[mirror_ubuntu-bionic-kernel.git] / security / selinux / ss / context.h

/* SPDX-License-Identifier: GPL-2.0 */
/*
 * A security context is a set of security attributes
 * associated with each subject and object controlled
 * by the security policy.  Security contexts are
  * externally represented as variable-length strings
 * that can be interpreted by a user or application
 * with an understanding of the security policy.
 * Internally, the security server uses a simple
 * structure.  This structure is private to the
 * security server and can be changed without affecting
 * clients of the security server.
 *
 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
#ifndef _SS_CONTEXT_H_
#define _SS_CONTEXT_H_

#include "ebitmap.h"
#include "mls_types.h"
#include "security.h"

/*
 * A security context consists of an authenticated user
 * identity, a role, a type and a MLS range.
 */
struct context {
	u32 user;
	u32 role;
	u32 type;
	u32 len;        /* length of string in bytes */
	struct mls_range range;
	char *str;	/* string representation if context cannot be mapped. */
};

static inline void mls_context_init(struct context *c)
{
	memset(&c->range, 0, sizeof(c->range));
}

static inline int mls_context_cpy(struct context *dst, struct context *src)
{
	int rc;

	dst->range.level[0].sens = src->range.level[0].sens;
	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
	if (rc)
		goto out;

	dst->range.level[1].sens = src->range.level[1].sens;
	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
	if (rc)
		ebitmap_destroy(&dst->range.level[0].cat);
out:
	return rc;
}

/*
 * Sets both levels in the MLS range of 'dst' to the low level of 'src'.
 */
static inline int mls_context_cpy_low(struct context *dst, struct context *src)
{
	int rc;

	dst->range.level[0].sens = src->range.level[0].sens;
	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
	if (rc)
		goto out;

	dst->range.level[1].sens = src->range.level[0].sens;
	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
	if (rc)
		ebitmap_destroy(&dst->range.level[0].cat);
out:
	return rc;
}

/*
 * Sets both levels in the MLS range of 'dst' to the high level of 'src'.
 */
static inline int mls_context_cpy_high(struct context *dst, struct context *src)
{
	int rc;

	dst->range.level[0].sens = src->range.level[1].sens;
	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[1].cat);
	if (rc)
		goto out;

	dst->range.level[1].sens = src->range.level[1].sens;
	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
	if (rc)
		ebitmap_destroy(&dst->range.level[0].cat);
out:
	return rc;
}

static inline int mls_context_cmp(struct context *c1, struct context *c2)
{
	return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
		ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) &&
		(c1->range.level[1].sens == c2->range.level[1].sens) &&
		ebitmap_cmp(&c1->range.level[1].cat, &c2->range.level[1].cat));
}

static inline void mls_context_destroy(struct context *c)
{
	ebitmap_destroy(&c->range.level[0].cat);
	ebitmap_destroy(&c->range.level[1].cat);
	mls_context_init(c);
}

static inline void context_init(struct context *c)
{
	memset(c, 0, sizeof(*c));
}

static inline int context_cpy(struct context *dst, struct context *src)
{
	int rc;

	dst->user = src->user;
	dst->role = src->role;
	dst->type = src->type;
	if (src->str) {
		dst->str = kstrdup(src->str, GFP_ATOMIC);
		if (!dst->str)
			return -ENOMEM;
		dst->len = src->len;
	} else {
		dst->str = NULL;
		dst->len = 0;
	}
	rc = mls_context_cpy(dst, src);
	if (rc) {
		kfree(dst->str);
		return rc;
	}
	return 0;
}

static inline void context_destroy(struct context *c)
{
	c->user = c->role = c->type = 0;
	kfree(c->str);
	c->str = NULL;
	c->len = 0;
	mls_context_destroy(c);
}

static inline int context_cmp(struct context *c1, struct context *c2)
{
	if (c1->len && c2->len)
		return (c1->len == c2->len && !strcmp(c1->str, c2->str));
	if (c1->len || c2->len)
		return 0;
	return ((c1->user == c2->user) &&
		(c1->role == c2->role) &&
		(c1->type == c2->type) &&
		mls_context_cmp(c1, c2));
}

#endif	/* _SS_CONTEXT_H_ */
Commit	Line	Data
b2441318	1	/* SPDX-License-Identifier: GPL-2.0 */
1da177e4 LT	2	/*
	3	* A security context is a set of security attributes
	4	* associated with each subject and object controlled
	5	* by the security policy. Security contexts are
	6	* externally represented as variable-length strings
	7	* that can be interpreted by a user or application
	8	* with an understanding of the security policy.
	9	* Internally, the security server uses a simple
	10	* structure. This structure is private to the
	11	* security server and can be changed without affecting
	12	* clients of the security server.
	13	*
7efbb60b	14	* Author : Stephen Smalley, <sds@tycho.nsa.gov>
1da177e4 LT	15	*/
	16	#ifndef _SS_CONTEXT_H_
	17	#define _SS_CONTEXT_H_
	18
	19	#include "ebitmap.h"
	20	#include "mls_types.h"
	21	#include "security.h"
	22
	23	/*
	24	* A security context consists of an authenticated user
	25	* identity, a role, a type and a MLS range.
	26	*/
	27	struct context {
	28	u32 user;
	29	u32 role;
	30	u32 type;
76f7ba35	31	u32 len; /* length of string in bytes */
1da177e4	32	struct mls_range range;
12b29f34	33	char str; / string representation if context cannot be mapped. */
1da177e4 LT	34	};
	35
	36	static inline void mls_context_init(struct context *c)
	37	{
	38	memset(&c->range, 0, sizeof(c->range));
	39	}
	40
	41	static inline int mls_context_cpy(struct context dst, struct context src)
	42	{
	43	int rc;
	44
1da177e4 LT	45	dst->range.level[0].sens = src->range.level[0].sens;
	46	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
	47	if (rc)
	48	goto out;
	49
	50	dst->range.level[1].sens = src->range.level[1].sens;
	51	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
	52	if (rc)
	53	ebitmap_destroy(&dst->range.level[0].cat);
	54	out:
	55	return rc;
	56	}
	57
0efc61ea VY	58	/*
	59	* Sets both levels in the MLS range of 'dst' to the low level of 'src'.
	60	*/
	61	static inline int mls_context_cpy_low(struct context dst, struct context src)
	62	{
	63	int rc;
	64
0efc61ea VY	65	dst->range.level[0].sens = src->range.level[0].sens;
	66	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
	67	if (rc)
	68	goto out;
	69
	70	dst->range.level[1].sens = src->range.level[0].sens;
	71	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
	72	if (rc)
	73	ebitmap_destroy(&dst->range.level[0].cat);
	74	out:
	75	return rc;
	76	}
	77
aa893269 EP	78	/*
	79	* Sets both levels in the MLS range of 'dst' to the high level of 'src'.
	80	*/
	81	static inline int mls_context_cpy_high(struct context dst, struct context src)
	82	{
	83	int rc;
	84
	85	dst->range.level[0].sens = src->range.level[1].sens;
	86	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[1].cat);
	87	if (rc)
	88	goto out;
	89
	90	dst->range.level[1].sens = src->range.level[1].sens;
	91	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat);
	92	if (rc)
	93	ebitmap_destroy(&dst->range.level[0].cat);
	94	out:
	95	return rc;
	96	}
	97
1da177e4 LT	98	static inline int mls_context_cmp(struct context c1, struct context c2)
1da177e4 LT	99	{
1da177e4	100	return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
81fa42df	101	ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) &&
1da177e4	102	(c1->range.level[1].sens == c2->range.level[1].sens) &&
81fa42df	103	ebitmap_cmp(&c1->range.level[1].cat, &c2->range.level[1].cat));
1da177e4 LT	104	}
	105
	106	static inline void mls_context_destroy(struct context *c)
	107	{
1da177e4 LT	108	ebitmap_destroy(&c->range.level[0].cat);
	109	ebitmap_destroy(&c->range.level[1].cat);
	110	mls_context_init(c);
	111	}
	112
	113	static inline void context_init(struct context *c)
	114	{
	115	memset(c, 0, sizeof(*c));
	116	}
	117
	118	static inline int context_cpy(struct context dst, struct context src)
	119	{
12b29f34 SS	120	int rc;
12b29f34 SS	121
1da177e4 LT	122	dst->user = src->user;
	123	dst->role = src->role;
	124	dst->type = src->type;
12b29f34 SS	125	if (src->str) {
	126	dst->str = kstrdup(src->str, GFP_ATOMIC);
	127	if (!dst->str)
	128	return -ENOMEM;
	129	dst->len = src->len;
	130	} else {
	131	dst->str = NULL;
	132	dst->len = 0;
	133	}
	134	rc = mls_context_cpy(dst, src);
	135	if (rc) {
	136	kfree(dst->str);
	137	return rc;
	138	}
	139	return 0;
1da177e4 LT	140	}
	141
	142	static inline void context_destroy(struct context *c)
	143	{
	144	c->user = c->role = c->type = 0;
12b29f34 SS	145	kfree(c->str);
	146	c->str = NULL;
	147	c->len = 0;
1da177e4 LT	148	mls_context_destroy(c);
	149	}
	150
	151	static inline int context_cmp(struct context c1, struct context c2)
	152	{
12b29f34 SS	153	if (c1->len && c2->len)
	154	return (c1->len == c2->len && !strcmp(c1->str, c2->str));
	155	if (c1->len \|\| c2->len)
	156	return 0;
1da177e4 LT	157	return ((c1->user == c2->user) &&
	158	(c1->role == c2->role) &&
	159	(c1->type == c2->type) &&
	160	mls_context_cmp(c1, c2));
	161	}
	162
	163	#endif /* _SS_CONTEXT_H_ */
	164