Geforce File Manager

NAME	SIZE	ACTIONS
📄 avrule_block.h	1,637 B	[ EDIT ] \| [ DEL ]
📄 avtab.h	4,743 B	[ EDIT ] \| [ DEL ]
📄 conditional.h	4,733 B	[ EDIT ] \| [ DEL ]
📄 constraint.h	2,571 B	[ EDIT ] \| [ DEL ]
📄 context.h	3,332 B	[ EDIT ] \| [ DEL ]
📄 ebitmap.h	3,176 B	[ EDIT ] \| [ DEL ]
📄 expand.h	3,656 B	[ EDIT ] \| [ DEL ]
📄 flask.h	4,992 B	[ EDIT ] \| [ DEL ]
📄 flask_types.h	1,779 B	[ EDIT ] \| [ DEL ]
📄 hashtab.h	4,392 B	[ EDIT ] \| [ DEL ]
📄 hierarchy.h	1,818 B	[ EDIT ] \| [ DEL ]
📄 link.h	517 B	[ EDIT ] \| [ DEL ]
📄 mls_types.h	4,376 B	[ EDIT ] \| [ DEL ]
📄 module.h	1,532 B	[ EDIT ] \| [ DEL ]
📄 polcaps.h	721 B	[ EDIT ] \| [ DEL ]
📄 policydb.h	25,976 B	[ EDIT ] \| [ DEL ]
📄 services.h	8,583 B	[ EDIT ] \| [ DEL ]
📄 sidtab.h	1,976 B	[ EDIT ] \| [ DEL ]
📄 symtab.h	1,102 B	[ EDIT ] \| [ DEL ]
📄 util.h	1,461 B	[ EDIT ] \| [ DEL ]

[ CLOSE ]

EDIT: context.h

/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */

/* FLASK */

/*
 * A security context is a set of security attributes
 * associated with each subject and object controlled
 * by the security policy.  Security contexts are
 * externally represented as variable-length strings
 * that can be interpreted by a user or application
 * with an understanding of the security policy. 
 * Internally, the security server uses a simple
 * structure.  This structure is private to the
 * security server and can be changed without affecting
 * clients of the security server.
 */

#ifndef _SEPOL_POLICYDB_CONTEXT_H_
#define _SEPOL_POLICYDB_CONTEXT_H_

#include <stddef.h>
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/mls_types.h>

#ifdef __cplusplus
extern "C" {
#endif

/*
 * A security context consists of an authenticated user
 * identity, a role, a type and a MLS range.
 */
typedef struct context_struct {
	uint32_t user;
	uint32_t role;
	uint32_t type;
	mls_range_t range;
} context_struct_t;

static inline void mls_context_init(context_struct_t * c)
{
	mls_range_init(&c->range);
}

static inline int mls_context_cpy(context_struct_t * dst,
				  context_struct_t * src)
{

if (mls_range_cpy(&dst->range, &src->range) < 0)
		return -1;

return 0;
}

/*
 * Sets both levels in the MLS range of 'dst' to the low level of 'src'.
 */
static inline int mls_context_cpy_low(context_struct_t *dst, context_struct_t *src)
{
	int rc;

dst->range.level[0].sens = src->range.level[0].sens;
	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
	if (rc)
		goto out;

dst->range.level[1].sens = src->range.level[0].sens;
	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
	if (rc)
		ebitmap_destroy(&dst->range.level[0].cat);
out:
	return rc;
}

/*
 * Sets both levels in the MLS range of 'dst' to the high level of 'src'.
 */
static inline int mls_context_cpy_high(context_struct_t *dst, context_struct_t *src)
{
	int rc;

dst->range.level[0].sens = src->range.level[1].sens;
	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[1].cat);
	if (rc)
		goto out;

dst->range.level[1].sens = src->range.level[1].sens;
	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
	if (rc)
		ebitmap_destroy(&dst->range.level[0].cat);
out:
	return rc;
}

static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2)
{
	return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
		mls_level_eq(&c1->range.level[1], &c2->range.level[1]));

}

static inline void mls_context_destroy(context_struct_t * c)
{
	if (c == NULL)
		return;

mls_range_destroy(&c->range);
	mls_context_init(c);
}

static inline void context_init(context_struct_t * c)
{
	memset(c, 0, sizeof(*c));
}

static inline int context_cpy(context_struct_t * dst, context_struct_t * src)
{
	dst->user = src->user;
	dst->role = src->role;
	dst->type = src->type;
	return mls_context_cpy(dst, src);
}

static inline void context_destroy(context_struct_t * c)
{
	if (c == NULL)
		return;

c->user = c->role = c->type = 0;
	mls_context_destroy(c);
}

static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
{
	return ((c1->user == c2->user) &&
		(c1->role == c2->role) &&
		(c1->type == c2->type) && mls_context_cmp(c1, c2));
}

#ifdef __cplusplus
}
#endif

#endif