1 /* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
2
3 /* FLASK */
4
5 /*
6 * A security context is a set of security attributes
7 * associated with each subject and object controlled
8 * by the security policy. Security contexts are
9 * externally represented as variable-length strings
10 * that can be interpreted by a user or application
11 * with an understanding of the security policy.
12 * Internally, the security server uses a simple
13 * structure. This structure is private to the
14 * security server and can be changed without affecting
15 * clients of the security server.
16 */
17
18 #ifndef _SEPOL_POLICYDB_CONTEXT_H_
19 #define _SEPOL_POLICYDB_CONTEXT_H_
20
21 #include <stddef.h>
22 #include <sepol/policydb/ebitmap.h>
23 #include <sepol/policydb/mls_types.h>
24
25 __BEGIN_DECLS
26
27 /*
28 * A security context consists of an authenticated user
29 * identity, a role, a type and a MLS range.
30 */
31 typedef struct context_struct {
32 uint32_t user;
33 uint32_t role;
34 uint32_t type;
35 mls_range_t range;
36 } context_struct_t;
37
mls_context_init(context_struct_t * c)38 static inline void mls_context_init(context_struct_t * c)
39 {
40 mls_range_init(&c->range);
41 }
42
mls_context_cpy(context_struct_t * dst,context_struct_t * src)43 static inline int mls_context_cpy(context_struct_t * dst,
44 context_struct_t * src)
45 {
46
47 if (mls_range_cpy(&dst->range, &src->range) < 0)
48 return -1;
49
50 return 0;
51 }
52
mls_context_cmp(context_struct_t * c1,context_struct_t * c2)53 static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2)
54 {
55 return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
56 mls_level_eq(&c1->range.level[1], &c2->range.level[1]));
57
58 }
59
mls_context_destroy(context_struct_t * c)60 static inline void mls_context_destroy(context_struct_t * c)
61 {
62 if (c == NULL)
63 return;
64
65 mls_range_destroy(&c->range);
66 mls_context_init(c);
67 }
68
context_init(context_struct_t * c)69 static inline void context_init(context_struct_t * c)
70 {
71 memset(c, 0, sizeof(*c));
72 }
73
context_cpy(context_struct_t * dst,context_struct_t * src)74 static inline int context_cpy(context_struct_t * dst, context_struct_t * src)
75 {
76 dst->user = src->user;
77 dst->role = src->role;
78 dst->type = src->type;
79 return mls_context_cpy(dst, src);
80 }
81
context_destroy(context_struct_t * c)82 static inline void context_destroy(context_struct_t * c)
83 {
84 if (c == NULL)
85 return;
86
87 c->user = c->role = c->type = 0;
88 mls_context_destroy(c);
89 }
90
context_cmp(context_struct_t * c1,context_struct_t * c2)91 static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
92 {
93 return ((c1->user == c2->user) &&
94 (c1->role == c2->role) &&
95 (c1->type == c2->type) && mls_context_cmp(c1, c2));
96 }
97
98 __END_DECLS
99 #endif
100