads. let grant_key_nspace = unsafe { run_as::run_as(TARGET_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -184,6 +185,7 @@ fn keystore2_perofrm_crypto_op_using_keystore2_engine_rsa_key_success() { }; // In grantee context load the key and try to perform crypto operation. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -208,6 +210,7 @@ fn keystore2_perofrm_crypto_op_using_keystore2_engine_ec_key_success() { static GRANTEE_GID: u32 = GRANTEE_UID; // Generate a key and grant it to a user with GET_INFO|USE|DELETE key permissions. + // SAFETY: The test is run in a separate process with no other threads. let grant_key_nspace = unsafe { run_as::run_as(TARGET_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -225,6 +228,7 @@ fn keystore2_perofrm_crypto_op_using_keystore2_engine_ec_key_success() { }; // In grantee context load the key and try to perform crypto operation. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -250,6 +254,7 @@ fn keystore2_perofrm_crypto_op_using_keystore2_engine_pem_pub_key_success() { // Generate a key and re-encode it's certificate as PEM and update it and // grant it to a user with GET_INFO|USE|DELETE key permissions. + // SAFETY: The test is run in a separate process with no other threads. let grant_key_nspace = unsafe { run_as::run_as(TARGET_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -285,6 +290,7 @@ fn keystore2_perofrm_crypto_op_using_keystore2_engine_pem_pub_key_success() { }; // In grantee context load the key and try to perform crypto operation. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, diff --git a/keystore2/tests/keystore2_client_list_entries_tests.rs b/keystore2/tests/keystore2_client_list_entries_tests.rs index 809c01f8..1c0c4961 100644 --- a/keystore2/tests/keystore2_client_list_entries_tests.rs +++ b/keystore2/tests/keystore2_client_list_entries_tests.rs @@ -60,6 +60,7 @@ fn keystore2_list_entries_success() { static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID; static GRANTEE_GID: u32 = GRANTEE_UID; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(GRANTOR_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -113,6 +114,7 @@ fn keystore2_list_entries_success() { }; // In user context validate list of key entries associated with it. + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -161,6 +163,7 @@ fn keystore2_list_entries_fails_perm_denied() { let agid = 91 * AID_USER_OFFSET + 10001; static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20"; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(auid), Gid::from_raw(agid), move || { let keystore2 = get_keystore_service(); @@ -198,6 +201,7 @@ fn keystore2_list_entries_with_long_aliases_success() { static CLIENT_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID; static CLIENT_GID: u32 = CLIENT_UID; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(CLIENT_CTX, Uid::from_raw(CLIENT_UID), Gid::from_raw(CLIENT_GID), || { let keystore2 = get_keystore_service(); @@ -264,6 +268,7 @@ fn keystore2_list_entries_batched_with_long_aliases_success() { static CLIENT_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID; static CLIENT_GID: u32 = CLIENT_UID; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(CLIENT_CTX, Uid::from_raw(CLIENT_UID), Gid::from_raw(CLIENT_GID), || { let keystore2 = get_keystore_service(); @@ -331,6 +336,7 @@ fn keystore2_list_entries_batched_with_multi_procs_success() { static CLIENT_GID: u32 = CLIENT_UID; static ALIAS_PREFIX: &str = "key_test_batch_list"; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(CLIENT_CTX, Uid::from_raw(CLIENT_UID), Gid::from_raw(CLIENT_GID), || { let keystore2 = get_keystore_service(); @@ -361,6 +367,7 @@ fn keystore2_list_entries_batched_with_multi_procs_success() { }) }; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(CLIENT_CTX, Uid::from_raw(CLIENT_UID), Gid::from_raw(CLIENT_GID), || { let keystore2 = get_keystore_service(); @@ -428,6 +435,7 @@ fn keystore2_list_entries_batched_with_empty_keystore_success() { static CLIENT_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID; static CLIENT_GID: u32 = CLIENT_UID; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(CLIENT_CTX, Uid::from_raw(CLIENT_UID), Gid::from_raw(CLIENT_GID), || { let keystore2 = get_keystore_service(); @@ -511,6 +519,7 @@ fn keystore2_list_entries_batched_validate_count_and_order_success() { static CLIENT_GID: u32 = CLIENT_UID; static ALIAS_PREFIX: &str = "key_test_batch_list"; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(CLIENT_CTX, Uid::from_raw(CLIENT_UID), Gid::from_raw(CLIENT_GID), || { let keystore2 = get_keystore_service(); @@ -647,6 +656,7 @@ fn keystore2_list_entries_batched_fails_perm_denied() { let agid = 91 * AID_USER_OFFSET + 10001; static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20"; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(auid), Gid::from_raw(agid), move || { let keystore2 = get_keystore_service(); @@ -686,6 +696,7 @@ fn keystore2_get_number_of_entries_fails_perm_denied() { let agid = 91 * AID_USER_OFFSET + 10001; static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20"; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(auid), Gid::from_raw(agid), move || { let keystore2 = get_keystore_service(); diff --git a/keystore2/tests/keystore2_client_operation_tests.rs b/keystore2/tests/keystore2_client_operation_tests.rs index 19175ddd..89b5a319 100644 --- a/keystore2/tests/keystore2_client_operation_tests.rs +++ b/keystore2/tests/keystore2_client_operation_tests.rs @@ -36,7 +36,11 @@ use crate::keystore2_client_test_utils::{ /// Create `max_ops` number child processes with the given context and perform an operation under each /// child process. -pub fn create_operations( +/// +/// # Safety +/// +/// Must be called from a process with no other threads. +pub unsafe fn create_operations( target_ctx: &'static str, forced_op: ForcedOp, max_ops: i32, @@ -45,7 +49,8 @@ pub fn create_operations( let base_gid = 99 * AID_USER_OFFSET + 10001; let base_uid = 99 * AID_USER_OFFSET + 10001; (0..max_ops) - .map(|i| { + // SAFETY: The caller guarantees that there are no other threads. + .map(|i| unsafe { execute_op_run_as_child( target_ctx, Domain::APP, @@ -87,7 +92,8 @@ fn keystore2_backend_busy_test() { const MAX_OPS: i32 = 100; static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20"; - let mut child_handles = create_operations(TARGET_CTX, ForcedOp(false), MAX_OPS); + // SAFETY: The test is run in a separate process with no other threads. + let mut child_handles = unsafe { create_operations(TARGET_CTX, ForcedOp(false), MAX_OPS) }; // Wait until all child procs notifies us to continue, // so that there are definitely enough operations outstanding to trigger a BACKEND_BUSY. @@ -120,7 +126,8 @@ fn keystore2_forced_op_after_backendbusy_test() { static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20"; // Create regular operations. - let mut child_handles = create_operations(TARGET_CTX, ForcedOp(false), MAX_OPS); + // SAFETY: The test is run in a separate process with no other threads. + let mut child_handles = unsafe { create_operations(TARGET_CTX, ForcedOp(false), MAX_OPS) }; // Wait until all child procs notifies us to continue, so that there are enough // operations outstanding to trigger a BACKEND_BUSY. @@ -131,6 +138,7 @@ fn keystore2_forced_op_after_backendbusy_test() { // Create a forced operation. let auid = 99 * AID_USER_OFFSET + 10604; let agid = 99 * AID_USER_OFFSET + 10604; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( key_generations::TARGET_VOLD_CTX, @@ -203,15 +211,18 @@ fn keystore2_max_forced_ops_test() { // Create initial forced operation in a child process // and wait for the parent to notify to perform operation. let alias = format!("ks_forced_op_key_{}", getuid()); - let mut first_op_handle = execute_op_run_as_child( - key_generations::TARGET_SU_CTX, - Domain::SELINUX, - key_generations::SELINUX_SHELL_NAMESPACE, - Some(alias), - Uid::from_raw(auid), - Gid::from_raw(agid), - ForcedOp(true), - ); + // SAFETY: The test is run in a separate process with no other threads. + let mut first_op_handle = unsafe { + execute_op_run_as_child( + key_generations::TARGET_SU_CTX, + Domain::SELINUX, + key_generations::SELINUX_SHELL_NAMESPACE, + Some(alias), + Uid::from_raw(auid), + Gid::from_raw(agid), + ForcedOp(true), + ) + }; // Wait until above child proc notifies us to continue, so that there is definitely a forced // operation outstanding to perform a operation. @@ -219,7 +230,8 @@ fn keystore2_max_forced_ops_test() { // Create MAX_OPS number of forced operations. let mut child_handles = - create_operations(key_generations::TARGET_SU_CTX, ForcedOp(true), MAX_OPS); + // SAFETY: The test is run in a separate process with no other threads. + unsafe { create_operations(key_generations::TARGET_SU_CTX, ForcedOp(true), MAX_OPS) }; // Wait until all child procs notifies us to continue, so that there are enough operations // outstanding to trigger a BACKEND_BUSY. @@ -282,15 +294,18 @@ fn keystore2_ops_prune_test() { // Create an operation in an untrusted_app context. Wait until the parent notifies to continue. // Once the parent notifies, this operation is expected to be completed successfully. let alias = format!("ks_reg_op_key_{}", getuid()); - let mut child_handle = execute_op_run_as_child( - TARGET_CTX, - Domain::APP, - -1, - Some(alias), - Uid::from_raw(uid), - Gid::from_raw(gid), - ForcedOp(false), - ); + // SAFETY: The test is run in a separate process with no other threads. + let mut child_handle = unsafe { + execute_op_run_as_child( + TARGET_CTX, + Domain::APP, + -1, + Some(alias), + Uid::from_raw(uid), + Gid::from_raw(gid), + ForcedOp(false), + ) + }; // Wait until child process notifies us to continue, so that an operation from child process is // outstanding to complete the operation. @@ -377,6 +392,7 @@ fn keystore2_forced_op_perm_denied_test() { let gid = USER_ID * AID_USER_OFFSET + APPLICATION_ID; for context in TARGET_CTXS.iter() { + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(context, Uid::from_raw(uid), Gid::from_raw(gid), move || { let alias = format!("ks_app_forced_op_test_key_{}", getuid()); @@ -406,6 +422,7 @@ fn keystore2_forced_op_success_test() { let uid = USER_ID * AID_USER_OFFSET + APPLICATION_ID; let gid = USER_ID * AID_USER_OFFSET + APPLICATION_ID; + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(uid), Gid::from_raw(gid), move || { let alias = format!("ks_vold_forced_op_key_{}", getuid()); diff --git a/keystore2/tests/keystore2_client_test_utils.rs b/keystore2/tests/keystore2_client_test_utils.rs index 3354798e..f7e7985f 100644 --- a/keystore2/tests/keystore2_client_test_utils.rs +++ b/keystore2/tests/keystore2_client_test_utils.rs @@ -266,7 +266,11 @@ pub fn perform_sample_asym_sign_verify_op( } /// Create new operation on child proc and perform simple operation after parent notification. -pub fn execute_op_run_as_child( +/// +/// # Safety +/// +/// Must only be called from a single-threaded process. +pub unsafe fn execute_op_run_as_child( target_ctx: &'static str, domain: Domain, nspace: i64, @@ -275,6 +279,7 @@ pub fn execute_op_run_as_child( agid: Gid, forced_op: ForcedOp, ) -> run_as::ChildHandle<TestOutcome, BarrierReached> { + // SAFETY: The caller guarantees that there are no other threads. unsafe { run_as::run_as_child(target_ctx, auid, agid, move |reader, writer| { let result = key_generations::map_ks_error(create_signing_operation( diff --git a/keystore2/tests/keystore2_client_update_subcomponent_tests.rs b/keystore2/tests/keystore2_client_update_subcomponent_tests.rs index 0be092f8..d9576a84 100644 --- a/keystore2/tests/keystore2_client_update_subcomponent_tests.rs +++ b/keystore2/tests/keystore2_client_update_subcomponent_tests.rs @@ -167,6 +167,7 @@ fn keystore2_update_subcomponent_fails_permission_denied() { static GRANTEE_2_GID: u32 = GRANTEE_2_UID; // Generate a key and grant it to multiple users with different access permissions. + // SAFETY: The test is run in a separate process with no other threads. let mut granted_keys = unsafe { run_as::run_as(GRANTOR_SU_CTX, Uid::from_raw(0), Gid::from_raw(0), || { let keystore2 = get_keystore_service(); @@ -205,6 +206,7 @@ fn keystore2_update_subcomponent_fails_permission_denied() { // Grantee context, try to update the key public certs, permission denied error is expected. let granted_key1_nspace = granted_keys.remove(0); + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, @@ -234,6 +236,7 @@ fn keystore2_update_subcomponent_fails_permission_denied() { // Grantee context, update granted key public certs. Update should happen successfully. let granted_key2_nspace = granted_keys.remove(0); + // SAFETY: The test is run in a separate process with no other threads. unsafe { run_as::run_as( GRANTEE_CTX, |