1
/*
2
 * A security context is a set of security attributes
3
 * associated with each subject and object controlled
4
 * by the security policy.  Security contexts are
5
  * externally represented as variable-length strings
6
 * that can be interpreted by a user or application
7
 * with an understanding of the security policy.
8
 * Internally, the security server uses a simple
9
 * structure.  This structure is private to the
10
 * security server and can be changed without affecting
11
 * clients of the security server.
12
 *
13
 * Author : Stephen Smalley, <[email protected]>
14
 */
15
#ifndef _SS_CONTEXT_H_
16
#define _SS_CONTEXT_H_
17

18
#include "ebitmap.h"
19
#include "mls_types.h"
20
#include "security.h"
21

22
/*
23
 * A security context consists of an authenticated user
24
 * identity, a role, a type and a MLS range.
25
 */
26
struct context {
27
	u32 user;
28
	u32 role;
29
	u32 type;
30
	u32 len;        /* length of string in bytes */
31
	struct mls_range range;
32
	char *str;	/* string representation if context cannot be mapped. */
33
};
34

35
static inline void mls_context_init(struct context *c)
36
{
37
	memset(&c->range, 0, sizeof(c->range));
38
}
39

40
static inline int mls_context_cpy(struct context *dst, struct context *src)
41
{
42
	int rc;
43

44
	dst->range.level[0].sens = src->range.level[0].sens;
45
	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
46
	if (rc)
47
		goto out;
48

49
	dst->range.level[1].sens = src->range.level[1].sens;
50
	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
51
	if (rc)
52
		ebitmap_destroy(&dst->range.level[0].cat);
53
out:
54
	return rc;
55
}
56

57
/*
58
 * Sets both levels in the MLS range of 'dst' to the low level of 'src'.
59
 */
60
static inline int mls_context_cpy_low(struct context *dst, struct context *src)
61
{
62
	int rc;
63

64
	dst->range.level[0].sens = src->range.level[0].sens;
65
	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
66
	if (rc)
67
		goto out;
68

69
	dst->range.level[1].sens = src->range.level[0].sens;
70
	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
71
	if (rc)
72
		ebitmap_destroy(&dst->range.level[0].cat);
73
out:
74
	return rc;
75
}
76

77
static inline int mls_context_cmp(struct context *c1, struct context *c2)
78
{
79
	return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
80
		ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) &&
81
		(c1->range.level[1].sens == c2->range.level[1].sens) &&
82
		ebitmap_cmp(&c1->range.level[1].cat, &c2->range.level[1].cat));
83
}
84

85
static inline void mls_context_destroy(struct context *c)
86
{
87
	ebitmap_destroy(&c->range.level[0].cat);
88
	ebitmap_destroy(&c->range.level[1].cat);
89
	mls_context_init(c);
90
}
91

92
static inline void context_init(struct context *c)
93
{
94
	memset(c, 0, sizeof(*c));
95
}
96

97
static inline int context_cpy(struct context *dst, struct context *src)
98
{
99
	int rc;
100

101
	dst->user = src->user;
102
	dst->role = src->role;
103
	dst->type = src->type;
104
	if (src->str) {
105
		dst->str = kstrdup(src->str, GFP_ATOMIC);
106
		if (!dst->str)
107
			return -ENOMEM;
108
		dst->len = src->len;
109
	} else {
110
		dst->str = NULL;
111
		dst->len = 0;
112
	}
113
	rc = mls_context_cpy(dst, src);
114
	if (rc) {
115
		kfree(dst->str);
116
		return rc;
117
	}
118
	return 0;
119
}
120

121
static inline void context_destroy(struct context *c)
122
{
123
	c->user = c->role = c->type = 0;
124
	kfree(c->str);
125
	c->str = NULL;
126
	c->len = 0;
127
	mls_context_destroy(c);
128
}
129

130
static inline int context_cmp(struct context *c1, struct context *c2)
131
{
132
	if (c1->len && c2->len)
133
		return (c1->len == c2->len && !strcmp(c1->str, c2->str));
134
	if (c1->len || c2->len)
135
		return 0;
136
	return ((c1->user == c2->user) &&
137
		(c1->role == c2->role) &&
138
		(c1->type == c2->type) &&
139
		mls_context_cmp(c1, c2));
140
}
141

142
#endif	/* _SS_CONTEXT_H_ */
143

144

145