next up previous contents
Next: load_policy Up: Prototype Implementation Previous: sid_to_context   Contents


The unlocked_security_context_to_sid function panics if it is called before the security server has initialized, unless the context is simply the name of an initial SID. In this case, this function returns the corresponding initial SID. This is not necessary, but it is provided to parallel the unlocked_security_sid_to_context function.

If the security server has initialized, then this function creates a copy of the security context string that it can modify as it parses the string. It then looks up the user name, role name, and type name from the string and sets the values in a security context structure for these fields. This function calls mls.c:mls_context_to_sid to set the MLS fields in the security context structure based on the remainder of the string. Then, it calls policydb_context_isvalid to verify that the context is valid. If the context is valid, the function calls the sidtab_context_to_sid function to obtain a SID that corresponds to the context and returns. Otherwise, it returns an error.