aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-10-10 10:16:34 -0400
committerPaul Moore <paul.moore@hp.com>2008-10-10 10:16:34 -0400
commitd91d40799165b0c84c97e7c71fb8039494ff07dc (patch)
tree5394e5d167ec1074f5f52da02e5406f5e183c080
parent15c45f7b2e81655f6eb500ec949c8bd70a04325a (diff)
netlabel: Add configuration support for local labeling
Add the necessary NetLabel support for the new CIPSO mapping, CIPSO_V4_MAP_LOCAL, which allows full LSM label/context support. Signed-off-by: Paul Moore <paul.moore@hp.com> Reviewed-by: James Morris <jmorris@namei.org>
-rw-r--r--include/net/netlabel.h3
-rw-r--r--net/netlabel/netlabel_cipso_v4.c41
-rw-r--r--net/netlabel/netlabel_cipso_v4.h6
-rw-r--r--net/netlabel/netlabel_kapi.c3
4 files changed, 50 insertions, 3 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index d56517ac3bae..17c442a4514e 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -72,7 +72,8 @@ struct cipso_v4_doi;
72/* NetLabel NETLINK protocol version 72/* NetLabel NETLINK protocol version
73 * 1: initial version 73 * 1: initial version
74 * 2: added static labels for unlabeled connections 74 * 2: added static labels for unlabeled connections
75 * 3: network selectors added to the NetLabel/LSM domain mapping 75 * 3: network selectors added to the NetLabel/LSM domain mapping and the
76 * CIPSO_V4_MAP_LOCAL CIPSO mapping was added
76 */ 77 */
77#define NETLBL_PROTO_VERSION 3 78#define NETLBL_PROTO_VERSION 3
78 79
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index db83a67cbc75..fff32b70efa9 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -365,6 +365,43 @@ add_pass_failure:
365} 365}
366 366
367/** 367/**
368 * netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition
369 * @info: the Generic NETLINK info block
370 *
371 * Description:
372 * Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD
373 * message and add it to the CIPSO V4 engine. Return zero on success and
374 * non-zero on error.
375 *
376 */
377static int netlbl_cipsov4_add_local(struct genl_info *info)
378{
379 int ret_val;
380 struct cipso_v4_doi *doi_def = NULL;
381
382 if (!info->attrs[NLBL_CIPSOV4_A_TAGLST])
383 return -EINVAL;
384
385 doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
386 if (doi_def == NULL)
387 return -ENOMEM;
388 doi_def->type = CIPSO_V4_MAP_LOCAL;
389
390 ret_val = netlbl_cipsov4_add_common(info, doi_def);
391 if (ret_val != 0)
392 goto add_local_failure;
393
394 ret_val = cipso_v4_doi_add(doi_def);
395 if (ret_val != 0)
396 goto add_local_failure;
397 return 0;
398
399add_local_failure:
400 cipso_v4_doi_free(doi_def);
401 return ret_val;
402}
403
404/**
368 * netlbl_cipsov4_add - Handle an ADD message 405 * netlbl_cipsov4_add - Handle an ADD message
369 * @skb: the NETLINK buffer 406 * @skb: the NETLINK buffer
370 * @info: the Generic NETLINK info block 407 * @info: the Generic NETLINK info block
@@ -401,6 +438,10 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
401 type_str = "pass"; 438 type_str = "pass";
402 ret_val = netlbl_cipsov4_add_pass(info); 439 ret_val = netlbl_cipsov4_add_pass(info);
403 break; 440 break;
441 case CIPSO_V4_MAP_LOCAL:
442 type_str = "local";
443 ret_val = netlbl_cipsov4_add_local(info);
444 break;
404 } 445 }
405 if (ret_val == 0) 446 if (ret_val == 0)
406 atomic_inc(&netlabel_mgmt_protocount); 447 atomic_inc(&netlabel_mgmt_protocount);
diff --git a/net/netlabel/netlabel_cipso_v4.h b/net/netlabel/netlabel_cipso_v4.h
index fb3957f1d69a..c8a4079261f0 100644
--- a/net/netlabel/netlabel_cipso_v4.h
+++ b/net/netlabel/netlabel_cipso_v4.h
@@ -50,7 +50,8 @@
50 * NLBL_CIPSOV4_A_MLSLVLLST 50 * NLBL_CIPSOV4_A_MLSLVLLST
51 * NLBL_CIPSOV4_A_MLSCATLST 51 * NLBL_CIPSOV4_A_MLSCATLST
52 * 52 *
53 * If using CIPSO_V4_MAP_PASS no additional attributes are required. 53 * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
54 * are required.
54 * 55 *
55 * o REMOVE: 56 * o REMOVE:
56 * Sent by an application to remove a specific DOI mapping table from the 57 * Sent by an application to remove a specific DOI mapping table from the
@@ -81,7 +82,8 @@
81 * NLBL_CIPSOV4_A_MLSLVLLST 82 * NLBL_CIPSOV4_A_MLSLVLLST
82 * NLBL_CIPSOV4_A_MLSCATLST 83 * NLBL_CIPSOV4_A_MLSCATLST
83 * 84 *
84 * If using CIPSO_V4_MAP_PASS no additional attributes are required. 85 * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
86 * are required.
85 * 87 *
86 * o LISTALL: 88 * o LISTALL:
87 * This message is sent by an application to list the valid DOIs on the 89 * This message is sent by an application to list the valid DOIs on the
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 8435b15c3f7d..b32eceb3ab0d 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -163,6 +163,9 @@ cfg_cipsov4_add_map_return:
163 case CIPSO_V4_MAP_PASS: 163 case CIPSO_V4_MAP_PASS:
164 type_str = "pass"; 164 type_str = "pass";
165 break; 165 break;
166 case CIPSO_V4_MAP_LOCAL:
167 type_str = "local";
168 break;
166 default: 169 default:
167 type_str = "(unknown)"; 170 type_str = "(unknown)";
168 } 171 }