1 /* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
2 
3 /* FLASK */
4 
5 /*
6  * A security context is a set of security attributes
7  * associated with each subject and object controlled
8  * by the security policy.  Security contexts are
9  * externally represented as variable-length strings
10  * that can be interpreted by a user or application
11  * with an understanding of the security policy.
12  * Internally, the security server uses a simple
13  * structure.  This structure is private to the
14  * security server and can be changed without affecting
15  * clients of the security server.
16  */
17 
18 #ifndef _SEPOL_POLICYDB_CONTEXT_H_
19 #define _SEPOL_POLICYDB_CONTEXT_H_
20 
21 #include <stddef.h>
22 #include <sepol/policydb/ebitmap.h>
23 #include <sepol/policydb/mls_types.h>
24 
25 #ifdef __cplusplus
26 extern "C" {
27 #endif
28 
29 /*
30  * A security context consists of an authenticated user
31  * identity, a role, a type and a MLS range.
32  */
33 typedef struct context_struct {
34 	uint32_t user;
35 	uint32_t role;
36 	uint32_t type;
37 	mls_range_t range;
38 } context_struct_t;
39 
mls_context_init(context_struct_t * c)40 static inline void mls_context_init(context_struct_t * c)
41 {
42 	mls_range_init(&c->range);
43 }
44 
mls_context_cpy(context_struct_t * dst,context_struct_t * src)45 static inline int mls_context_cpy(context_struct_t * dst,
46 				  context_struct_t * src)
47 {
48 
49 	if (mls_range_cpy(&dst->range, &src->range) < 0)
50 		return -1;
51 
52 	return 0;
53 }
54 
55 /*
56  * Sets both levels in the MLS range of 'dst' to the low level of 'src'.
57  */
mls_context_cpy_low(context_struct_t * dst,context_struct_t * src)58 static inline int mls_context_cpy_low(context_struct_t *dst, context_struct_t *src)
59 {
60 	int rc;
61 
62 	dst->range.level[0].sens = src->range.level[0].sens;
63 	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
64 	if (rc)
65 		goto out;
66 
67 	dst->range.level[1].sens = src->range.level[0].sens;
68 	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
69 	if (rc)
70 		ebitmap_destroy(&dst->range.level[0].cat);
71 out:
72 	return rc;
73 }
74 
75 /*
76  * Sets both levels in the MLS range of 'dst' to the high level of 'src'.
77  */
mls_context_cpy_high(context_struct_t * dst,context_struct_t * src)78 static inline int mls_context_cpy_high(context_struct_t *dst, context_struct_t *src)
79 {
80 	int rc;
81 
82 	dst->range.level[0].sens = src->range.level[1].sens;
83 	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[1].cat);
84 	if (rc)
85 		goto out;
86 
87 	dst->range.level[1].sens = src->range.level[1].sens;
88 	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
89 	if (rc)
90 		ebitmap_destroy(&dst->range.level[0].cat);
91 out:
92 	return rc;
93 }
94 
mls_context_cmp(context_struct_t * c1,context_struct_t * c2)95 static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2)
96 {
97 	return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
98 		mls_level_eq(&c1->range.level[1], &c2->range.level[1]));
99 
100 }
101 
mls_context_destroy(context_struct_t * c)102 static inline void mls_context_destroy(context_struct_t * c)
103 {
104 	if (c == NULL)
105 		return;
106 
107 	mls_range_destroy(&c->range);
108 	mls_context_init(c);
109 }
110 
context_init(context_struct_t * c)111 static inline void context_init(context_struct_t * c)
112 {
113 	memset(c, 0, sizeof(*c));
114 }
115 
context_cpy(context_struct_t * dst,context_struct_t * src)116 static inline int context_cpy(context_struct_t * dst, context_struct_t * src)
117 {
118 	dst->user = src->user;
119 	dst->role = src->role;
120 	dst->type = src->type;
121 	return mls_context_cpy(dst, src);
122 }
123 
context_destroy(context_struct_t * c)124 static inline void context_destroy(context_struct_t * c)
125 {
126 	if (c == NULL)
127 		return;
128 
129 	c->user = c->role = c->type = 0;
130 	mls_context_destroy(c);
131 }
132 
context_cmp(context_struct_t * c1,context_struct_t * c2)133 static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
134 {
135 	return ((c1->user == c2->user) &&
136 		(c1->role == c2->role) &&
137 		(c1->type == c2->type) && mls_context_cmp(c1, c2));
138 }
139 
140 #ifdef __cplusplus
141 }
142 #endif
143 
144 #endif
145