• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 
2 /* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
3 
4 /* FLASK */
5 
6 /*
7  * A security context is a set of security attributes
8  * associated with each subject and object controlled
9  * by the security policy.  Security contexts are
10  * externally represented as variable-length strings
11  * that can be interpreted by a user or application
12  * with an understanding of the security policy.
13  * Internally, the security server uses a simple
14  * structure.  This structure is private to the
15  * security server and can be changed without affecting
16  * clients of the security server.
17  */
18 
19 #ifndef _SEPOL_POLICYDB_CONTEXT_H_
20 #define _SEPOL_POLICYDB_CONTEXT_H_
21 
22 #include <stddef.h>
23 #include <sepol/policydb/ebitmap.h>
24 #include <sepol/policydb/mls_types.h>
25 
26 /*
27  * A security context consists of an authenticated user
28  * identity, a role, a type and a MLS range.
29  */
30 typedef struct context_struct {
31 	uint32_t user;
32 	uint32_t role;
33 	uint32_t type;
34 	mls_range_t range;
35 } context_struct_t;
36 
mls_context_init(context_struct_t * c)37 static inline void mls_context_init(context_struct_t * c)
38 {
39 	mls_range_init(&c->range);
40 }
41 
mls_context_cpy(context_struct_t * dst,context_struct_t * src)42 static inline int mls_context_cpy(context_struct_t * dst,
43 				  context_struct_t * src)
44 {
45 
46 	if (mls_range_cpy(&dst->range, &src->range) < 0)
47 		return -1;
48 
49 	return 0;
50 }
51 
mls_context_cmp(context_struct_t * c1,context_struct_t * c2)52 static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2)
53 {
54 	return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
55 		mls_level_eq(&c1->range.level[1], &c2->range.level[1]));
56 
57 }
58 
mls_context_destroy(context_struct_t * c)59 static inline void mls_context_destroy(context_struct_t * c)
60 {
61 	if (c == NULL)
62 		return;
63 
64 	mls_range_destroy(&c->range);
65 	mls_context_init(c);
66 }
67 
context_init(context_struct_t * c)68 static inline void context_init(context_struct_t * c)
69 {
70 	memset(c, 0, sizeof(*c));
71 }
72 
context_cpy(context_struct_t * dst,context_struct_t * src)73 static inline int context_cpy(context_struct_t * dst, context_struct_t * src)
74 {
75 	dst->user = src->user;
76 	dst->role = src->role;
77 	dst->type = src->type;
78 	return mls_context_cpy(dst, src);
79 }
80 
context_destroy(context_struct_t * c)81 static inline void context_destroy(context_struct_t * c)
82 {
83 	if (c == NULL)
84 		return;
85 
86 	c->user = c->role = c->type = 0;
87 	mls_context_destroy(c);
88 }
89 
context_cmp(context_struct_t * c1,context_struct_t * c2)90 static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
91 {
92 	return ((c1->user == c2->user) &&
93 		(c1->role == c2->role) &&
94 		(c1->type == c2->type) && mls_context_cmp(c1, c2));
95 }
96 
97 #endif
98