Skip to content

Interface

Jump to bottom
Nicholas Renner edited this page Jun 30, 2021 · 10 revisions

SafePOSIX - Rust Interface

One element of our security model is to contain our kernel calls to the "popular paths". To ensure this, SafePOSIX-Rust must only call to libraries (via the Rust standard libraries, and any crates) via paths that limit kernel calls to these popular paths.

The SafePOSIX-Rust interface exposes SafePOSIX to these libraries in four files:

  1. file.rs - filesystem related calls
  2. comm.rs - network related calls
  3. timer.rs - time related calls
  4. misc.rs - locks, serialization, etc.

These files make up our interface module, and are the only place libraries are imported via use. This allows us to fuzz this slimmer interface for kernel access to ensure the broader SafePOSIX code can only access the popular paths.

SafePOSIX is then built using this interface. No library imports via use are allowed in any of the files that implement SafePOSIX. Any attempts to import outside libraries will be rejected via code review.

File

File.rs includes the following interface data structures and functions:

OPEN_FILES - a global locked hash-set of open files

EmulatedFile - a struct that includes: the filename (String), the filepath, the file object (Rust File w/ Lock), and the filesize (usize), it includes the following methods:

  • new - Constructor
  • close - Safely closes the emulated file
  • readat - reads a file from offset location to a C-buffer
  • writeat - writes from a C-buffer to a file at given offset
  • readfile_to_new_string - reads entire file to new Rust String (used to restore metadata)
  • writefile_from_string - writes to entire file from Rust String (used for metadata persistence)
  • zerofill_at - writes a specified number of 0's to file
  • as_fd_handle_raw_int - gets system fd number of open file

openfile - opens an EmulatedFile

removefile - safely removes a file

listfiles - returns a list of open files

It also publicly exposes the types PathBuf, Path, Component, OsString, and SyncLazy (used for globals) under our own aliases

Comm

TBD

Misc

Misc.rs includes the following interface data structures and functions:

log_to_stdout - prints string to stdout

log_to_stderr - prints string to stderr

log_from_ptr - prints c-buffer to stdout

fillrandom - fills a buffer with random bytes from /dev/urandom

fillzero - fills a buffer with zeros

new_hashmap - creates a new hashmap

charstar_to_ruststr - converts a c-buffer to a Rust string

It also publicly exposes the types HashMap, RwLock, Arc under our own aliases.

serde

misc.rs also exposes some of the serde crate for serialization. This includes:

Serialize, Deserialize - traits to be extended to structs for serialization

serde_serialize_to_string - function to serialize a data-structure to a Rust string

serde_deserialize_from_string - function to deserialize a Rust string back into the appropriate data structure.

timer.rs

timer.rs includes the following interface data structures and functions:

Clone this wiki locally