Home | History | Annotate | Download | only in policydb 
      1 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */
      2 
      3 /* FLASK */
      4 
      5 /*
      6  * A security context is a set of security attributes
      7  * associated with each subject and object controlled
      8  * by the security policy.  Security contexts are
      9  * externally represented as variable-length strings
     10  * that can be interpreted by a user or application
     11  * with an understanding of the security policy.
     12  * Internally, the security server uses a simple
     13  * structure.  This structure is private to the
     14  * security server and can be changed without affecting
     15  * clients of the security server.
     16  */
     17 
     18 #ifndef _SEPOL_POLICYDB_CONTEXT_H_
     19 #define _SEPOL_POLICYDB_CONTEXT_H_
     20 
     21 #include <stddef.h>
     22 #include <sepol/policydb/ebitmap.h>
     23 #include <sepol/policydb/mls_types.h>
     24 
     25 __BEGIN_DECLS
     26 
     27 /*
     28  * A security context consists of an authenticated user
     29  * identity, a role, a type and a MLS range.
     30  */
     31 typedef struct context_struct {
     32 	uint32_t user;
     33 	uint32_t role;
     34 	uint32_t type;
     35 	mls_range_t range;
     36 } context_struct_t;
     37 
     38 static inline void mls_context_init(context_struct_t * c)
     39 {
     40 	mls_range_init(&c->range);
     41 }
     42 
     43 static inline int mls_context_cpy(context_struct_t * dst,
     44 				  context_struct_t * src)
     45 {
     46 
     47 	if (mls_range_cpy(&dst->range, &src->range) < 0)
     48 		return -1;
     49 
     50 	return 0;
     51 }
     52 
     53 static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2)
     54 {
     55 	return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
     56 		mls_level_eq(&c1->range.level[1], &c2->range.level[1]));
     57 
     58 }
     59 
     60 static inline void mls_context_destroy(context_struct_t * c)
     61 {
     62 	if (c == NULL)
     63 		return;
     64 
     65 	mls_range_destroy(&c->range);
     66 	mls_context_init(c);
     67 }
     68 
     69 static inline void context_init(context_struct_t * c)
     70 {
     71 	memset(c, 0, sizeof(*c));
     72 }
     73 
     74 static inline int context_cpy(context_struct_t * dst, context_struct_t * src)
     75 {
     76 	dst->user = src->user;
     77 	dst->role = src->role;
     78 	dst->type = src->type;
     79 	return mls_context_cpy(dst, src);
     80 }
     81 
     82 static inline void context_destroy(context_struct_t * c)
     83 {
     84 	if (c == NULL)
     85 		return;
     86 
     87 	c->user = c->role = c->type = 0;
     88 	mls_context_destroy(c);
     89 }
     90 
     91 static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
     92 {
     93 	return ((c1->user == c2->user) &&
     94 		(c1->role == c2->role) &&
     95 		(c1->type == c2->type) && mls_context_cmp(c1, c2));
     96 }
     97 
     98 __END_DECLS
     99 #endif
    100