/usr/include/sepol/policydb/context.h is in libsepol1-dev 2.7-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 | /* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* FLASK */
/*
* A security context is a set of security attributes
* associated with each subject and object controlled
* by the security policy. Security contexts are
* externally represented as variable-length strings
* that can be interpreted by a user or application
* with an understanding of the security policy.
* Internally, the security server uses a simple
* structure. This structure is private to the
* security server and can be changed without affecting
* clients of the security server.
*/
#ifndef _SEPOL_POLICYDB_CONTEXT_H_
#define _SEPOL_POLICYDB_CONTEXT_H_
#include <stddef.h>
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/mls_types.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* A security context consists of an authenticated user
* identity, a role, a type and a MLS range.
*/
typedef struct context_struct {
uint32_t user;
uint32_t role;
uint32_t type;
mls_range_t range;
} context_struct_t;
static inline void mls_context_init(context_struct_t * c)
{
mls_range_init(&c->range);
}
static inline int mls_context_cpy(context_struct_t * dst,
context_struct_t * src)
{
if (mls_range_cpy(&dst->range, &src->range) < 0)
return -1;
return 0;
}
/*
* Sets both levels in the MLS range of 'dst' to the low level of 'src'.
*/
static inline int mls_context_cpy_low(context_struct_t *dst, context_struct_t *src)
{
int rc;
dst->range.level[0].sens = src->range.level[0].sens;
rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
if (rc)
goto out;
dst->range.level[1].sens = src->range.level[0].sens;
rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
if (rc)
ebitmap_destroy(&dst->range.level[0].cat);
out:
return rc;
}
/*
* Sets both levels in the MLS range of 'dst' to the high level of 'src'.
*/
static inline int mls_context_cpy_high(context_struct_t *dst, context_struct_t *src)
{
int rc;
dst->range.level[0].sens = src->range.level[1].sens;
rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[1].cat);
if (rc)
goto out;
dst->range.level[1].sens = src->range.level[1].sens;
rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
if (rc)
ebitmap_destroy(&dst->range.level[0].cat);
out:
return rc;
}
static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2)
{
return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
mls_level_eq(&c1->range.level[1], &c2->range.level[1]));
}
static inline void mls_context_destroy(context_struct_t * c)
{
if (c == NULL)
return;
mls_range_destroy(&c->range);
mls_context_init(c);
}
static inline void context_init(context_struct_t * c)
{
memset(c, 0, sizeof(*c));
}
static inline int context_cpy(context_struct_t * dst, context_struct_t * src)
{
dst->user = src->user;
dst->role = src->role;
dst->type = src->type;
return mls_context_cpy(dst, src);
}
static inline void context_destroy(context_struct_t * c)
{
if (c == NULL)
return;
c->user = c->role = c->type = 0;
mls_context_destroy(c);
}
static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
{
return ((c1->user == c2->user) &&
(c1->role == c2->role) &&
(c1->type == c2->type) && mls_context_cmp(c1, c2));
}
#ifdef __cplusplus
}
#endif
#endif
|