diff options
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 239 |
1 files changed, 203 insertions, 36 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 6bc2aad494f..9f56fb8a4a6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -31,6 +31,8 @@ | |||
31 | #include <linux/msg.h> | 31 | #include <linux/msg.h> |
32 | #include <linux/sched.h> | 32 | #include <linux/sched.h> |
33 | #include <linux/key.h> | 33 | #include <linux/key.h> |
34 | #include <linux/xfrm.h> | ||
35 | #include <net/flow.h> | ||
34 | 36 | ||
35 | struct ctl_table; | 37 | struct ctl_table; |
36 | 38 | ||
@@ -88,6 +90,7 @@ extern int cap_netlink_recv(struct sk_buff *skb, int cap); | |||
88 | struct nfsctl_arg; | 90 | struct nfsctl_arg; |
89 | struct sched_param; | 91 | struct sched_param; |
90 | struct swap_info_struct; | 92 | struct swap_info_struct; |
93 | struct request_sock; | ||
91 | 94 | ||
92 | /* bprm_apply_creds unsafe reasons */ | 95 | /* bprm_apply_creds unsafe reasons */ |
93 | #define LSM_UNSAFE_SHARE 1 | 96 | #define LSM_UNSAFE_SHARE 1 |
@@ -812,9 +815,19 @@ struct swap_info_struct; | |||
812 | * which is used to copy security attributes between local stream sockets. | 815 | * which is used to copy security attributes between local stream sockets. |
813 | * @sk_free_security: | 816 | * @sk_free_security: |
814 | * Deallocate security structure. | 817 | * Deallocate security structure. |
815 | * @sk_getsid: | 818 | * @sk_clone_security: |
816 | * Retrieve the LSM-specific sid for the sock to enable caching of network | 819 | * Clone/copy security structure. |
820 | * @sk_getsecid: | ||
821 | * Retrieve the LSM-specific secid for the sock to enable caching of network | ||
817 | * authorizations. | 822 | * authorizations. |
823 | * @sock_graft: | ||
824 | * Sets the socket's isec sid to the sock's sid. | ||
825 | * @inet_conn_request: | ||
826 | * Sets the openreq's sid to socket's sid with MLS portion taken from peer sid. | ||
827 | * @inet_csk_clone: | ||
828 | * Sets the new child socket's sid to the openreq sid. | ||
829 | * @req_classify_flow: | ||
830 | * Sets the flow's sid to the openreq sid. | ||
818 | * | 831 | * |
819 | * Security hooks for XFRM operations. | 832 | * Security hooks for XFRM operations. |
820 | * | 833 | * |
@@ -823,9 +836,10 @@ struct swap_info_struct; | |||
823 | * used by the XFRM system. | 836 | * used by the XFRM system. |
824 | * @sec_ctx contains the security context information being provided by | 837 | * @sec_ctx contains the security context information being provided by |
825 | * the user-level policy update program (e.g., setkey). | 838 | * the user-level policy update program (e.g., setkey). |
826 | * Allocate a security structure to the xp->security field. | 839 | * @sk refers to the sock from which to derive the security context. |
827 | * The security field is initialized to NULL when the xfrm_policy is | 840 | * Allocate a security structure to the xp->security field; the security |
828 | * allocated. | 841 | * field is initialized to NULL when the xfrm_policy is allocated. Only |
842 | * one of sec_ctx or sock can be specified. | ||
829 | * Return 0 if operation was successful (memory to allocate, legal context) | 843 | * Return 0 if operation was successful (memory to allocate, legal context) |
830 | * @xfrm_policy_clone_security: | 844 | * @xfrm_policy_clone_security: |
831 | * @old contains an existing xfrm_policy in the SPD. | 845 | * @old contains an existing xfrm_policy in the SPD. |
@@ -844,9 +858,14 @@ struct swap_info_struct; | |||
844 | * Database by the XFRM system. | 858 | * Database by the XFRM system. |
845 | * @sec_ctx contains the security context information being provided by | 859 | * @sec_ctx contains the security context information being provided by |
846 | * the user-level SA generation program (e.g., setkey or racoon). | 860 | * the user-level SA generation program (e.g., setkey or racoon). |
847 | * Allocate a security structure to the x->security field. The | 861 | * @polsec contains the security context information associated with a xfrm |
848 | * security field is initialized to NULL when the xfrm_state is | 862 | * policy rule from which to take the base context. polsec must be NULL |
849 | * allocated. | 863 | * when sec_ctx is specified. |
864 | * @secid contains the secid from which to take the mls portion of the context. | ||
865 | * Allocate a security structure to the x->security field; the security | ||
866 | * field is initialized to NULL when the xfrm_state is allocated. Set the | ||
867 | * context to correspond to either sec_ctx or polsec, with the mls portion | ||
868 | * taken from secid in the latter case. | ||
850 | * Return 0 if operation was successful (memory to allocate, legal context). | 869 | * Return 0 if operation was successful (memory to allocate, legal context). |
851 | * @xfrm_state_free_security: | 870 | * @xfrm_state_free_security: |
852 | * @x contains the xfrm_state. | 871 | * @x contains the xfrm_state. |
@@ -857,13 +876,27 @@ struct swap_info_struct; | |||
857 | * @xfrm_policy_lookup: | 876 | * @xfrm_policy_lookup: |
858 | * @xp contains the xfrm_policy for which the access control is being | 877 | * @xp contains the xfrm_policy for which the access control is being |
859 | * checked. | 878 | * checked. |
860 | * @sk_sid contains the sock security label that is used to authorize | 879 | * @fl_secid contains the flow security label that is used to authorize |
861 | * access to the policy xp. | 880 | * access to the policy xp. |
862 | * @dir contains the direction of the flow (input or output). | 881 | * @dir contains the direction of the flow (input or output). |
863 | * Check permission when a sock selects a xfrm_policy for processing | 882 | * Check permission when a flow selects a xfrm_policy for processing |
864 | * XFRMs on a packet. The hook is called when selecting either a | 883 | * XFRMs on a packet. The hook is called when selecting either a |
865 | * per-socket policy or a generic xfrm policy. | 884 | * per-socket policy or a generic xfrm policy. |
866 | * Return 0 if permission is granted. | 885 | * Return 0 if permission is granted. |
886 | * @xfrm_state_pol_flow_match: | ||
887 | * @x contains the state to match. | ||
888 | * @xp contains the policy to check for a match. | ||
889 | * @fl contains the flow to check for a match. | ||
890 | * Return 1 if there is a match. | ||
891 | * @xfrm_flow_state_match: | ||
892 | * @fl contains the flow key to match. | ||
893 | * @xfrm points to the xfrm_state to match. | ||
894 | * Return 1 if there is a match. | ||
895 | * @xfrm_decode_session: | ||
896 | * @skb points to skb to decode. | ||
897 | * @secid points to the flow key secid to set. | ||
898 | * @ckall says if all xfrms used should be checked for same secid. | ||
899 | * Return 0 if ckall is zero or all xfrms used have the same secid. | ||
867 | * | 900 | * |
868 | * Security hooks affecting all Key Management operations | 901 | * Security hooks affecting all Key Management operations |
869 | * | 902 | * |
@@ -1308,8 +1341,8 @@ struct security_operations { | |||
1308 | int (*unix_may_send) (struct socket * sock, struct socket * other); | 1341 | int (*unix_may_send) (struct socket * sock, struct socket * other); |
1309 | 1342 | ||
1310 | int (*socket_create) (int family, int type, int protocol, int kern); | 1343 | int (*socket_create) (int family, int type, int protocol, int kern); |
1311 | void (*socket_post_create) (struct socket * sock, int family, | 1344 | int (*socket_post_create) (struct socket * sock, int family, |
1312 | int type, int protocol, int kern); | 1345 | int type, int protocol, int kern); |
1313 | int (*socket_bind) (struct socket * sock, | 1346 | int (*socket_bind) (struct socket * sock, |
1314 | struct sockaddr * address, int addrlen); | 1347 | struct sockaddr * address, int addrlen); |
1315 | int (*socket_connect) (struct socket * sock, | 1348 | int (*socket_connect) (struct socket * sock, |
@@ -1332,18 +1365,31 @@ struct security_operations { | |||
1332 | int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); | 1365 | int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); |
1333 | int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); | 1366 | int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); |
1334 | void (*sk_free_security) (struct sock *sk); | 1367 | void (*sk_free_security) (struct sock *sk); |
1335 | unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); | 1368 | void (*sk_clone_security) (const struct sock *sk, struct sock *newsk); |
1369 | void (*sk_getsecid) (struct sock *sk, u32 *secid); | ||
1370 | void (*sock_graft)(struct sock* sk, struct socket *parent); | ||
1371 | int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb, | ||
1372 | struct request_sock *req); | ||
1373 | void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req); | ||
1374 | void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl); | ||
1336 | #endif /* CONFIG_SECURITY_NETWORK */ | 1375 | #endif /* CONFIG_SECURITY_NETWORK */ |
1337 | 1376 | ||
1338 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1377 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
1339 | int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); | 1378 | int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, |
1379 | struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk); | ||
1340 | int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); | 1380 | int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); |
1341 | void (*xfrm_policy_free_security) (struct xfrm_policy *xp); | 1381 | void (*xfrm_policy_free_security) (struct xfrm_policy *xp); |
1342 | int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); | 1382 | int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); |
1343 | int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); | 1383 | int (*xfrm_state_alloc_security) (struct xfrm_state *x, |
1384 | struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *polsec, | ||
1385 | u32 secid); | ||
1344 | void (*xfrm_state_free_security) (struct xfrm_state *x); | 1386 | void (*xfrm_state_free_security) (struct xfrm_state *x); |
1345 | int (*xfrm_state_delete_security) (struct xfrm_state *x); | 1387 | int (*xfrm_state_delete_security) (struct xfrm_state *x); |
1346 | int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir); | 1388 | int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir); |
1389 | int (*xfrm_state_pol_flow_match)(struct xfrm_state *x, | ||
1390 | struct xfrm_policy *xp, struct flowi *fl); | ||
1391 | int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm); | ||
1392 | int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall); | ||
1347 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 1393 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
1348 | 1394 | ||
1349 | /* key management security hooks */ | 1395 | /* key management security hooks */ |
@@ -2778,13 +2824,13 @@ static inline int security_socket_create (int family, int type, | |||
2778 | return security_ops->socket_create(family, type, protocol, kern); | 2824 | return security_ops->socket_create(family, type, protocol, kern); |
2779 | } | 2825 | } |
2780 | 2826 | ||
2781 | static inline void security_socket_post_create(struct socket * sock, | 2827 | static inline int security_socket_post_create(struct socket * sock, |
2782 | int family, | 2828 | int family, |
2783 | int type, | 2829 | int type, |
2784 | int protocol, int kern) | 2830 | int protocol, int kern) |
2785 | { | 2831 | { |
2786 | security_ops->socket_post_create(sock, family, type, | 2832 | return security_ops->socket_post_create(sock, family, type, |
2787 | protocol, kern); | 2833 | protocol, kern); |
2788 | } | 2834 | } |
2789 | 2835 | ||
2790 | static inline int security_socket_bind(struct socket * sock, | 2836 | static inline int security_socket_bind(struct socket * sock, |
@@ -2885,9 +2931,36 @@ static inline void security_sk_free(struct sock *sk) | |||
2885 | return security_ops->sk_free_security(sk); | 2931 | return security_ops->sk_free_security(sk); |
2886 | } | 2932 | } |
2887 | 2933 | ||
2888 | static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) | 2934 | static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) |
2935 | { | ||
2936 | return security_ops->sk_clone_security(sk, newsk); | ||
2937 | } | ||
2938 | |||
2939 | static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl) | ||
2889 | { | 2940 | { |
2890 | return security_ops->sk_getsid(sk, fl, dir); | 2941 | security_ops->sk_getsecid(sk, &fl->secid); |
2942 | } | ||
2943 | |||
2944 | static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) | ||
2945 | { | ||
2946 | security_ops->req_classify_flow(req, fl); | ||
2947 | } | ||
2948 | |||
2949 | static inline void security_sock_graft(struct sock* sk, struct socket *parent) | ||
2950 | { | ||
2951 | security_ops->sock_graft(sk, parent); | ||
2952 | } | ||
2953 | |||
2954 | static inline int security_inet_conn_request(struct sock *sk, | ||
2955 | struct sk_buff *skb, struct request_sock *req) | ||
2956 | { | ||
2957 | return security_ops->inet_conn_request(sk, skb, req); | ||
2958 | } | ||
2959 | |||
2960 | static inline void security_inet_csk_clone(struct sock *newsk, | ||
2961 | const struct request_sock *req) | ||
2962 | { | ||
2963 | security_ops->inet_csk_clone(newsk, req); | ||
2891 | } | 2964 | } |
2892 | #else /* CONFIG_SECURITY_NETWORK */ | 2965 | #else /* CONFIG_SECURITY_NETWORK */ |
2893 | static inline int security_unix_stream_connect(struct socket * sock, | 2966 | static inline int security_unix_stream_connect(struct socket * sock, |
@@ -2909,11 +2982,12 @@ static inline int security_socket_create (int family, int type, | |||
2909 | return 0; | 2982 | return 0; |
2910 | } | 2983 | } |
2911 | 2984 | ||
2912 | static inline void security_socket_post_create(struct socket * sock, | 2985 | static inline int security_socket_post_create(struct socket * sock, |
2913 | int family, | 2986 | int family, |
2914 | int type, | 2987 | int type, |
2915 | int protocol, int kern) | 2988 | int protocol, int kern) |
2916 | { | 2989 | { |
2990 | return 0; | ||
2917 | } | 2991 | } |
2918 | 2992 | ||
2919 | static inline int security_socket_bind(struct socket * sock, | 2993 | static inline int security_socket_bind(struct socket * sock, |
@@ -3011,16 +3085,43 @@ static inline void security_sk_free(struct sock *sk) | |||
3011 | { | 3085 | { |
3012 | } | 3086 | } |
3013 | 3087 | ||
3014 | static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) | 3088 | static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) |
3089 | { | ||
3090 | } | ||
3091 | |||
3092 | static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl) | ||
3093 | { | ||
3094 | } | ||
3095 | |||
3096 | static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) | ||
3097 | { | ||
3098 | } | ||
3099 | |||
3100 | static inline void security_sock_graft(struct sock* sk, struct socket *parent) | ||
3101 | { | ||
3102 | } | ||
3103 | |||
3104 | static inline int security_inet_conn_request(struct sock *sk, | ||
3105 | struct sk_buff *skb, struct request_sock *req) | ||
3015 | { | 3106 | { |
3016 | return 0; | 3107 | return 0; |
3017 | } | 3108 | } |
3109 | |||
3110 | static inline void security_inet_csk_clone(struct sock *newsk, | ||
3111 | const struct request_sock *req) | ||
3112 | { | ||
3113 | } | ||
3018 | #endif /* CONFIG_SECURITY_NETWORK */ | 3114 | #endif /* CONFIG_SECURITY_NETWORK */ |
3019 | 3115 | ||
3020 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 3116 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
3021 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) | 3117 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) |
3022 | { | 3118 | { |
3023 | return security_ops->xfrm_policy_alloc_security(xp, sec_ctx); | 3119 | return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL); |
3120 | } | ||
3121 | |||
3122 | static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk) | ||
3123 | { | ||
3124 | return security_ops->xfrm_policy_alloc_security(xp, NULL, sk); | ||
3024 | } | 3125 | } |
3025 | 3126 | ||
3026 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) | 3127 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) |
@@ -3038,9 +3139,18 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) | |||
3038 | return security_ops->xfrm_policy_delete_security(xp); | 3139 | return security_ops->xfrm_policy_delete_security(xp); |
3039 | } | 3140 | } |
3040 | 3141 | ||
3041 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) | 3142 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, |
3143 | struct xfrm_user_sec_ctx *sec_ctx) | ||
3042 | { | 3144 | { |
3043 | return security_ops->xfrm_state_alloc_security(x, sec_ctx); | 3145 | return security_ops->xfrm_state_alloc_security(x, sec_ctx, NULL, 0); |
3146 | } | ||
3147 | |||
3148 | static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, | ||
3149 | struct xfrm_sec_ctx *polsec, u32 secid) | ||
3150 | { | ||
3151 | if (!polsec) | ||
3152 | return 0; | ||
3153 | return security_ops->xfrm_state_alloc_security(x, NULL, polsec, secid); | ||
3044 | } | 3154 | } |
3045 | 3155 | ||
3046 | static inline int security_xfrm_state_delete(struct xfrm_state *x) | 3156 | static inline int security_xfrm_state_delete(struct xfrm_state *x) |
@@ -3053,9 +3163,32 @@ static inline void security_xfrm_state_free(struct xfrm_state *x) | |||
3053 | security_ops->xfrm_state_free_security(x); | 3163 | security_ops->xfrm_state_free_security(x); |
3054 | } | 3164 | } |
3055 | 3165 | ||
3056 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) | 3166 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir) |
3167 | { | ||
3168 | return security_ops->xfrm_policy_lookup(xp, fl_secid, dir); | ||
3169 | } | ||
3170 | |||
3171 | static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, | ||
3172 | struct xfrm_policy *xp, struct flowi *fl) | ||
3057 | { | 3173 | { |
3058 | return security_ops->xfrm_policy_lookup(xp, sk_sid, dir); | 3174 | return security_ops->xfrm_state_pol_flow_match(x, xp, fl); |
3175 | } | ||
3176 | |||
3177 | static inline int security_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm) | ||
3178 | { | ||
3179 | return security_ops->xfrm_flow_state_match(fl, xfrm); | ||
3180 | } | ||
3181 | |||
3182 | static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) | ||
3183 | { | ||
3184 | return security_ops->xfrm_decode_session(skb, secid, 1); | ||
3185 | } | ||
3186 | |||
3187 | static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) | ||
3188 | { | ||
3189 | int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0); | ||
3190 | |||
3191 | BUG_ON(rc); | ||
3059 | } | 3192 | } |
3060 | #else /* CONFIG_SECURITY_NETWORK_XFRM */ | 3193 | #else /* CONFIG_SECURITY_NETWORK_XFRM */ |
3061 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) | 3194 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) |
@@ -3063,6 +3196,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm | |||
3063 | return 0; | 3196 | return 0; |
3064 | } | 3197 | } |
3065 | 3198 | ||
3199 | static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk) | ||
3200 | { | ||
3201 | return 0; | ||
3202 | } | ||
3203 | |||
3066 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) | 3204 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) |
3067 | { | 3205 | { |
3068 | return 0; | 3206 | return 0; |
@@ -3077,7 +3215,14 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) | |||
3077 | return 0; | 3215 | return 0; |
3078 | } | 3216 | } |
3079 | 3217 | ||
3080 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) | 3218 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, |
3219 | struct xfrm_user_sec_ctx *sec_ctx) | ||
3220 | { | ||
3221 | return 0; | ||
3222 | } | ||
3223 | |||
3224 | static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, | ||
3225 | struct xfrm_sec_ctx *polsec, u32 secid) | ||
3081 | { | 3226 | { |
3082 | return 0; | 3227 | return 0; |
3083 | } | 3228 | } |
@@ -3091,10 +3236,32 @@ static inline int security_xfrm_state_delete(struct xfrm_state *x) | |||
3091 | return 0; | 3236 | return 0; |
3092 | } | 3237 | } |
3093 | 3238 | ||
3094 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) | 3239 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir) |
3240 | { | ||
3241 | return 0; | ||
3242 | } | ||
3243 | |||
3244 | static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, | ||
3245 | struct xfrm_policy *xp, struct flowi *fl) | ||
3246 | { | ||
3247 | return 1; | ||
3248 | } | ||
3249 | |||
3250 | static inline int security_xfrm_flow_state_match(struct flowi *fl, | ||
3251 | struct xfrm_state *xfrm) | ||
3252 | { | ||
3253 | return 1; | ||
3254 | } | ||
3255 | |||
3256 | static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) | ||
3095 | { | 3257 | { |
3096 | return 0; | 3258 | return 0; |
3097 | } | 3259 | } |
3260 | |||
3261 | static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) | ||
3262 | { | ||
3263 | } | ||
3264 | |||
3098 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 3265 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
3099 | 3266 | ||
3100 | #ifdef CONFIG_KEYS | 3267 | #ifdef CONFIG_KEYS |