aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/netlabel.h
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-10-10 10:16:32 -0400
committerPaul Moore <paul.moore@hp.com>2008-10-10 10:16:32 -0400
commit948bf85c1bc9a84754786a9d5dd99b7ecc46451e (patch)
treea4706be1f4a5a37408774ef3c4cab8cf2e7775b5 /include/net/netlabel.h
parent63c41688743760631188cf0f4ae986a6793ccb0a (diff)
netlabel: Add functionality to set the security attributes of a packet
This patch builds upon the new NetLabel address selector functionality by providing the NetLabel KAPI and CIPSO engine support needed to enable the new packet-based labeling. The only new addition to the NetLabel KAPI at this point is shown below: * int netlbl_skbuff_setattr(skb, family, secattr) ... and is designed to be called from a Netfilter hook after the packet's IP header has been populated such as in the FORWARD or LOCAL_OUT hooks. This patch also provides the necessary SELinux hooks to support this new functionality. Smack support is not currently included due to uncertainty regarding the permissions needed to expand the Smack network access controls. Signed-off-by: Paul Moore <paul.moore@hp.com> Reviewed-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/net/netlabel.h')
-rw-r--r--include/net/netlabel.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 0729f8ce5042..3f67e6d49e40 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -382,6 +382,9 @@ int netlbl_sock_setattr(struct sock *sk,
382 const struct netlbl_lsm_secattr *secattr); 382 const struct netlbl_lsm_secattr *secattr);
383int netlbl_sock_getattr(struct sock *sk, 383int netlbl_sock_getattr(struct sock *sk,
384 struct netlbl_lsm_secattr *secattr); 384 struct netlbl_lsm_secattr *secattr);
385int netlbl_skbuff_setattr(struct sk_buff *skb,
386 u16 family,
387 const struct netlbl_lsm_secattr *secattr);
385int netlbl_skbuff_getattr(const struct sk_buff *skb, 388int netlbl_skbuff_getattr(const struct sk_buff *skb,
386 u16 family, 389 u16 family,
387 struct netlbl_lsm_secattr *secattr); 390 struct netlbl_lsm_secattr *secattr);
@@ -451,6 +454,12 @@ static inline int netlbl_sock_getattr(struct sock *sk,
451{ 454{
452 return -ENOSYS; 455 return -ENOSYS;
453} 456}
457static inline int netlbl_skbuff_setattr(struct sk_buff *skb,
458 u16 family,
459 const struct netlbl_lsm_secattr *secattr)
460{
461 return -ENOSYS;
462}
454static inline int netlbl_skbuff_getattr(const struct sk_buff *skb, 463static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,
455 u16 family, 464 u16 family,
456 struct netlbl_lsm_secattr *secattr) 465 struct netlbl_lsm_secattr *secattr)