1 files changed, 107 insertions, 0 deletions
diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h
new file mode 100644
index 000000000000..0562bacb7b99
--- /dev/null
+++ b/security/selinux/ss/context.h
@@ -0,0 +1,107 @@
+/*
+ * A security context is a set of security attributes
+ * associated with each subject and object controlled
+ * by the security policy.  Security contexts are
+  * externally represented as variable-length strings
+ * that can be interpreted by a user or application
+ * with an understanding of the security policy.
+ * Internally, the security server uses a simple
+ * structure.  This structure is private to the
+ * security server and can be changed without affecting
+ * clients of the security server.
+ *
+ * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ */
+#ifndef _SS_CONTEXT_H_
+#define _SS_CONTEXT_H_
+#include "ebitmap.h"
+#include "mls_types.h"
+#include "security.h"
+/*
+ * A security context consists of an authenticated user
+ * identity, a role, a type and a MLS range.
+ */
+struct context {
+        u32 user;
+        u32 role;
+        u32 type;
+        struct mls_range range;
+};
+static inline void mls_context_init(struct context *c)
+{
+        memset(&c->range, 0, sizeof(c->range));
+}
+static inline int mls_context_cpy(struct context *dst, struct context *src)
+{
+        int rc;
+        if (!selinux_mls_enabled)
+                return 0;
+        dst->range.level[0].sens = src->range.level[0].sens;
+        rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
+        if (rc)
+                goto out;
+        dst->range.level[1].sens = src->range.level[1].sens;
+        rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
+        if (rc)
+                ebitmap_destroy(&dst->range.level[0].cat);
+out:
+        return rc;
+}
+static inline int mls_context_cmp(struct context *c1, struct context *c2)
+{
+        if (!selinux_mls_enabled)
+                return 1;
+        return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
+                ebitmap_cmp(&c1->range.level[0].cat,&c2->range.level[0].cat) &&
+                (c1->range.level[1].sens == c2->range.level[1].sens) &&
+                ebitmap_cmp(&c1->range.level[1].cat,&c2->range.level[1].cat));
+}
+static inline void mls_context_destroy(struct context *c)
+{
+        if (!selinux_mls_enabled)
+                return;
+        ebitmap_destroy(&c->range.level[0].cat);
+        ebitmap_destroy(&c->range.level[1].cat);
+        mls_context_init(c);
+}
+static inline void context_init(struct context *c)
+{
+        memset(c, 0, sizeof(*c));
+}
+static inline int context_cpy(struct context *dst, struct context *src)
+{
+        dst->user = src->user;
+        dst->role = src->role;
+        dst->type = src->type;
+        return mls_context_cpy(dst, src);
+}
+static inline void context_destroy(struct context *c)
+{
+        c->user = c->role = c->type = 0;
+        mls_context_destroy(c);
+}
+static inline int context_cmp(struct context *c1, struct context *c2)
+{
+        return ((c1->user == c2->user) &&
+                (c1->role == c2->role) &&
+                (c1->type == c2->type) &&
+                mls_context_cmp(c1, c2));
+}
+#endif  /* _SS_CONTEXT_H_ */

diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h new file mode 100644 index 000000000000..0562bacb7b99 --- /dev/null +++ b/security/selinux/ss/context.h
@@ -0,0 +1,107 @@
	1	/*
	2	* A security context is a set of security attributes
	3	* associated with each subject and object controlled
	4	* by the security policy. Security contexts are
	5	* externally represented as variable-length strings
	6	* that can be interpreted by a user or application
	7	* with an understanding of the security policy.
	8	* Internally, the security server uses a simple
	9	* structure. This structure is private to the
	10	* security server and can be changed without affecting
	11	* clients of the security server.
	12	*
	13	* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
	14	*/
	15	#ifndef _SS_CONTEXT_H_
	16	#define _SS_CONTEXT_H_
	17
	18	#include "ebitmap.h"
	19	#include "mls_types.h"
	20	#include "security.h"
	21
	22	/*
	23	* A security context consists of an authenticated user
	24	* identity, a role, a type and a MLS range.
	25	*/
	26	struct context {
	27	u32 user;
	28	u32 role;
	29	u32 type;
	30	struct mls_range range;
	31	};
	32
	33	static inline void mls_context_init(struct context *c)
	34	{
	35	memset(&c->range, 0, sizeof(c->range));
	36	}
	37
	38	static inline int mls_context_cpy(struct context dst, struct context src)
	39	{
	40	int rc;
	41
	42	if (!selinux_mls_enabled)
	43	return 0;
	44
	45	dst->range.level[0].sens = src->range.level[0].sens;
	46	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
	47	if (rc)
	48	goto out;
	49
	50	dst->range.level[1].sens = src->range.level[1].sens;
	51	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
	52	if (rc)
	53	ebitmap_destroy(&dst->range.level[0].cat);
	54	out:
	55	return rc;
	56	}
	57
	58	static inline int mls_context_cmp(struct context c1, struct context c2)
	59	{
	60	if (!selinux_mls_enabled)
	61	return 1;
	62
	63	return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
	64	ebitmap_cmp(&c1->range.level[0].cat,&c2->range.level[0].cat) &&
	65	(c1->range.level[1].sens == c2->range.level[1].sens) &&
	66	ebitmap_cmp(&c1->range.level[1].cat,&c2->range.level[1].cat));
	67	}
	68
	69	static inline void mls_context_destroy(struct context *c)
	70	{
	71	if (!selinux_mls_enabled)
	72	return;
	73
	74	ebitmap_destroy(&c->range.level[0].cat);
	75	ebitmap_destroy(&c->range.level[1].cat);
	76	mls_context_init(c);
	77	}
	78
	79	static inline void context_init(struct context *c)
	80	{
	81	memset(c, 0, sizeof(*c));
	82	}
	83
	84	static inline int context_cpy(struct context dst, struct context src)
	85	{
	86	dst->user = src->user;
	87	dst->role = src->role;
	88	dst->type = src->type;
	89	return mls_context_cpy(dst, src);
	90	}
	91
	92	static inline void context_destroy(struct context *c)
	93	{
	94	c->user = c->role = c->type = 0;
	95	mls_context_destroy(c);
	96	}
	97
	98	static inline int context_cmp(struct context c1, struct context c2)
	99	{
	100	return ((c1->user == c2->user) &&
	101	(c1->role == c2->role) &&
	102	(c1->type == c2->type) &&
	103	mls_context_cmp(c1, c2));
	104	}
	105
	106	#endif /* _SS_CONTEXT_H_ */
	107