project-oak · tiziano88 · Apr 16, 2020 · Apr 2, 2020
diff --git a/docs/abi.md b/docs/abi.md
@@ -176,21 +176,23 @@ return the channel handles for its read and write halves.
 
 ### node_create
 
-`node_create: (usize, usize, usize, usize, u64) -> u32` creates a new Node
-running the Node configuration identified by args 0 and 1, using the entrypoint
-specified by args 2 and 3, passing in an initial handle to the read half of a
-channel identified by arg 4. The entrypoint name is ignored when creating
-non-WebAssembly Nodes.
+`node_create: (usize, usize, usize, usize, usize, usize, u64) -> u32` creates a
+new Node running the Node configuration identified by args 0 and 1, using the
+entrypoint specified by args 2 and 3, passing in an initial handle to the read
+half of a channel identified by arg 4. The entrypoint name is ignored when
+creating non-WebAssembly Nodes.
 
 If creating the specified node would violate
 [information flow control](/docs/concepts.md#labels), returns
 `PERMISSION_DENIED`.
 
 - arg 0: Source buffer holding node configuration name
 - arg 1: Node configuration name size in bytes
-- arg 2: Source buffer holding entrypoint name.
+- arg 2: Source buffer holding entrypoint name
 - arg 3: Entrypoint name size in bytes
-- arg 4: Handle to channel
+- arg 4: Source buffer holding label
+- arg 5: Label size in bytes
+- arg 6: Handle to channel
 - return 0: Status of operation
 
 ### random_get

diff --git a/examples/abitest/module_0/rust/src/lib.rs b/examples/abitest/module_0/rust/src/lib.rs
@@ -23,6 +23,7 @@ use byteorder::WriteBytesExt;
 use expect::{expect, expect_eq, expect_matches};
 use log::{debug, info};
 use oak::{grpc, ChannelReadStatus, OakError, OakStatus};
+use oak_abi::label::Label;
 use prost::Message;
 use proto::{
     AbiTestRequest, AbiTestResponse, GrpcTestRequest, GrpcTestResponse, OakAbiTestService,
@@ -991,14 +992,50 @@ impl FrontendNode {
 
         let valid = "a_string";
         let non_utf8_name: Vec<u8> = vec![0xc3, 0x28];
+        let valid_label_bytes = Label::public_trusted().serialize();
+
+        // This sequence of bytes should not deserialize as a [`oak_abi::proto::policy::Label`]
+        // protobuf. We make sure here that this continues to be the case by making sure that
+        // [`Label::deserialize`] fails to parse these bytes.
+        let invalid_label_bytes = vec![0, 88, 0];
+        assert_eq!(None, Label::deserialize(&invalid_label_bytes));
+
         unsafe {
+            expect_eq!(
+                OakStatus::Ok as u32,
+                oak_abi::node_create(
+                    BACKEND_CONFIG_NAME.as_ptr(),
+                    BACKEND_CONFIG_NAME.len(),
+                    BACKEND_ENTRYPOINT_NAME.as_ptr(),
+                    BACKEND_ENTRYPOINT_NAME.len(),
+                    valid_label_bytes.as_ptr(),
+                    valid_label_bytes.len(),
+                    in_channel
+                )
+            );
+
+            expect_eq!(
+                OakStatus::ErrInvalidArgs as u32,
+                oak_abi::node_create(
+                    BACKEND_CONFIG_NAME.as_ptr(),
+                    BACKEND_CONFIG_NAME.len(),
+                    BACKEND_ENTRYPOINT_NAME.as_ptr(),
+                    BACKEND_ENTRYPOINT_NAME.len(),
+                    invalid_label_bytes.as_ptr(),
+                    invalid_label_bytes.len(),
+                    in_channel
+                )
+            );
+
             expect_eq!(
                 OakStatus::ErrInvalidArgs as u32,
                 oak_abi::node_create(
                     invalid_raw_offset() as *mut u8,
                     1,
                     valid.as_ptr(),
                     valid.len(),
+                    valid_label_bytes.as_ptr(),
+                    valid_label_bytes.len(),
                     in_channel
                 )
             );
@@ -1010,6 +1047,8 @@ impl FrontendNode {
                     non_utf8_name.len(),
                     valid.as_ptr(),
                     valid.len(),
+                    valid_label_bytes.as_ptr(),
+                    valid_label_bytes.len(),
                     in_channel
                 )
             );
@@ -1021,6 +1060,8 @@ impl FrontendNode {
                     valid.len(),
                     invalid_raw_offset() as *mut u8,
                     1,
+                    valid_label_bytes.as_ptr(),
+                    valid_label_bytes.len(),
                     in_channel
                 )
             );
@@ -1032,6 +1073,8 @@ impl FrontendNode {
                     valid.len(),
                     non_utf8_name.as_ptr(),
                     non_utf8_name.len(),
+                    valid_label_bytes.as_ptr(),
+                    valid_label_bytes.len(),
                     in_channel
                 )
             );

diff --git a/oak/server/rust/oak_abi/src/lib.rs b/oak/server/rust/oak_abi/src/lib.rs
@@ -144,6 +144,8 @@ extern "C" {
         config_len: usize,
         entrypoint_buf: *const u8,
         entrypoint_len: usize,
+        label_buf: *const u8,
+        label_len: usize,
         handle: u64,
     ) -> u32;