calipso: Allow request sockets to be relabelled by the lsm.

Request sockets need to have a label that takes into account the incoming connection as well as their parent's label. This is used for the outgoing SYN-ACK and for their child full-socket. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Huw Davies <huw@codeweavers.com> 2016-06-27 15:05:29 -0400
committer: Paul Moore <paul@paul-moore.com> 2016-06-27 15:05:29 -0400
commit: e1adea927080821ebfa7505bff752a4015955660 (patch)
tree: adbbbe9962bf497bdf119849a37c8bbcc1eea034 /include/net
parent: 56ac42bc94b18d45b6c484edeac33be86bfb3efa (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 918a6044c89c..a2408c30a7f7 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -229,6 +229,8 @@ struct netlbl_lsm_secattr {
 * @sock_getattr: retrieve the socket's attr
 * @sock_setattr: set the socket's attr
 * @sock_delattr: remove the socket's attr
+ * @req_setattr: set the req socket's attr
+ * @req_delattr: remove the req socket's attr
 *
 * Description:
 * This structure is filled out by the CALIPSO engine and passed
@@ -252,6 +254,10 @@ struct netlbl_calipso_ops {
                            const struct calipso_doi *doi_def,
                            const struct netlbl_lsm_secattr *secattr);
        void (*sock_delattr)(struct sock *sk);
+        int (*req_setattr)(struct request_sock *req,
+                           const struct calipso_doi *doi_def,
+                           const struct netlbl_lsm_secattr *secattr);
+        void (*req_delattr)(struct request_sock *req);
 };
 /*
author	Huw Davies <huw@codeweavers.com>	2016-06-27 15:05:29 -0400
committer	Paul Moore <paul@paul-moore.com>	2016-06-27 15:05:29 -0400
commit	e1adea927080821ebfa7505bff752a4015955660 (patch)
tree	adbbbe9962bf497bdf119849a37c8bbcc1eea034 /include/net
parent	56ac42bc94b18d45b6c484edeac33be86bfb3efa (diff)