1 /* 2 * A security context is a set of security attributes 3 * associated with each subject and object controlled 4 * by the security policy. Security contexts are 5 * externally represented as variable-length strings 6 * that can be interpreted by a user or application 7 * with an understanding of the security policy. 8 * Internally, the security server uses a simple 9 * structure. This structure is private to the 10 * security server and can be changed without affecting 11 * clients of the security server. 12 * 13 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 14 */ 15 #ifndef _SS_CONTEXT_H_ 16 #define _SS_CONTEXT_H_ 17 18 #include "ebitmap.h" 19 #include "mls_types.h" 20 #include "security.h" 21 22 /* 23 * A security context consists of an authenticated user 24 * identity, a role, a type and a MLS range. 25 */ 26 struct context { 27 u32 user; 28 u32 role; 29 u32 type; 30 struct mls_range range; 31 }; 32 33 static inline void mls_context_init(struct context *c) 34 { 35 memset(&c->range, 0, sizeof(c->range)); 36 } 37 38 static inline int mls_context_cpy(struct context *dst, struct context *src) 39 { 40 int rc; 41 42 if (!selinux_mls_enabled) 43 return 0; 44 45 dst->range.level[0].sens = src->range.level[0].sens; 46 rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat); 47 if (rc) 48 goto out; 49 50 dst->range.level[1].sens = src->range.level[1].sens; 51 rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat); 52 if (rc) 53 ebitmap_destroy(&dst->range.level[0].cat); 54 out: 55 return rc; 56 } 57 58 static inline int mls_context_cmp(struct context *c1, struct context *c2) 59 { 60 if (!selinux_mls_enabled) 61 return 1; 62 63 return ((c1->range.level[0].sens == c2->range.level[0].sens) && 64 ebitmap_cmp(&c1->range.level[0].cat,&c2->range.level[0].cat) && 65 (c1->range.level[1].sens == c2->range.level[1].sens) && 66 ebitmap_cmp(&c1->range.level[1].cat,&c2->range.level[1].cat)); 67 } 68 69 static inline void mls_context_destroy(struct context *c) 70 { 71 if (!selinux_mls_enabled) 72 return; 73 74 ebitmap_destroy(&c->range.level[0].cat); 75 ebitmap_destroy(&c->range.level[1].cat); 76 mls_context_init(c); 77 } 78 79 static inline void context_init(struct context *c) 80 { 81 memset(c, 0, sizeof(*c)); 82 } 83 84 static inline int context_cpy(struct context *dst, struct context *src) 85 { 86 dst->user = src->user; 87 dst->role = src->role; 88 dst->type = src->type; 89 return mls_context_cpy(dst, src); 90 } 91 92 static inline void context_destroy(struct context *c) 93 { 94 c->user = c->role = c->type = 0; 95 mls_context_destroy(c); 96 } 97 98 static inline int context_cmp(struct context *c1, struct context *c2) 99 { 100 return ((c1->user == c2->user) && 101 (c1->role == c2->role) && 102 (c1->type == c2->type) && 103 mls_context_cmp(c1, c2)); 104 } 105 106 #endif /* _SS_CONTEXT_H_ */ 107 108