GSignondSecurityContext

GSignondSecurityContext — security context descriptor used in access control checks

Functions

Includes

#include <gsignond/gsignond-security-context.h>

Description

Security context is a string tuple of system context and application context.

System context can be a binary path, SMACK-label, or MSSF token.

Application context identifies a script or a webpage within an application, and it's used for providing access control to runtime environments (when making an access control decision requires not only a binary identifier, but also information about what the binary is doing).

When an application is trying to access the gSSO service, the system context is determined by a specific GSignondAccessControlManager instance using system services of a specific platform. Application context is set by the application itself. Then both contexts are used by GSignondAccessControlManager to perform an access control check.

Functions

gsignond_security_context_new ()

GSignondSecurityContext *
gsignond_security_context_new (void);

Allocates a new security context item. System and app context are empty strings.

Returns

allocated GSignondSecurityContext.

[transfer full]


gsignond_security_context_new_from_values ()

GSignondSecurityContext *
gsignond_security_context_new_from_values
                               (const gchar *system_context,
                                const gchar *application_context);

Allocates and initializes a new security context item.

Parameters

system_context

system security context

 

application_context

application security context

 

Returns

allocated GSignondSecurityContext.

[transfer full]


gsignond_security_context_free ()

void
gsignond_security_context_free (GSignondSecurityContext *ctx);

Frees a security context item.

Parameters

ctx

GSignondSecurityContext to be freed.

 

gsignond_security_context_copy ()

GSignondSecurityContext *
gsignond_security_context_copy (const GSignondSecurityContext *src_ctx);

Copies a security context item.

Parameters

src_ctx

source security context to copy.

 

Returns

a copy of the GSignondSecurityContext item.

[transfer full]


gsignond_security_context_set_system_context ()

void
gsignond_security_context_set_system_context
                               (GSignondSecurityContext *ctx,
                                const gchar *system_context);

Sets the system context part of the GSignondSecurityContext.

Parameters

ctx

GSignondSecurityContext item.

 

system_context

system security context.

 

gsignond_security_context_get_system_context ()

const gchar *
gsignond_security_context_get_system_context
                               (const GSignondSecurityContext *ctx);

Get the system context partof the GSignondSecurityContext.

Parameters

ctx

GSignondSecurityContext item.

 

Returns

system context.

[transfer none]


gsignond_security_context_set_application_context ()

void
gsignond_security_context_set_application_context
                               (GSignondSecurityContext *ctx,
                                const gchar *application_context);

Sets the application context part of the GSignondSecurityContext.

Parameters

ctx

GSignondSecurityContext item.

 

application_context

application security context.

 

gsignond_security_context_get_application_context ()

const gchar *
gsignond_security_context_get_application_context
                               (const GSignondSecurityContext *ctx);

Get the application context part of the GSignondSecurityContext.

Parameters

ctx

GSignondSecurityContext item.

 

Returns

application context.

[transfer none]


gsignond_security_context_to_variant ()

GVariant *
gsignond_security_context_to_variant (const GSignondSecurityContext *ctx);

Build a GVariant of type "(ss)" from a GSignondSecurityContext item.

Parameters

ctx

GSignondSecurityContext item.

 

Returns

GVariant construct of a GSignondSecurityContext.

[transfer full]


gsignond_security_context_from_variant ()

GSignondSecurityContext *
gsignond_security_context_from_variant
                               (GVariant *variant);

Builds a GSignondSecurityContext item from a GVariant of type "(ss)".

Parameters

variant

GVariant item with a GSignondSecurityContext construct.

 

Returns

GSignondSecurityContext item.

[transfer full]


gsignond_security_context_compare ()

int
gsignond_security_context_compare (const GSignondSecurityContext *ctx1,
                                   const GSignondSecurityContext *ctx2);

Compare two GSignondSecurityContext items in a similar way to strcmp().

Parameters

ctx1

first item to compare.

 

ctx2

second item to compare.

 

Returns

negative if ctx1 < ctx2, 0 if ctx1 == ctx2 and positive if ctx1 > ctx2.


gsignond_security_context_match ()

gboolean
gsignond_security_context_match (const GSignondSecurityContext *ctx1,
                                 const GSignondSecurityContext *ctx2);

Compare two GSignondSecurityContext items match.

Parameters

ctx1

first item to compare.

 

ctx2

second item to compare.

 

Returns

TRUE if contexts are equal or if either side has a wildcard match for system context, or if system contexts are equal and either side has a wildcard match for the app context, otherwise FALSE. Two NULL contexts match.


gsignond_security_context_check ()

gboolean
gsignond_security_context_check (const GSignondSecurityContext *reference,
                                 const GSignondSecurityContext *test);

Check if test is covered by reference .

Parameters

reference

reference security context item to check against.

 

test

security context item to be checked.

 

Returns

TRUE if contexts are equal or the reference has a wildcard system context, or if system contexts are equal and reference has a wildcard application context, otherwise FALSE. If either or both contexts are NULL, FALSE is returned.