From f535a31cd7ec0ca0cfb29d24fcb28894a05ccefd Mon Sep 17 00:00:00 2001
From: Prabhpreet Dua <615318+prabhpreet@users.noreply.github.com>
Date: Tue, 11 Jun 2024 14:53:30 +0530
Subject: [PATCH] Feature flag for memfd_secret alloc (#343)

* feature flag for memfd_secret alloc

* Cargo fmt
---
 rosenpass/Cargo.toml | 3 ++-
 rosenpass/src/cli.rs | 8 +++++++-
 rp/Cargo.toml        | 3 +++
 rp/src/main.rs       | 3 +++
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/rosenpass/Cargo.toml b/rosenpass/Cargo.toml
index ce81cdc..5824af3 100644
--- a/rosenpass/Cargo.toml
+++ b/rosenpass/Cargo.toml
@@ -52,4 +52,5 @@ serial_test = {workspace = true}
 procspawn = {workspace = true}
 
 [features]
-enable_broker_api = ["rosenpass-wireguard-broker/enable_broker_api"]
\ No newline at end of file
+enable_broker_api = ["rosenpass-wireguard-broker/enable_broker_api"]
+enable_memfd_alloc = []
\ No newline at end of file
diff --git a/rosenpass/src/cli.rs b/rosenpass/src/cli.rs
index 4c350ac..81fad4f 100644
--- a/rosenpass/src/cli.rs
+++ b/rosenpass/src/cli.rs
@@ -3,7 +3,9 @@ use clap::{Parser, Subcommand};
 use rosenpass_cipher_traits::Kem;
 use rosenpass_ciphers::kem::StaticKem;
 use rosenpass_secret_memory::file::StoreSecret;
-use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets;
+use rosenpass_secret_memory::{
+    secret_policy_try_use_memfd_secrets, secret_policy_use_only_malloc_secrets,
+};
 use rosenpass_util::file::{LoadValue, LoadValueB64};
 use rosenpass_wireguard_broker::brokers::native_unix::{
     NativeUnixBroker, NativeUnixBrokerConfigBaseBuilder, NativeUnixBrokerConfigBaseBuilderError,
@@ -156,7 +158,11 @@ impl CliCommand {
     /// - This method consumes the [`CliCommand`] value. It might be wise to use a reference...
     pub fn run(self, test_helpers: Option<AppServerTest>) -> anyhow::Result<()> {
         //Specify secret policy
+
+        #[cfg(feature = "enable_memfd_alloc")]
         secret_policy_try_use_memfd_secrets();
+        #[cfg(not(feature = "enable_memfd_alloc"))]
+        secret_policy_use_only_malloc_secrets();
 
         use CliCommand::*;
         match self {
diff --git a/rp/Cargo.toml b/rp/Cargo.toml
index a70069c..9fc4b53 100644
--- a/rp/Cargo.toml
+++ b/rp/Cargo.toml
@@ -37,3 +37,6 @@ netlink-packet-wireguard = "0.2"
 [dev-dependencies]
 tempfile = {workspace = true}
 stacker = {workspace = true}
+
+[features]
+enable_memfd_alloc = []
diff --git a/rp/src/main.rs b/rp/src/main.rs
index 68073a0..014b0e7 100644
--- a/rp/src/main.rs
+++ b/rp/src/main.rs
@@ -11,7 +11,10 @@ mod key;
 
 #[tokio::main]
 async fn main() {
+    #[cfg(feature = "enable_memfd_alloc")]
     policy::secret_policy_try_use_memfd_secrets();
+    #[cfg(not(feature = "enable_memfd_alloc"))]
+    policy::secret_policy_use_only_malloc_secrets();
 
     let cli = match Cli::parse(std::env::args().peekable()) {
         Ok(cli) => cli,