xref: /linux/security/selinux/ss/context.h (revision f3d9478b2ce468c3115b02ecae7e975990697f15)
1 /*
2  * A security context is a set of security attributes
3  * associated with each subject and object controlled
4  * by the security policy.  Security contexts are
5   * externally represented as variable-length strings
6  * that can be interpreted by a user or application
7  * with an understanding of the security policy.
8  * Internally, the security server uses a simple
9  * structure.  This structure is private to the
10  * security server and can be changed without affecting
11  * clients of the security server.
12  *
13  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
14  */
15 #ifndef _SS_CONTEXT_H_
16 #define _SS_CONTEXT_H_
17 
18 #include "ebitmap.h"
19 #include "mls_types.h"
20 #include "security.h"
21 
22 /*
23  * A security context consists of an authenticated user
24  * identity, a role, a type and a MLS range.
25  */
26 struct context {
27 	u32 user;
28 	u32 role;
29 	u32 type;
30 	struct mls_range range;
31 };
32 
33 static inline void mls_context_init(struct context *c)
34 {
35 	memset(&c->range, 0, sizeof(c->range));
36 }
37 
38 static inline int mls_context_cpy(struct context *dst, struct context *src)
39 {
40 	int rc;
41 
42 	if (!selinux_mls_enabled)
43 		return 0;
44 
45 	dst->range.level[0].sens = src->range.level[0].sens;
46 	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
47 	if (rc)
48 		goto out;
49 
50 	dst->range.level[1].sens = src->range.level[1].sens;
51 	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
52 	if (rc)
53 		ebitmap_destroy(&dst->range.level[0].cat);
54 out:
55 	return rc;
56 }
57 
58 static inline int mls_context_cmp(struct context *c1, struct context *c2)
59 {
60 	if (!selinux_mls_enabled)
61 		return 1;
62 
63 	return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
64 		ebitmap_cmp(&c1->range.level[0].cat,&c2->range.level[0].cat) &&
65 		(c1->range.level[1].sens == c2->range.level[1].sens) &&
66 		ebitmap_cmp(&c1->range.level[1].cat,&c2->range.level[1].cat));
67 }
68 
69 static inline void mls_context_destroy(struct context *c)
70 {
71 	if (!selinux_mls_enabled)
72 		return;
73 
74 	ebitmap_destroy(&c->range.level[0].cat);
75 	ebitmap_destroy(&c->range.level[1].cat);
76 	mls_context_init(c);
77 }
78 
79 static inline void context_init(struct context *c)
80 {
81 	memset(c, 0, sizeof(*c));
82 }
83 
84 static inline int context_cpy(struct context *dst, struct context *src)
85 {
86 	dst->user = src->user;
87 	dst->role = src->role;
88 	dst->type = src->type;
89 	return mls_context_cpy(dst, src);
90 }
91 
92 static inline void context_destroy(struct context *c)
93 {
94 	c->user = c->role = c->type = 0;
95 	mls_context_destroy(c);
96 }
97 
98 static inline int context_cmp(struct context *c1, struct context *c2)
99 {
100 	return ((c1->user == c2->user) &&
101 		(c1->role == c2->role) &&
102 		(c1->type == c2->type) &&
103 		mls_context_cmp(c1, c2));
104 }
105 
106 #endif	/* _SS_CONTEXT_H_ */
107 
108