1 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */ 2 3 /* FLASK */ 4 5 /* 6 * A security context is a set of security attributes 7 * associated with each subject and object controlled 8 * by the security policy. Security contexts are 9 * externally represented as variable-length strings 10 * that can be interpreted by a user or application 11 * with an understanding of the security policy. 12 * Internally, the security server uses a simple 13 * structure. This structure is private to the 14 * security server and can be changed without affecting 15 * clients of the security server. 16 */ 17 18 #ifndef _SEPOL_POLICYDB_CONTEXT_H_ 19 #define _SEPOL_POLICYDB_CONTEXT_H_ 20 21 #include <stddef.h> 22 #include <sepol/policydb/ebitmap.h> 23 #include <sepol/policydb/mls_types.h> 24 25 #ifdef __cplusplus 26 extern "C" { 27 #endif 28 29 /* 30 * A security context consists of an authenticated user 31 * identity, a role, a type and a MLS range. 32 */ 33 typedef struct context_struct { 34 uint32_t user; 35 uint32_t role; 36 uint32_t type; 37 mls_range_t range; 38 } context_struct_t; 39 40 static inline void mls_context_init(context_struct_t * c) 41 { 42 mls_range_init(&c->range); 43 } 44 45 static inline int mls_context_cpy(context_struct_t * dst, 46 context_struct_t * src) 47 { 48 49 if (mls_range_cpy(&dst->range, &src->range) < 0) 50 return -1; 51 52 return 0; 53 } 54 55 /* 56 * Sets both levels in the MLS range of 'dst' to the low level of 'src'. 57 */ 58 static inline int mls_context_cpy_low(context_struct_t *dst, context_struct_t *src) 59 { 60 int rc; 61 62 dst->range.level[0].sens = src->range.level[0].sens; 63 rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat); 64 if (rc) 65 goto out; 66 67 dst->range.level[1].sens = src->range.level[0].sens; 68 rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat); 69 if (rc) 70 ebitmap_destroy(&dst->range.level[0].cat); 71 out: 72 return rc; 73 } 74 75 /* 76 * Sets both levels in the MLS range of 'dst' to the high level of 'src'. 77 */ 78 static inline int mls_context_cpy_high(context_struct_t *dst, context_struct_t *src) 79 { 80 int rc; 81 82 dst->range.level[0].sens = src->range.level[1].sens; 83 rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[1].cat); 84 if (rc) 85 goto out; 86 87 dst->range.level[1].sens = src->range.level[1].sens; 88 rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat); 89 if (rc) 90 ebitmap_destroy(&dst->range.level[0].cat); 91 out: 92 return rc; 93 } 94 95 static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2) 96 { 97 return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) && 98 mls_level_eq(&c1->range.level[1], &c2->range.level[1])); 99 100 } 101 102 static inline void mls_context_destroy(context_struct_t * c) 103 { 104 if (c == NULL) 105 return; 106 107 mls_range_destroy(&c->range); 108 mls_context_init(c); 109 } 110 111 static inline void context_init(context_struct_t * c) 112 { 113 memset(c, 0, sizeof(*c)); 114 } 115 116 static inline int context_cpy(context_struct_t * dst, context_struct_t * src) 117 { 118 dst->user = src->user; 119 dst->role = src->role; 120 dst->type = src->type; 121 return mls_context_cpy(dst, src); 122 } 123 124 static inline void context_destroy(context_struct_t * c) 125 { 126 if (c == NULL) 127 return; 128 129 c->user = c->role = c->type = 0; 130 mls_context_destroy(c); 131 } 132 133 static inline int context_cmp(context_struct_t * c1, context_struct_t * c2) 134 { 135 return ((c1->user == c2->user) && 136 (c1->role == c2->role) && 137 (c1->type == c2->type) && mls_context_cmp(c1, c2)); 138 } 139 140 #ifdef __cplusplus 141 } 142 #endif 143 144 #endif 145