[MLSXFRM]: Default labeling of socket specific IPSec policies

This defaults the label of socket-specific IPSec policies to be the same as the socket they are set on. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Venkat Yekkirala <vyekkirala@TrustedCS.com> 2006-07-25 02:32:20 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 17:53:28 -0400
commit: cb969f072b6d67770b559617f14e767f47e77ece (patch)
tree: 4112eb0182e8b3e28b42aebaa40ca25454fc6b76 /include/linux
parent: beb8d13bed80f8388f1a9a107d07ddd342e627e8 (diff)
1 files changed, 16 insertions, 3 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index f3909d189fe0..8e3dc6c51a6d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -827,8 +827,10 @@ struct swap_info_struct;
 *      used by the XFRM system.
 *      @sec_ctx contains the security context information being provided by
 *      the user-level policy update program (e.g., setkey).
+ *      @sk refers to the sock from which to derive the security context.
 *      Allocate a security structure to the xp->security field; the security
- *      field is initialized to NULL when the xfrm_policy is allocated.
+ *      field is initialized to NULL when the xfrm_policy is allocated. Only
+ *      one of sec_ctx or sock can be specified.
 *      Return 0 if operation was successful (memory to allocate, legal context)
 * @xfrm_policy_clone_security:
 *      @old contains an existing xfrm_policy in the SPD.
@@ -1359,7 +1361,8 @@ struct security_operations {
 #endif  /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
-        int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx);
+        int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp,
+                        struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk);
        int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
        void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
        int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
@@ -3057,7 +3060,12 @@ static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
 {
-        return security_ops->xfrm_policy_alloc_security(xp, sec_ctx);
+        return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL);
+}
+static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
+{
+        return security_ops->xfrm_policy_alloc_security(xp, NULL, sk);
 }
 static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
@@ -3132,6 +3140,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm
        return 0;
 }
+static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
+{
+        return 0;
+}
 static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
 {
        return 0;
author	Venkat Yekkirala <vyekkirala@TrustedCS.com>	2006-07-25 02:32:20 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 17:53:28 -0400
commit	cb969f072b6d67770b559617f14e767f47e77ece (patch)
tree	4112eb0182e8b3e28b42aebaa40ca25454fc6b76 /include/linux
parent	beb8d13bed80f8388f1a9a107d07ddd342e627e8 (diff)