rust: replace lsm context+len with lsm_context

	security_cred_getsecid(c, secid);

}

int rust_helper_security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)

int rust_helper_security_secid_to_secctx(u32 secid, struct lsm_context *cp)

{

	return security_secid_to_secctx(secid, secdata, seclen);

	return security_secid_to_secctx(secid, cp);

}

void rust_helper_security_release_secctx(char *secdata, u32 seclen)

void rust_helper_security_release_secctx(struct lsm_context *cp)

{

	security_release_secctx(secdata, seclen);

	security_release_secctx(cp);

}

#endif

///

/// # Invariants

///

/// The `secdata` and `seclen` fields correspond to a valid security context as returned by a

/// successful call to `security_secid_to_secctx`, that has not yet been destroyed by calling

/// `security_release_secctx`.

/// The `ctx` field corresponds to a valid security context as returned by a successful call to

/// `security_secid_to_secctx`, that has not yet been destroyed by `security_release_secctx`.

pub struct SecurityCtx {

    secdata: *mut core::ffi::c_char,

    seclen: usize,

    ctx: bindings::lsm_context,

}

impl SecurityCtx {

    /// Get the security context given its id.

    pub fn from_secid(secid: u32) -> Result<Self> {

        let mut secdata = core::ptr::null_mut();

        let mut seclen = 0u32;

        // SAFETY: Just a C FFI call. The pointers are valid for writes.

        to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut secdata, &mut seclen) })?;

        // SAFETY: `struct lsm_context` can be initialized to all zeros.

        let mut ctx: bindings::lsm_context = unsafe { core::mem::zeroed() };

        // SAFETY: Just a C FFI call. The pointer is valid for writes.

        to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut ctx) })?;

        // INVARIANT: If the above call did not fail, then we have a valid security context.

        Ok(Self {

            secdata,

            seclen: seclen as usize,

        })

        Ok(Self { ctx })

    }

    /// Returns whether the security context is empty.

    pub fn is_empty(&self) -> bool {

        self.seclen == 0

        self.ctx.len == 0

    }

    /// Returns the length of this security context.

    pub fn len(&self) -> usize {

        self.seclen

        self.ctx.len as usize

    }

    /// Returns the bytes for this security context.

    pub fn as_bytes(&self) -> &[u8] {

        let ptr = self.secdata;

        let ptr = self.ctx.context;

        if ptr.is_null() {

            debug_assert_eq!(self.seclen, 0);

            debug_assert_eq!(self.len(), 0);

            // We can't pass a null pointer to `slice::from_raw_parts` even if the length is zero.

            return &[];

        }

        // SAFETY: The call to `security_secid_to_secctx` guarantees that the pointer is valid for

        // `seclen` bytes. Furthermore, if the length is zero, then we have ensured that the

        // `self.len()` bytes. Furthermore, if the length is zero, then we have ensured that the

        // pointer is not null.

        unsafe { core::slice::from_raw_parts(ptr.cast(), self.seclen) }

        unsafe { core::slice::from_raw_parts(ptr.cast(), self.len()) }

    }

}

impl Drop for SecurityCtx {

    fn drop(&mut self) {

        // SAFETY: By the invariant of `Self`, this frees a pointer that came from a successful

        // SAFETY: By the invariant of `Self`, this frees a context that came from a successful

        // call to `security_secid_to_secctx` and has not yet been destroyed by

        // `security_release_secctx`.

        unsafe { bindings::security_release_secctx(self.secdata, self.seclen as u32) };

        unsafe { bindings::security_release_secctx(&mut self.ctx) };

    }

}