[libcamera-devel] [PATCH v2 4/4] libcamera: utils: Use internal secure_getenv() implementation

[Kieran Bingham]

The secure_getenv() call is not provided by all toolchains. Support
this feature by implementing our own version.

Signed-off-by: Kieran Bingham <kieran.bingham at ideasonboard.com>
---
 src/libcamera/include/utils.h |  2 ++
 src/libcamera/log.cpp         |  4 ++--
 src/libcamera/utils.cpp       | 20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/libcamera/include/utils.h b/src/libcamera/include/utils.h
index 1b2a62c0fda7..79038a96feab 100644
--- a/src/libcamera/include/utils.h
+++ b/src/libcamera/include/utils.h
@@ -24,6 +24,8 @@ std::unique_ptr<T> make_unique(Args&&... args)
 	return std::unique_ptr<T>(new T(std::forward<Args>(args)...));
 }
 
+char *secure_getenv(const char *name);
+
 } /* namespace utils */
 
 } /* namespace libcamera */
diff --git a/src/libcamera/log.cpp b/src/libcamera/log.cpp
index eb444c31857d..71cfbc422ba0 100644
--- a/src/libcamera/log.cpp
+++ b/src/libcamera/log.cpp
@@ -122,7 +122,7 @@ Logger::Logger()
  */
 void Logger::parseLogFile()
 {
-	const char *file = secure_getenv("LIBCAMERA_LOG_FILE");
+	const char *file = utils::secure_getenv("LIBCAMERA_LOG_FILE");
 	if (!file)
 		return;
 
@@ -140,7 +140,7 @@ void Logger::parseLogFile()
  */
 void Logger::parseLogLevels()
 {
-	const char *debug = secure_getenv("LIBCAMERA_LOG_LEVELS");
+	const char *debug = utils::secure_getenv("LIBCAMERA_LOG_LEVELS");
 	if (!debug)
 		return;
 
diff --git a/src/libcamera/utils.cpp b/src/libcamera/utils.cpp
index 70936e36c5d5..c49e65136514 100644
--- a/src/libcamera/utils.cpp
+++ b/src/libcamera/utils.cpp
@@ -6,6 +6,7 @@
  */
 
 #include <string.h>
+#include <sys/auxv.h>
 
 #include "utils.h"
 
@@ -35,6 +36,25 @@ const char *basename(const char *path)
        return base ? base + 1 : path;
 }
 
+/**
+ * \brief Get an environment variable
+ *
+ * The environment list is searched to find the variable 'name', and returns a
+ * pointer to the corresponding string.
+ * If 'secure execution' is required then this function always returns NULL to
+ * avoid vulnerabilities that could occur if the set-user-ID or set-group-ID
+ * programs accidentally trusted the environment.
+ *
+ * \returns A pointer to the value in the environment or NULL if the match fails
+ * or a secure environment is required.
+ */
+char *secure_getenv(const char *name)
+{
+       if (getauxval(AT_SECURE))
+               return NULL;
+       else
+               return getenv(name);
+}
 
 /**
  * \fn libcamera::utils::make_unique(Args &&... args)
-- 
2.19.1