sirenia/src/app_info/mod.rs - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2021 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 //! The module that defines the app_manifest.
 use std::collections::BTreeMap as Map;
 use std::fmt::Debug;
 use std::result::Result as StdResult;

 use libsirenia::communication::persistence::Scope;
 use serde::{Deserialize, Serialize};
 use thiserror::Error as ThisError;

 use crate::Digest;

 #[derive(ThisError, Debug)]
 pub enum Error {
     /// Invalid app id.
     #[error("invalid app id: {0}")]
     InvalidAppId(String),
 }

 /// The result of an operation in this crate.
 pub type Result<T> = StdResult<T, Error>;

 pub struct AppManifest {
     entries: Map<String, AppManifestEntry>,
 }

 /// Defines the type of isolation given to the TEE app instance.
 #[derive(Clone, Debug, Deserialize, Serialize)]
 pub enum SandboxType {
     Container,
     DeveloperEnvironment,
     VirtualMachine,
 }

 /// Defines parameters for use with the storage API.
 #[derive(Clone, Debug, Deserialize, Serialize)]
 pub struct StorageParameters {
     pub scope: Scope,
     pub domain: String,
     /// Enables transparent storage encryption.
     pub encryption_key_version: Option<usize>,
 }

 /// Defines parameters for use with the secrets API.
 #[derive(Clone, Debug, Deserialize, Serialize)]
 pub struct SecretsParameters {
     pub encryption_key_version: usize,
 }

 /// The TEE developer will define all of these fields for their app and the
 /// manifest will be used when starting up the TEE app.
 #[derive(Clone, Debug, Deserialize, Serialize)]
 pub struct AppManifestEntry {
     pub app_name: String,
     pub exec_info: ExececutableInfo,
     pub sandbox_type: SandboxType,
     pub secrets_parameters: Option<SecretsParameters>,
     pub storage_parameters: Option<StorageParameters>,
 }

 #[derive(Clone, Debug, Deserialize, Serialize)]
 pub enum ExececutableInfo {
     Path(String),
     Digest(Digest),
 }

 /// Provides a lookup for registered AppManifestEntries that represent which
 /// TEE apps are recognized.
 impl AppManifest {
     pub fn new() -> Self {
         let mut manifest = AppManifest {
             entries: Map::new(),
         };
         manifest.add_app_manifest_entry(AppManifestEntry {
             app_name: "shell".to_string(),
             exec_info: ExececutableInfo::Path("/bin/sh".to_string()),
             sandbox_type: SandboxType::DeveloperEnvironment,
             secrets_parameters: None,
             storage_parameters: None,
         });
         manifest.add_app_manifest_entry(AppManifestEntry {
             app_name: "sandboxed-shell".to_string(),
             exec_info: ExececutableInfo::Path("/bin/sh".to_string()),
             sandbox_type: SandboxType::Container,
             secrets_parameters: None,
             storage_parameters: None,
         });
         manifest.add_app_manifest_entry(AppManifestEntry {
             app_name: "demo_app".to_string(),
             exec_info: ExececutableInfo::Path("/usr/bin/demo_app".to_string()),
             sandbox_type: SandboxType::DeveloperEnvironment,
             secrets_parameters: None,
             storage_parameters: Some(StorageParameters {
                 scope: Scope::Test,
                 domain: "test".to_string(),
                 encryption_key_version: Some(1),
             }),
         });
         manifest
     }

     fn add_app_manifest_entry(&mut self, entry: AppManifestEntry) -> Option<AppManifestEntry> {
         let id = entry.app_name.clone();
         self.entries.insert(id, entry)
     }

     pub fn get_app_manifest_entry(&self, id: &str) -> Result<&AppManifestEntry> {
         match self.entries.get(id) {
             Some(entry) => Ok(entry),
             None => Err(Error::InvalidAppId(id.to_string())),
         }
     }

     pub fn iter(&self) -> impl Iterator<Item = &AppManifestEntry> {
         self.entries.iter().map(|kv| kv.1)
     }
 }

 impl Default for AppManifest {
     fn default() -> Self {
         AppManifest::new()
     }
 }
	// Copyright 2021 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	//! The module that defines the app_manifest.
	use std::collections::BTreeMap as Map;
	use std::fmt::Debug;
	use std::result::Result as StdResult;

	use libsirenia::communication::persistence::Scope;
	use serde::{Deserialize, Serialize};
	use thiserror::Error as ThisError;

	use crate::Digest;

	#[derive(ThisError, Debug)]
	pub enum Error {
	/// Invalid app id.
	#[error("invalid app id: {0}")]
	InvalidAppId(String),
	}

	/// The result of an operation in this crate.
	pub type Result<T> = StdResult<T, Error>;

	pub struct AppManifest {
	entries: Map<String, AppManifestEntry>,
	}

	/// Defines the type of isolation given to the TEE app instance.
	#[derive(Clone, Debug, Deserialize, Serialize)]
	pub enum SandboxType {
	Container,
	DeveloperEnvironment,
	VirtualMachine,
	}

	/// Defines parameters for use with the storage API.
	#[derive(Clone, Debug, Deserialize, Serialize)]
	pub struct StorageParameters {
	pub scope: Scope,
	pub domain: String,
	/// Enables transparent storage encryption.
	pub encryption_key_version: Option<usize>,
	}

	/// Defines parameters for use with the secrets API.
	#[derive(Clone, Debug, Deserialize, Serialize)]
	pub struct SecretsParameters {
	pub encryption_key_version: usize,
	}

	/// The TEE developer will define all of these fields for their app and the
	/// manifest will be used when starting up the TEE app.
	#[derive(Clone, Debug, Deserialize, Serialize)]
	pub struct AppManifestEntry {
	pub app_name: String,
	pub exec_info: ExececutableInfo,
	pub sandbox_type: SandboxType,
	pub secrets_parameters: Option<SecretsParameters>,
	pub storage_parameters: Option<StorageParameters>,
	}

	#[derive(Clone, Debug, Deserialize, Serialize)]
	pub enum ExececutableInfo {
	Path(String),
	Digest(Digest),
	}

	/// Provides a lookup for registered AppManifestEntries that represent which
	/// TEE apps are recognized.
	impl AppManifest {
	pub fn new() -> Self {
	let mut manifest = AppManifest {
	entries: Map::new(),
	};
	manifest.add_app_manifest_entry(AppManifestEntry {
	app_name: "shell".to_string(),
	exec_info: ExececutableInfo::Path("/bin/sh".to_string()),
	sandbox_type: SandboxType::DeveloperEnvironment,
	secrets_parameters: None,
	storage_parameters: None,
	});
	manifest.add_app_manifest_entry(AppManifestEntry {
	app_name: "sandboxed-shell".to_string(),
	exec_info: ExececutableInfo::Path("/bin/sh".to_string()),
	sandbox_type: SandboxType::Container,
	secrets_parameters: None,
	storage_parameters: None,
	});
	manifest.add_app_manifest_entry(AppManifestEntry {
	app_name: "demo_app".to_string(),
	exec_info: ExececutableInfo::Path("/usr/bin/demo_app".to_string()),
	sandbox_type: SandboxType::DeveloperEnvironment,
	secrets_parameters: None,
	storage_parameters: Some(StorageParameters {
	scope: Scope::Test,
	domain: "test".to_string(),
	encryption_key_version: Some(1),
	}),
	});
	manifest
	}

	fn add_app_manifest_entry(&mut self, entry: AppManifestEntry) -> Option<AppManifestEntry> {
	let id = entry.app_name.clone();
	self.entries.insert(id, entry)
	}

	pub fn get_app_manifest_entry(&self, id: &str) -> Result<&AppManifestEntry> {
	match self.entries.get(id) {
	Some(entry) => Ok(entry),
	None => Err(Error::InvalidAppId(id.to_string())),
	}
	}

	pub fn iter(&self) -> impl Iterator<Item = &AppManifestEntry> {
	self.entries.iter().map(\|kv\| kv.1)
	}
	}

	impl Default for AppManifest {
	fn default() -> Self {
	AppManifest::new()
	}
	}