2
* A security context is a set of security attributes
3
* associated with each subject and object controlled
4
* by the security policy. Security contexts are
5
* externally represented as variable-length strings
6
* that can be interpreted by a user or application
7
* with an understanding of the security policy.
8
* Internally, the security server uses a simple
9
* structure. This structure is private to the
10
* security server and can be changed without affecting
11
* clients of the security server.
13
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
15
#ifndef _SS_CONTEXT_H_
16
#define _SS_CONTEXT_H_
19
#include "mls_types.h"
23
* A security context consists of an authenticated user
24
* identity, a role, a type and a MLS range.
30
u32 len; /* length of string in bytes */
31
struct mls_range range;
32
char *str; /* string representation if context cannot be mapped. */
35
static inline void mls_context_init(struct context *c)
37
memset(&c->range, 0, sizeof(c->range));
40
static inline int mls_context_cpy(struct context *dst, struct context *src)
44
dst->range.level[0].sens = src->range.level[0].sens;
45
rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
49
dst->range.level[1].sens = src->range.level[1].sens;
50
rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
52
ebitmap_destroy(&dst->range.level[0].cat);
58
* Sets both levels in the MLS range of 'dst' to the low level of 'src'.
60
static inline int mls_context_cpy_low(struct context *dst, struct context *src)
64
dst->range.level[0].sens = src->range.level[0].sens;
65
rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
69
dst->range.level[1].sens = src->range.level[0].sens;
70
rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
72
ebitmap_destroy(&dst->range.level[0].cat);
77
static inline int mls_context_cmp(struct context *c1, struct context *c2)
79
return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
80
ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) &&
81
(c1->range.level[1].sens == c2->range.level[1].sens) &&
82
ebitmap_cmp(&c1->range.level[1].cat, &c2->range.level[1].cat));
85
static inline void mls_context_destroy(struct context *c)
87
ebitmap_destroy(&c->range.level[0].cat);
88
ebitmap_destroy(&c->range.level[1].cat);
92
static inline void context_init(struct context *c)
94
memset(c, 0, sizeof(*c));
97
static inline int context_cpy(struct context *dst, struct context *src)
101
dst->user = src->user;
102
dst->role = src->role;
103
dst->type = src->type;
105
dst->str = kstrdup(src->str, GFP_ATOMIC);
113
rc = mls_context_cpy(dst, src);
121
static inline void context_destroy(struct context *c)
123
c->user = c->role = c->type = 0;
127
mls_context_destroy(c);
130
static inline int context_cmp(struct context *c1, struct context *c2)
132
if (c1->len && c2->len)
133
return (c1->len == c2->len && !strcmp(c1->str, c2->str));
134
if (c1->len || c2->len)
136
return ((c1->user == c2->user) &&
137
(c1->role == c2->role) &&
138
(c1->type == c2->type) &&
139
mls_context_cmp(c1, c2));
142
#endif /* _SS_CONTEXT_H_ */