Top |
GSignondSecurityContextGSignondSecurityContext — security context descriptor used in access control checks |
GSignondSecurityContext * | gsignond_security_context_new () |
GSignondSecurityContext * | gsignond_security_context_new_from_values () |
void | gsignond_security_context_free () |
GSignondSecurityContext * | gsignond_security_context_copy () |
void | gsignond_security_context_set_system_context () |
const gchar * | gsignond_security_context_get_system_context () |
void | gsignond_security_context_set_application_context () |
const gchar * | gsignond_security_context_get_application_context () |
GVariant * | gsignond_security_context_to_variant () |
GSignondSecurityContext * | gsignond_security_context_from_variant () |
int | gsignond_security_context_compare () |
gboolean | gsignond_security_context_match () |
gboolean | gsignond_security_context_check () |
Security context is a string tuple of system context and application context.
System context can be a binary path, SMACK-label, or MSSF token.
Application context identifies a script or a webpage within an application, and it's used for providing access control to runtime environments (when making an access control decision requires not only a binary identifier, but also information about what the binary is doing).
When an application is trying to access the gSSO service, the system context is determined by a specific GSignondAccessControlManager instance using system services of a specific platform. Application context is set by the application itself. Then both contexts are used by GSignondAccessControlManager to perform an access control check.
GSignondSecurityContext *
gsignond_security_context_new (void
);
Allocates a new security context item. System and app context are empty strings.
GSignondSecurityContext * gsignond_security_context_new_from_values (const gchar *system_context
,const gchar *application_context
);
Allocates and initializes a new security context item.
void
gsignond_security_context_free (GSignondSecurityContext *ctx
);
Frees a security context item.
GSignondSecurityContext *
gsignond_security_context_copy (const GSignondSecurityContext *src_ctx
);
Copies a security context item.
void gsignond_security_context_set_system_context (GSignondSecurityContext *ctx
,const gchar *system_context
);
Sets the system context part of the GSignondSecurityContext.
const gchar *
gsignond_security_context_get_system_context
(const GSignondSecurityContext *ctx
);
Get the system context partof the GSignondSecurityContext.
void gsignond_security_context_set_application_context (GSignondSecurityContext *ctx
,const gchar *application_context
);
Sets the application context part of the GSignondSecurityContext.
const gchar *
gsignond_security_context_get_application_context
(const GSignondSecurityContext *ctx
);
Get the application context part of the GSignondSecurityContext.
GVariant *
gsignond_security_context_to_variant (const GSignondSecurityContext *ctx
);
Build a GVariant of type "(ss)" from a GSignondSecurityContext item.
GSignondSecurityContext *
gsignond_security_context_from_variant
(GVariant *variant
);
Builds a GSignondSecurityContext item from a GVariant of type "(ss)".
int gsignond_security_context_compare (const GSignondSecurityContext *ctx1
,const GSignondSecurityContext *ctx2
);
Compare two GSignondSecurityContext items in a similar way to strcmp()
.
gboolean gsignond_security_context_match (const GSignondSecurityContext *ctx1
,const GSignondSecurityContext *ctx2
);
Compare two GSignondSecurityContext items match.
gboolean gsignond_security_context_check (const GSignondSecurityContext *reference
,const GSignondSecurityContext *test
);
Check if test
is covered by reference
.