Home | History | Annotate | Download | only in policydb 
      1 
      2 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */
      3 
      4 /* FLASK */
      5 
      6 /*
      7  * A security context is a set of security attributes
      8  * associated with each subject and object controlled
      9  * by the security policy.  Security contexts are
     10  * externally represented as variable-length strings
     11  * that can be interpreted by a user or application
     12  * with an understanding of the security policy.
     13  * Internally, the security server uses a simple
     14  * structure.  This structure is private to the
     15  * security server and can be changed without affecting
     16  * clients of the security server.
     17  */
     18 
     19 #ifndef _SEPOL_POLICYDB_CONTEXT_H_
     20 #define _SEPOL_POLICYDB_CONTEXT_H_
     21 
     22 #include <stddef.h>
     23 #include <sepol/policydb/ebitmap.h>
     24 #include <sepol/policydb/mls_types.h>
     25 
     26 /*
     27  * A security context consists of an authenticated user
     28  * identity, a role, a type and a MLS range.
     29  */
     30 typedef struct context_struct {
     31 	uint32_t user;
     32 	uint32_t role;
     33 	uint32_t type;
     34 	mls_range_t range;
     35 } context_struct_t;
     36 
     37 static inline void mls_context_init(context_struct_t * c)
     38 {
     39 	mls_range_init(&c->range);
     40 }
     41 
     42 static inline int mls_context_cpy(context_struct_t * dst,
     43 				  context_struct_t * src)
     44 {
     45 
     46 	if (mls_range_cpy(&dst->range, &src->range) < 0)
     47 		return -1;
     48 
     49 	return 0;
     50 }
     51 
     52 static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2)
     53 {
     54 	return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
     55 		mls_level_eq(&c1->range.level[1], &c2->range.level[1]));
     56 
     57 }
     58 
     59 static inline void mls_context_destroy(context_struct_t * c)
     60 {
     61 	if (c == NULL)
     62 		return;
     63 
     64 	mls_range_destroy(&c->range);
     65 	mls_context_init(c);
     66 }
     67 
     68 static inline void context_init(context_struct_t * c)
     69 {
     70 	memset(c, 0, sizeof(*c));
     71 }
     72 
     73 static inline int context_cpy(context_struct_t * dst, context_struct_t * src)
     74 {
     75 	dst->user = src->user;
     76 	dst->role = src->role;
     77 	dst->type = src->type;
     78 	return mls_context_cpy(dst, src);
     79 }
     80 
     81 static inline void context_destroy(context_struct_t * c)
     82 {
     83 	if (c == NULL)
     84 		return;
     85 
     86 	c->user = c->role = c->type = 0;
     87 	mls_context_destroy(c);
     88 }
     89 
     90 static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
     91 {
     92 	return ((c1->user == c2->user) &&
     93 		(c1->role == c2->role) &&
     94 		(c1->type == c2->type) && mls_context_cmp(c1, c2));
     95 }
     96 
     97 #endif
     98