1255e72915d4cbddceb435e13d81601755714e9fSE Android 2255e72915d4cbddceb435e13d81601755714e9fSE Android/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ 3255e72915d4cbddceb435e13d81601755714e9fSE Android 4255e72915d4cbddceb435e13d81601755714e9fSE Android/* FLASK */ 5255e72915d4cbddceb435e13d81601755714e9fSE Android 6255e72915d4cbddceb435e13d81601755714e9fSE Android/* 7255e72915d4cbddceb435e13d81601755714e9fSE Android * A security context is a set of security attributes 8255e72915d4cbddceb435e13d81601755714e9fSE Android * associated with each subject and object controlled 9255e72915d4cbddceb435e13d81601755714e9fSE Android * by the security policy. Security contexts are 10255e72915d4cbddceb435e13d81601755714e9fSE Android * externally represented as variable-length strings 11255e72915d4cbddceb435e13d81601755714e9fSE Android * that can be interpreted by a user or application 12255e72915d4cbddceb435e13d81601755714e9fSE Android * with an understanding of the security policy. 13255e72915d4cbddceb435e13d81601755714e9fSE Android * Internally, the security server uses a simple 14255e72915d4cbddceb435e13d81601755714e9fSE Android * structure. This structure is private to the 15255e72915d4cbddceb435e13d81601755714e9fSE Android * security server and can be changed without affecting 16255e72915d4cbddceb435e13d81601755714e9fSE Android * clients of the security server. 17255e72915d4cbddceb435e13d81601755714e9fSE Android */ 18255e72915d4cbddceb435e13d81601755714e9fSE Android 19255e72915d4cbddceb435e13d81601755714e9fSE Android#ifndef _SEPOL_POLICYDB_CONTEXT_H_ 20255e72915d4cbddceb435e13d81601755714e9fSE Android#define _SEPOL_POLICYDB_CONTEXT_H_ 21255e72915d4cbddceb435e13d81601755714e9fSE Android 22255e72915d4cbddceb435e13d81601755714e9fSE Android#include <stddef.h> 23255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/ebitmap.h> 24255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/mls_types.h> 25255e72915d4cbddceb435e13d81601755714e9fSE Android 26255e72915d4cbddceb435e13d81601755714e9fSE Android/* 27255e72915d4cbddceb435e13d81601755714e9fSE Android * A security context consists of an authenticated user 28255e72915d4cbddceb435e13d81601755714e9fSE Android * identity, a role, a type and a MLS range. 29255e72915d4cbddceb435e13d81601755714e9fSE Android */ 30255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef struct context_struct { 31255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t user; 32255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t role; 33255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t type; 34255e72915d4cbddceb435e13d81601755714e9fSE Android mls_range_t range; 35255e72915d4cbddceb435e13d81601755714e9fSE Android} context_struct_t; 36255e72915d4cbddceb435e13d81601755714e9fSE Android 37255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic inline void mls_context_init(context_struct_t * c) 38255e72915d4cbddceb435e13d81601755714e9fSE Android{ 39255e72915d4cbddceb435e13d81601755714e9fSE Android mls_range_init(&c->range); 40255e72915d4cbddceb435e13d81601755714e9fSE Android} 41255e72915d4cbddceb435e13d81601755714e9fSE Android 42255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic inline int mls_context_cpy(context_struct_t * dst, 43255e72915d4cbddceb435e13d81601755714e9fSE Android context_struct_t * src) 44255e72915d4cbddceb435e13d81601755714e9fSE Android{ 45255e72915d4cbddceb435e13d81601755714e9fSE Android 46255e72915d4cbddceb435e13d81601755714e9fSE Android if (mls_range_cpy(&dst->range, &src->range) < 0) 47255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 48255e72915d4cbddceb435e13d81601755714e9fSE Android 49255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 50255e72915d4cbddceb435e13d81601755714e9fSE Android} 51255e72915d4cbddceb435e13d81601755714e9fSE Android 52255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2) 53255e72915d4cbddceb435e13d81601755714e9fSE Android{ 54255e72915d4cbddceb435e13d81601755714e9fSE Android return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) && 55255e72915d4cbddceb435e13d81601755714e9fSE Android mls_level_eq(&c1->range.level[1], &c2->range.level[1])); 56255e72915d4cbddceb435e13d81601755714e9fSE Android 57255e72915d4cbddceb435e13d81601755714e9fSE Android} 58255e72915d4cbddceb435e13d81601755714e9fSE Android 59255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic inline void mls_context_destroy(context_struct_t * c) 60255e72915d4cbddceb435e13d81601755714e9fSE Android{ 61255e72915d4cbddceb435e13d81601755714e9fSE Android if (c == NULL) 62255e72915d4cbddceb435e13d81601755714e9fSE Android return; 63255e72915d4cbddceb435e13d81601755714e9fSE Android 64255e72915d4cbddceb435e13d81601755714e9fSE Android mls_range_destroy(&c->range); 65255e72915d4cbddceb435e13d81601755714e9fSE Android mls_context_init(c); 66255e72915d4cbddceb435e13d81601755714e9fSE Android} 67255e72915d4cbddceb435e13d81601755714e9fSE Android 68255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic inline void context_init(context_struct_t * c) 69255e72915d4cbddceb435e13d81601755714e9fSE Android{ 70255e72915d4cbddceb435e13d81601755714e9fSE Android memset(c, 0, sizeof(*c)); 71255e72915d4cbddceb435e13d81601755714e9fSE Android} 72255e72915d4cbddceb435e13d81601755714e9fSE Android 73255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic inline int context_cpy(context_struct_t * dst, context_struct_t * src) 74255e72915d4cbddceb435e13d81601755714e9fSE Android{ 75255e72915d4cbddceb435e13d81601755714e9fSE Android dst->user = src->user; 76255e72915d4cbddceb435e13d81601755714e9fSE Android dst->role = src->role; 77255e72915d4cbddceb435e13d81601755714e9fSE Android dst->type = src->type; 78255e72915d4cbddceb435e13d81601755714e9fSE Android return mls_context_cpy(dst, src); 79255e72915d4cbddceb435e13d81601755714e9fSE Android} 80255e72915d4cbddceb435e13d81601755714e9fSE Android 81255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic inline void context_destroy(context_struct_t * c) 82255e72915d4cbddceb435e13d81601755714e9fSE Android{ 83255e72915d4cbddceb435e13d81601755714e9fSE Android if (c == NULL) 84255e72915d4cbddceb435e13d81601755714e9fSE Android return; 85255e72915d4cbddceb435e13d81601755714e9fSE Android 86255e72915d4cbddceb435e13d81601755714e9fSE Android c->user = c->role = c->type = 0; 87255e72915d4cbddceb435e13d81601755714e9fSE Android mls_context_destroy(c); 88255e72915d4cbddceb435e13d81601755714e9fSE Android} 89255e72915d4cbddceb435e13d81601755714e9fSE Android 90255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic inline int context_cmp(context_struct_t * c1, context_struct_t * c2) 91255e72915d4cbddceb435e13d81601755714e9fSE Android{ 92255e72915d4cbddceb435e13d81601755714e9fSE Android return ((c1->user == c2->user) && 93255e72915d4cbddceb435e13d81601755714e9fSE Android (c1->role == c2->role) && 94255e72915d4cbddceb435e13d81601755714e9fSE Android (c1->type == c2->type) && mls_context_cmp(c1, c2)); 95255e72915d4cbddceb435e13d81601755714e9fSE Android} 96255e72915d4cbddceb435e13d81601755714e9fSE Android 97255e72915d4cbddceb435e13d81601755714e9fSE Android#endif 98