1*2d543d20SAndroid Build Coastguard Worker /* Author : Stephen Smalley, <[email protected]> */
2*2d543d20SAndroid Build Coastguard Worker
3*2d543d20SAndroid Build Coastguard Worker /* FLASK */
4*2d543d20SAndroid Build Coastguard Worker
5*2d543d20SAndroid Build Coastguard Worker /*
6*2d543d20SAndroid Build Coastguard Worker * A security context is a set of security attributes
7*2d543d20SAndroid Build Coastguard Worker * associated with each subject and object controlled
8*2d543d20SAndroid Build Coastguard Worker * by the security policy. Security contexts are
9*2d543d20SAndroid Build Coastguard Worker * externally represented as variable-length strings
10*2d543d20SAndroid Build Coastguard Worker * that can be interpreted by a user or application
11*2d543d20SAndroid Build Coastguard Worker * with an understanding of the security policy.
12*2d543d20SAndroid Build Coastguard Worker * Internally, the security server uses a simple
13*2d543d20SAndroid Build Coastguard Worker * structure. This structure is private to the
14*2d543d20SAndroid Build Coastguard Worker * security server and can be changed without affecting
15*2d543d20SAndroid Build Coastguard Worker * clients of the security server.
16*2d543d20SAndroid Build Coastguard Worker */
17*2d543d20SAndroid Build Coastguard Worker
18*2d543d20SAndroid Build Coastguard Worker #ifndef _SEPOL_POLICYDB_CONTEXT_H_
19*2d543d20SAndroid Build Coastguard Worker #define _SEPOL_POLICYDB_CONTEXT_H_
20*2d543d20SAndroid Build Coastguard Worker
21*2d543d20SAndroid Build Coastguard Worker #include <stddef.h>
22*2d543d20SAndroid Build Coastguard Worker #include <sepol/policydb/ebitmap.h>
23*2d543d20SAndroid Build Coastguard Worker #include <sepol/policydb/mls_types.h>
24*2d543d20SAndroid Build Coastguard Worker
25*2d543d20SAndroid Build Coastguard Worker #ifdef __cplusplus
26*2d543d20SAndroid Build Coastguard Worker extern "C" {
27*2d543d20SAndroid Build Coastguard Worker #endif
28*2d543d20SAndroid Build Coastguard Worker
29*2d543d20SAndroid Build Coastguard Worker /*
30*2d543d20SAndroid Build Coastguard Worker * A security context consists of an authenticated user
31*2d543d20SAndroid Build Coastguard Worker * identity, a role, a type and a MLS range.
32*2d543d20SAndroid Build Coastguard Worker */
33*2d543d20SAndroid Build Coastguard Worker typedef struct context_struct {
34*2d543d20SAndroid Build Coastguard Worker uint32_t user;
35*2d543d20SAndroid Build Coastguard Worker uint32_t role;
36*2d543d20SAndroid Build Coastguard Worker uint32_t type;
37*2d543d20SAndroid Build Coastguard Worker mls_range_t range;
38*2d543d20SAndroid Build Coastguard Worker } context_struct_t;
39*2d543d20SAndroid Build Coastguard Worker
mls_context_init(context_struct_t * c)40*2d543d20SAndroid Build Coastguard Worker static inline void mls_context_init(context_struct_t * c)
41*2d543d20SAndroid Build Coastguard Worker {
42*2d543d20SAndroid Build Coastguard Worker mls_range_init(&c->range);
43*2d543d20SAndroid Build Coastguard Worker }
44*2d543d20SAndroid Build Coastguard Worker
mls_context_cpy(context_struct_t * dst,const context_struct_t * src)45*2d543d20SAndroid Build Coastguard Worker static inline int mls_context_cpy(context_struct_t * dst,
46*2d543d20SAndroid Build Coastguard Worker const context_struct_t * src)
47*2d543d20SAndroid Build Coastguard Worker {
48*2d543d20SAndroid Build Coastguard Worker
49*2d543d20SAndroid Build Coastguard Worker if (mls_range_cpy(&dst->range, &src->range) < 0)
50*2d543d20SAndroid Build Coastguard Worker return -1;
51*2d543d20SAndroid Build Coastguard Worker
52*2d543d20SAndroid Build Coastguard Worker return 0;
53*2d543d20SAndroid Build Coastguard Worker }
54*2d543d20SAndroid Build Coastguard Worker
55*2d543d20SAndroid Build Coastguard Worker /*
56*2d543d20SAndroid Build Coastguard Worker * Sets both levels in the MLS range of 'dst' to the low level of 'src'.
57*2d543d20SAndroid Build Coastguard Worker */
mls_context_cpy_low(context_struct_t * dst,const context_struct_t * src)58*2d543d20SAndroid Build Coastguard Worker static inline int mls_context_cpy_low(context_struct_t *dst, const context_struct_t *src)
59*2d543d20SAndroid Build Coastguard Worker {
60*2d543d20SAndroid Build Coastguard Worker int rc;
61*2d543d20SAndroid Build Coastguard Worker
62*2d543d20SAndroid Build Coastguard Worker dst->range.level[0].sens = src->range.level[0].sens;
63*2d543d20SAndroid Build Coastguard Worker rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
64*2d543d20SAndroid Build Coastguard Worker if (rc)
65*2d543d20SAndroid Build Coastguard Worker goto out;
66*2d543d20SAndroid Build Coastguard Worker
67*2d543d20SAndroid Build Coastguard Worker dst->range.level[1].sens = src->range.level[0].sens;
68*2d543d20SAndroid Build Coastguard Worker rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
69*2d543d20SAndroid Build Coastguard Worker if (rc)
70*2d543d20SAndroid Build Coastguard Worker ebitmap_destroy(&dst->range.level[0].cat);
71*2d543d20SAndroid Build Coastguard Worker out:
72*2d543d20SAndroid Build Coastguard Worker return rc;
73*2d543d20SAndroid Build Coastguard Worker }
74*2d543d20SAndroid Build Coastguard Worker
75*2d543d20SAndroid Build Coastguard Worker /*
76*2d543d20SAndroid Build Coastguard Worker * Sets both levels in the MLS range of 'dst' to the high level of 'src'.
77*2d543d20SAndroid Build Coastguard Worker */
mls_context_cpy_high(context_struct_t * dst,const context_struct_t * src)78*2d543d20SAndroid Build Coastguard Worker static inline int mls_context_cpy_high(context_struct_t *dst, const context_struct_t *src)
79*2d543d20SAndroid Build Coastguard Worker {
80*2d543d20SAndroid Build Coastguard Worker int rc;
81*2d543d20SAndroid Build Coastguard Worker
82*2d543d20SAndroid Build Coastguard Worker dst->range.level[0].sens = src->range.level[1].sens;
83*2d543d20SAndroid Build Coastguard Worker rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[1].cat);
84*2d543d20SAndroid Build Coastguard Worker if (rc)
85*2d543d20SAndroid Build Coastguard Worker goto out;
86*2d543d20SAndroid Build Coastguard Worker
87*2d543d20SAndroid Build Coastguard Worker dst->range.level[1].sens = src->range.level[1].sens;
88*2d543d20SAndroid Build Coastguard Worker rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
89*2d543d20SAndroid Build Coastguard Worker if (rc)
90*2d543d20SAndroid Build Coastguard Worker ebitmap_destroy(&dst->range.level[0].cat);
91*2d543d20SAndroid Build Coastguard Worker out:
92*2d543d20SAndroid Build Coastguard Worker return rc;
93*2d543d20SAndroid Build Coastguard Worker }
94*2d543d20SAndroid Build Coastguard Worker
mls_context_glblub(context_struct_t * dst,const context_struct_t * c1,const context_struct_t * c2)95*2d543d20SAndroid Build Coastguard Worker static inline int mls_context_glblub(context_struct_t *dst, const context_struct_t *c1, const context_struct_t *c2)
96*2d543d20SAndroid Build Coastguard Worker {
97*2d543d20SAndroid Build Coastguard Worker return mls_range_glblub(&dst->range, &c1->range, &c2->range);
98*2d543d20SAndroid Build Coastguard Worker }
99*2d543d20SAndroid Build Coastguard Worker
mls_context_cmp(const context_struct_t * c1,const context_struct_t * c2)100*2d543d20SAndroid Build Coastguard Worker static inline int mls_context_cmp(const context_struct_t * c1, const context_struct_t * c2)
101*2d543d20SAndroid Build Coastguard Worker {
102*2d543d20SAndroid Build Coastguard Worker return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
103*2d543d20SAndroid Build Coastguard Worker mls_level_eq(&c1->range.level[1], &c2->range.level[1]));
104*2d543d20SAndroid Build Coastguard Worker
105*2d543d20SAndroid Build Coastguard Worker }
106*2d543d20SAndroid Build Coastguard Worker
mls_context_destroy(context_struct_t * c)107*2d543d20SAndroid Build Coastguard Worker static inline void mls_context_destroy(context_struct_t * c)
108*2d543d20SAndroid Build Coastguard Worker {
109*2d543d20SAndroid Build Coastguard Worker if (c == NULL)
110*2d543d20SAndroid Build Coastguard Worker return;
111*2d543d20SAndroid Build Coastguard Worker
112*2d543d20SAndroid Build Coastguard Worker mls_range_destroy(&c->range);
113*2d543d20SAndroid Build Coastguard Worker mls_context_init(c);
114*2d543d20SAndroid Build Coastguard Worker }
115*2d543d20SAndroid Build Coastguard Worker
context_init(context_struct_t * c)116*2d543d20SAndroid Build Coastguard Worker static inline void context_init(context_struct_t * c)
117*2d543d20SAndroid Build Coastguard Worker {
118*2d543d20SAndroid Build Coastguard Worker memset(c, 0, sizeof(*c));
119*2d543d20SAndroid Build Coastguard Worker }
120*2d543d20SAndroid Build Coastguard Worker
context_cpy(context_struct_t * dst,const context_struct_t * src)121*2d543d20SAndroid Build Coastguard Worker static inline int context_cpy(context_struct_t * dst, const context_struct_t * src)
122*2d543d20SAndroid Build Coastguard Worker {
123*2d543d20SAndroid Build Coastguard Worker dst->user = src->user;
124*2d543d20SAndroid Build Coastguard Worker dst->role = src->role;
125*2d543d20SAndroid Build Coastguard Worker dst->type = src->type;
126*2d543d20SAndroid Build Coastguard Worker return mls_context_cpy(dst, src);
127*2d543d20SAndroid Build Coastguard Worker }
128*2d543d20SAndroid Build Coastguard Worker
context_destroy(context_struct_t * c)129*2d543d20SAndroid Build Coastguard Worker static inline void context_destroy(context_struct_t * c)
130*2d543d20SAndroid Build Coastguard Worker {
131*2d543d20SAndroid Build Coastguard Worker if (c == NULL)
132*2d543d20SAndroid Build Coastguard Worker return;
133*2d543d20SAndroid Build Coastguard Worker
134*2d543d20SAndroid Build Coastguard Worker c->user = c->role = c->type = 0;
135*2d543d20SAndroid Build Coastguard Worker mls_context_destroy(c);
136*2d543d20SAndroid Build Coastguard Worker }
137*2d543d20SAndroid Build Coastguard Worker
context_cmp(const context_struct_t * c1,const context_struct_t * c2)138*2d543d20SAndroid Build Coastguard Worker static inline int context_cmp(const context_struct_t * c1, const context_struct_t * c2)
139*2d543d20SAndroid Build Coastguard Worker {
140*2d543d20SAndroid Build Coastguard Worker return ((c1->user == c2->user) &&
141*2d543d20SAndroid Build Coastguard Worker (c1->role == c2->role) &&
142*2d543d20SAndroid Build Coastguard Worker (c1->type == c2->type) && mls_context_cmp(c1, c2));
143*2d543d20SAndroid Build Coastguard Worker }
144*2d543d20SAndroid Build Coastguard Worker
145*2d543d20SAndroid Build Coastguard Worker #ifdef __cplusplus
146*2d543d20SAndroid Build Coastguard Worker }
147*2d543d20SAndroid Build Coastguard Worker #endif
148*2d543d20SAndroid Build Coastguard Worker
149*2d543d20SAndroid Build Coastguard Worker #endif
150