aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-02-05 01:29:47 -0500
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2008-02-05 12:44:20 -0500
commiteda61d32e8ad1d9102872f9a0abf3344bf9c5e67 (patch)
treed1c11a47c97b3f29d54021cd4aa9c0b8963ed0c8 /include/net
parent97829955ad291acec1d8b94e9911b3ceb1118bb1 (diff)
NetLabel: introduce a new kernel configuration API for NetLabel
Add a new set of configuration functions to the NetLabel/LSM API so that LSMs can perform their own configuration of the NetLabel subsystem without relying on assistance from userspace. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netlabel.h47
1 files changed, 41 insertions, 6 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index b3213c7c5309..0ca67d73c7ad 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -36,6 +36,8 @@
36#include <net/netlink.h> 36#include <net/netlink.h>
37#include <asm/atomic.h> 37#include <asm/atomic.h>
38 38
39struct cipso_v4_doi;
40
39/* 41/*
40 * NetLabel - A management interface for maintaining network packet label 42 * NetLabel - A management interface for maintaining network packet label
41 * mapping tables for explicit packet labling protocols. 43 * mapping tables for explicit packet labling protocols.
@@ -103,12 +105,6 @@ struct netlbl_audit {
103 uid_t loginuid; 105 uid_t loginuid;
104}; 106};
105 107
106/* Domain mapping definition struct */
107struct netlbl_dom_map;
108
109/* Domain mapping operations */
110int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info);
111
112/* 108/*
113 * LSM security attributes 109 * LSM security attributes
114 */ 110 */
@@ -344,6 +340,19 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)
344 340
345#ifdef CONFIG_NETLABEL 341#ifdef CONFIG_NETLABEL
346/* 342/*
343 * LSM configuration operations
344 */
345int netlbl_cfg_map_del(const char *domain, struct netlbl_audit *audit_info);
346int netlbl_cfg_unlbl_add_map(const char *domain,
347 struct netlbl_audit *audit_info);
348int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
349 struct netlbl_audit *audit_info);
350int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
351 const char *domain,
352 struct netlbl_audit *audit_info);
353int netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info);
354
355/*
347 * LSM security attribute operations 356 * LSM security attribute operations
348 */ 357 */
349int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap, 358int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
@@ -378,6 +387,32 @@ void netlbl_cache_invalidate(void);
378int netlbl_cache_add(const struct sk_buff *skb, 387int netlbl_cache_add(const struct sk_buff *skb,
379 const struct netlbl_lsm_secattr *secattr); 388 const struct netlbl_lsm_secattr *secattr);
380#else 389#else
390static inline int netlbl_cfg_map_del(const char *domain,
391 struct netlbl_audit *audit_info)
392{
393 return -ENOSYS;
394}
395static inline int netlbl_cfg_unlbl_add_map(const char *domain,
396 struct netlbl_audit *audit_info)
397{
398 return -ENOSYS;
399}
400static inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
401 struct netlbl_audit *audit_info)
402{
403 return -ENOSYS;
404}
405static inline int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
406 const char *domain,
407 struct netlbl_audit *audit_info)
408{
409 return -ENOSYS;
410}
411static inline int netlbl_cfg_cipsov4_del(u32 doi,
412 struct netlbl_audit *audit_info)
413{
414 return -ENOSYS;
415}
381static inline int netlbl_secattr_catmap_walk( 416static inline int netlbl_secattr_catmap_walk(
382 struct netlbl_lsm_secattr_catmap *catmap, 417 struct netlbl_lsm_secattr_catmap *catmap,
383 u32 offset) 418 u32 offset)