| Top | |
|
|
|
GSignondSecurityContextGSignondSecurityContext — security context descriptor used in access control checks |
| GSignondSecurityContext * | gsignond_security_context_new () |
| GSignondSecurityContext * | gsignond_security_context_new_from_values () |
| void | gsignond_security_context_free () |
| GSignondSecurityContext * | gsignond_security_context_copy () |
| void | gsignond_security_context_set_system_context () |
| const gchar * | gsignond_security_context_get_system_context () |
| void | gsignond_security_context_set_application_context () |
| const gchar * | gsignond_security_context_get_application_context () |
| GVariant * | gsignond_security_context_to_variant () |
| GSignondSecurityContext * | gsignond_security_context_from_variant () |
| int | gsignond_security_context_compare () |
| gboolean | gsignond_security_context_match () |
| gboolean | gsignond_security_context_check () |
Security context is a string tuple of system context and application context.
System context can be a binary path, SMACK-label, or MSSF token.
Application context identifies a script or a webpage within an application, and it's used for providing access control to runtime environments (when making an access control decision requires not only a binary identifier, but also information about what the binary is doing).
When an application is trying to access the gSSO service, the system context is determined by a specific GSignondAccessControlManager instance using system services of a specific platform. Application context is set by the application itself. Then both contexts are used by GSignondAccessControlManager to perform an access control check.
GSignondSecurityContext *
gsignond_security_context_new (void);
Allocates a new security context item. System and app context are empty strings.
GSignondSecurityContext * gsignond_security_context_new_from_values (const gchar *system_context,const gchar *application_context);
Allocates and initializes a new security context item.
void
gsignond_security_context_free (GSignondSecurityContext *ctx);
Frees a security context item.
GSignondSecurityContext *
gsignond_security_context_copy (const GSignondSecurityContext *src_ctx);
Copies a security context item.
void gsignond_security_context_set_system_context (GSignondSecurityContext *ctx,const gchar *system_context);
Sets the system context part of the GSignondSecurityContext.
const gchar *
gsignond_security_context_get_system_context
(const GSignondSecurityContext *ctx);
Get the system context partof the GSignondSecurityContext.
void gsignond_security_context_set_application_context (GSignondSecurityContext *ctx,const gchar *application_context);
Sets the application context part of the GSignondSecurityContext.
const gchar *
gsignond_security_context_get_application_context
(const GSignondSecurityContext *ctx);
Get the application context part of the GSignondSecurityContext.
GVariant *
gsignond_security_context_to_variant (const GSignondSecurityContext *ctx);
Build a GVariant of type "(ss)" from a GSignondSecurityContext item.
GSignondSecurityContext *
gsignond_security_context_from_variant
(GVariant *variant);
Builds a GSignondSecurityContext item from a GVariant of type "(ss)".
int gsignond_security_context_compare (const GSignondSecurityContext *ctx1,const GSignondSecurityContext *ctx2);
Compare two GSignondSecurityContext items in a similar way to strcmp().
gboolean gsignond_security_context_match (const GSignondSecurityContext *ctx1,const GSignondSecurityContext *ctx2);
Compare two GSignondSecurityContext items match.
gboolean gsignond_security_context_check (const GSignondSecurityContext *reference,const GSignondSecurityContext *test);
Check if test
is covered by reference
.