Lines Matching defs:context
10 * Support for context based audit filters.
61 #include "context.h"
92 static int context_struct_to_string(struct context *context, char **scontext,
95 static void context_struct_compute_av(struct context *scontext,
96 struct context *tcontext,
267 * only. For these rules, scontext is the context before the transition,
268 * tcontext is the context after the transition, and xcontext is the context
272 static int constraint_expr_eval(struct context *scontext,
273 struct context *tcontext,
274 struct context *xcontext,
278 struct context *c;
462 static void security_dump_masked_av(struct context *scontext,
463 struct context *tcontext,
540 static void type_attribute_bounds_av(struct context *scontext,
541 struct context *tcontext,
545 struct context lo_scontext;
546 struct context lo_tcontext;
644 * Compute access vectors and operations ranges based on a context
647 static void context_struct_compute_av(struct context *scontext,
648 struct context *tcontext,
751 static int security_validtrans_handle_fail(struct context *ocontext,
752 struct context *ncontext,
753 struct context *tcontext,
782 struct context *ocontext;
783 struct context *ncontext;
784 struct context *tcontext;
856 struct context *old_context, *new_context;
990 struct context *scontext, *tcontext;
1080 struct context *scontext = NULL, *tcontext = NULL;
1127 struct context *scontext = NULL, *tcontext = NULL;
1168 * Write the security context string representation of
1169 * the context structure `context' into a dynamically
1174 static int context_struct_to_string(struct context *context, char **scontext, u32 *scontext_len)
1182 if (context->len) {
1183 *scontext_len = context->len;
1185 *scontext = kstrdup(context->str, GFP_ATOMIC);
1192 /* Compute the size of the context. */
1193 *scontext_len += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) + 1;
1194 *scontext_len += strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) + 1;
1195 *scontext_len += strlen(sym_name(&policydb, SYM_TYPES, context->type - 1)) + 1;
1196 *scontext_len += mls_compute_context_len(context);
1201 /* Allocate space for the context; caller must free this space. */
1208 * Copy the user name, role name and type name into the context.
1211 sym_name(&policydb, SYM_USERS, context->user - 1),
1212 sym_name(&policydb, SYM_ROLES, context->role - 1),
1213 sym_name(&policydb, SYM_TYPES, context->type - 1));
1214 scontextp += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) +
1215 1 + strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) +
1216 1 + strlen(sym_name(&policydb, SYM_TYPES, context->type - 1));
1218 mls_sid_to_context(context, &scontextp);
1237 struct context *context;
1267 context = sidtab_search_force(&sidtab, sid);
1269 context = sidtab_search(&sidtab, sid);
1270 if (!context) {
1276 rc = context_struct_to_string(context, scontext, scontext_len);
1285 * security_sid_to_context - Obtain a context for a given SID.
1287 * @scontext: security context
1290 * Write the string representation of the context associated with @sid
1311 struct context *ctx,
1322 /* Parse the security context. */
1379 /* Check the validity of the new context. */
1394 struct context context;
1397 /* An empty security context is never valid. */
1432 scontext_len, &context, def_sid);
1434 context.str = str;
1435 context.len = scontext_len;
1439 rc = sidtab_context_to_sid(&sidtab, &context, sid);
1440 context_destroy(&context);
1450 * security_context_to_sid - Obtain a SID for a given security context.
1451 * @scontext: security context
1454 * @gfp: context for the allocation
1456 * Obtains a SID associated with the security context that
1458 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
1469 * security_context_to_sid_default - Obtain a SID for a given security context,
1472 * @scontext: security context
1477 * Obtains a SID associated with the security context that
1482 * Implicitly forces adding of the context even if it cannot be mapped yet.
1483 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
1501 struct context *scontext,
1502 struct context *tcontext,
1504 struct context *newcontext)
1530 static void filename_compute_type(struct policydb *p, struct context *newcontext,
1564 struct context *scontext = NULL, *tcontext = NULL, newcontext;
1709 /* Check the validity of the context. */
1718 /* Obtain the sid for the context. */
1800 struct context *context,
1806 return sidtab_insert(s, sid, context);
1811 static inline int convert_context_handle_invalid_context(struct context *context)
1819 if (!context_struct_to_string(context, &s, &len)) {
1832 * Convert the values in the security context
1836 * context is valid under the new policy.
1839 struct context *c,
1843 struct context oldc;
1859 struct context ctx;
1882 printk(KERN_ERR "SELinux: Unable to map context %s, rc = %d.\n",
1925 * context for all existing entries in the sidtab.
1931 * ensure that the MLS fields of the context for all
1945 range = &oc->context[0].range;
1951 /* Check the validity of the new context. */
2183 &c->context[0],
2220 &c->context[0],
2225 &c->context[1],
2310 &c->context[0],
2347 struct context *fromcon, usercon;
2493 rc = sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]);
2550 rc = sidtab_context_to_sid(&sidtab, &c->context[0],
2727 struct context *context1;
2728 struct context *context2;
2729 struct context newcon;
2767 /* Check the validity of the new context. */
2815 struct context *nlbl_ctx;
2816 struct context *xfrm_ctx;
3002 struct context au_ctxt;
3139 struct context *ctxt;
3274 * Attempt to cache the context in @ctx, which was derived from the packet in
3307 * SID/context then use SECINITSID_NETMSG as the foundation. If possible the
3318 struct context *ctx;
3319 struct context ctx_new;
3388 struct context *ctx;