2005-04-16 15:20:36 -07:00
/*
* A security context is a set of security attributes
* associated with each subject and object controlled
* by the security policy . Security contexts are
* externally represented as variable - length strings
* that can be interpreted by a user or application
* with an understanding of the security policy .
* Internally , the security server uses a simple
* structure . This structure is private to the
* security server and can be changed without affecting
* clients of the security server .
*
* Author : Stephen Smalley , < sds @ epoch . ncsc . mil >
*/
# ifndef _SS_CONTEXT_H_
# define _SS_CONTEXT_H_
# include "ebitmap.h"
# include "mls_types.h"
# include "security.h"
/*
* A security context consists of an authenticated user
* identity , a role , a type and a MLS range .
*/
struct context {
u32 user ;
u32 role ;
u32 type ;
2009-01-02 17:40:06 -05:00
u32 len ; /* length of string in bytes */
2005-04-16 15:20:36 -07:00
struct mls_range range ;
2008-05-07 13:03:20 -04:00
char * str ; /* string representation if context cannot be mapped. */
2005-04-16 15:20:36 -07:00
} ;
static inline void mls_context_init ( struct context * c )
{
memset ( & c - > range , 0 , sizeof ( c - > range ) ) ;
}
static inline int mls_context_cpy ( struct context * dst , struct context * src )
{
int rc ;
dst - > range . level [ 0 ] . sens = src - > range . level [ 0 ] . sens ;
rc = ebitmap_cpy ( & dst - > range . level [ 0 ] . cat , & src - > range . level [ 0 ] . cat ) ;
if ( rc )
goto out ;
dst - > range . level [ 1 ] . sens = src - > range . level [ 1 ] . sens ;
rc = ebitmap_cpy ( & dst - > range . level [ 1 ] . cat , & src - > range . level [ 1 ] . cat ) ;
if ( rc )
ebitmap_destroy ( & dst - > range . level [ 0 ] . cat ) ;
out :
return rc ;
}
2006-12-12 13:02:41 -06:00
/*
* Sets both levels in the MLS range of ' dst ' to the low level of ' src ' .
*/
static inline int mls_context_cpy_low ( struct context * dst , struct context * src )
{
int rc ;
dst - > range . level [ 0 ] . sens = src - > range . level [ 0 ] . sens ;
rc = ebitmap_cpy ( & dst - > range . level [ 0 ] . cat , & src - > range . level [ 0 ] . cat ) ;
if ( rc )
goto out ;
dst - > range . level [ 1 ] . sens = src - > range . level [ 0 ] . sens ;
rc = ebitmap_cpy ( & dst - > range . level [ 1 ] . cat , & src - > range . level [ 0 ] . cat ) ;
if ( rc )
ebitmap_destroy ( & dst - > range . level [ 0 ] . cat ) ;
out :
return rc ;
}
2012-03-20 14:35:12 -04:00
/*
* Sets both levels in the MLS range of ' dst ' to the high level of ' src ' .
*/
static inline int mls_context_cpy_high ( struct context * dst , struct context * src )
{
int rc ;
dst - > range . level [ 0 ] . sens = src - > range . level [ 1 ] . sens ;
rc = ebitmap_cpy ( & dst - > range . level [ 0 ] . cat , & src - > range . level [ 1 ] . cat ) ;
if ( rc )
goto out ;
dst - > range . level [ 1 ] . sens = src - > range . level [ 1 ] . sens ;
rc = ebitmap_cpy ( & dst - > range . level [ 1 ] . cat , & src - > range . level [ 1 ] . cat ) ;
if ( rc )
ebitmap_destroy ( & dst - > range . level [ 0 ] . cat ) ;
out :
return rc ;
}
2005-04-16 15:20:36 -07:00
static inline int mls_context_cmp ( struct context * c1 , struct context * c2 )
{
return ( ( c1 - > range . level [ 0 ] . sens = = c2 - > range . level [ 0 ] . sens ) & &
2008-04-22 17:46:13 -04:00
ebitmap_cmp ( & c1 - > range . level [ 0 ] . cat , & c2 - > range . level [ 0 ] . cat ) & &
2005-04-16 15:20:36 -07:00
( c1 - > range . level [ 1 ] . sens = = c2 - > range . level [ 1 ] . sens ) & &
2008-04-22 17:46:13 -04:00
ebitmap_cmp ( & c1 - > range . level [ 1 ] . cat , & c2 - > range . level [ 1 ] . cat ) ) ;
2005-04-16 15:20:36 -07:00
}
static inline void mls_context_destroy ( struct context * c )
{
ebitmap_destroy ( & c - > range . level [ 0 ] . cat ) ;
ebitmap_destroy ( & c - > range . level [ 1 ] . cat ) ;
mls_context_init ( c ) ;
}
static inline void context_init ( struct context * c )
{
memset ( c , 0 , sizeof ( * c ) ) ;
}
static inline int context_cpy ( struct context * dst , struct context * src )
{
2008-05-07 13:03:20 -04:00
int rc ;
2005-04-16 15:20:36 -07:00
dst - > user = src - > user ;
dst - > role = src - > role ;
dst - > type = src - > type ;
2008-05-07 13:03:20 -04:00
if ( src - > str ) {
dst - > str = kstrdup ( src - > str , GFP_ATOMIC ) ;
if ( ! dst - > str )
return - ENOMEM ;
dst - > len = src - > len ;
} else {
dst - > str = NULL ;
dst - > len = 0 ;
}
rc = mls_context_cpy ( dst , src ) ;
if ( rc ) {
kfree ( dst - > str ) ;
return rc ;
}
return 0 ;
2005-04-16 15:20:36 -07:00
}
static inline void context_destroy ( struct context * c )
{
c - > user = c - > role = c - > type = 0 ;
2008-05-07 13:03:20 -04:00
kfree ( c - > str ) ;
c - > str = NULL ;
c - > len = 0 ;
2005-04-16 15:20:36 -07:00
mls_context_destroy ( c ) ;
}
static inline int context_cmp ( struct context * c1 , struct context * c2 )
{
2008-05-07 13:03:20 -04:00
if ( c1 - > len & & c2 - > len )
return ( c1 - > len = = c2 - > len & & ! strcmp ( c1 - > str , c2 - > str ) ) ;
if ( c1 - > len | | c2 - > len )
return 0 ;
2005-04-16 15:20:36 -07:00
return ( ( c1 - > user = = c2 - > user ) & &
( c1 - > role = = c2 - > role ) & &
( c1 - > type = = c2 - > type ) & &
mls_context_cmp ( c1 , c2 ) ) ;
}
# endif /* _SS_CONTEXT_H_ */