context.h revision ed7a6ba24ad3241e696fa7bc9bb56bb4f373147b
1/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ 2 3/* FLASK */ 4 5/* 6 * A security context is a set of security attributes 7 * associated with each subject and object controlled 8 * by the security policy. Security contexts are 9 * externally represented as variable-length strings 10 * that can be interpreted by a user or application 11 * with an understanding of the security policy. 12 * Internally, the security server uses a simple 13 * structure. This structure is private to the 14 * security server and can be changed without affecting 15 * clients of the security server. 16 */ 17 18#ifndef _SEPOL_POLICYDB_CONTEXT_H_ 19#define _SEPOL_POLICYDB_CONTEXT_H_ 20 21#include <stddef.h> 22#include <sepol/policydb/ebitmap.h> 23#include <sepol/policydb/mls_types.h> 24 25__BEGIN_DECLS 26 27/* 28 * A security context consists of an authenticated user 29 * identity, a role, a type and a MLS range. 30 */ 31typedef struct context_struct { 32 uint32_t user; 33 uint32_t role; 34 uint32_t type; 35 mls_range_t range; 36} context_struct_t; 37 38static inline void mls_context_init(context_struct_t * c) 39{ 40 mls_range_init(&c->range); 41} 42 43static inline int mls_context_cpy(context_struct_t * dst, 44 context_struct_t * src) 45{ 46 47 if (mls_range_cpy(&dst->range, &src->range) < 0) 48 return -1; 49 50 return 0; 51} 52 53static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2) 54{ 55 return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) && 56 mls_level_eq(&c1->range.level[1], &c2->range.level[1])); 57 58} 59 60static inline void mls_context_destroy(context_struct_t * c) 61{ 62 if (c == NULL) 63 return; 64 65 mls_range_destroy(&c->range); 66 mls_context_init(c); 67} 68 69static inline void context_init(context_struct_t * c) 70{ 71 memset(c, 0, sizeof(*c)); 72} 73 74static inline int context_cpy(context_struct_t * dst, context_struct_t * src) 75{ 76 dst->user = src->user; 77 dst->role = src->role; 78 dst->type = src->type; 79 return mls_context_cpy(dst, src); 80} 81 82static inline void context_destroy(context_struct_t * c) 83{ 84 if (c == NULL) 85 return; 86 87 c->user = c->role = c->type = 0; 88 mls_context_destroy(c); 89} 90 91static inline int context_cmp(context_struct_t * c1, context_struct_t * c2) 92{ 93 return ((c1->user == c2->user) && 94 (c1->role == c2->role) && 95 (c1->type == c2->type) && mls_context_cmp(c1, c2)); 96} 97 98__END_DECLS 99#endif 100