aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-11-29 13:18:18 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-03 00:31:36 -0500
commit02752760359db6b00a3ffb1acfc13ef8d9eb1e3f (patch)
tree796cd65fd4cd732b295e61dac194efbf36b78842 /include/net
parentef91fd522ba3c88d9c68261c243567bc4c5a8f55 (diff)
NetLabel: convert to an extensibile/sparse category bitmap
The original NetLabel category bitmap was a straight char bitmap which worked fine for the initial release as it only supported 240 bits due to limitations in the CIPSO restricted bitmap tag (tag type 0x01). This patch converts that straight char bitmap into an extensibile/sparse bitmap in order to lay the foundation for other CIPSO tag types and protocols. This patch also has a nice side effect in that all of the security attributes passed by NetLabel into the LSM are now in a format which is in the host's native byte/bit ordering which makes the LSM specific code much simpler; look at the changes in security/selinux/ss/ebitmap.c as an example. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netlabel.h102
1 files changed, 99 insertions, 3 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index d605d7954013..83da7e1f0d3d 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -111,6 +111,22 @@ struct netlbl_lsm_cache {
111 void (*free) (const void *data); 111 void (*free) (const void *data);
112 void *data; 112 void *data;
113}; 113};
114/* The catmap bitmap field MUST be a power of two in length and large
115 * enough to hold at least 240 bits. Special care (i.e. check the code!)
116 * should be used when changing these values as the LSM implementation
117 * probably has functions which rely on the sizes of these types to speed
118 * processing. */
119#define NETLBL_CATMAP_MAPTYPE u64
120#define NETLBL_CATMAP_MAPCNT 4
121#define NETLBL_CATMAP_MAPSIZE (sizeof(NETLBL_CATMAP_MAPTYPE) * 8)
122#define NETLBL_CATMAP_SIZE (NETLBL_CATMAP_MAPSIZE * \
123 NETLBL_CATMAP_MAPCNT)
124#define NETLBL_CATMAP_BIT (NETLBL_CATMAP_MAPTYPE)0x01
125struct netlbl_lsm_secattr_catmap {
126 u32 startbit;
127 NETLBL_CATMAP_MAPTYPE bitmap[NETLBL_CATMAP_MAPCNT];
128 struct netlbl_lsm_secattr_catmap *next;
129};
114#define NETLBL_SECATTR_NONE 0x00000000 130#define NETLBL_SECATTR_NONE 0x00000000
115#define NETLBL_SECATTR_DOMAIN 0x00000001 131#define NETLBL_SECATTR_DOMAIN 0x00000001
116#define NETLBL_SECATTR_CACHE 0x00000002 132#define NETLBL_SECATTR_CACHE 0x00000002
@@ -122,8 +138,7 @@ struct netlbl_lsm_secattr {
122 char *domain; 138 char *domain;
123 139
124 u32 mls_lvl; 140 u32 mls_lvl;
125 unsigned char *mls_cat; 141 struct netlbl_lsm_secattr_catmap *mls_cat;
126 size_t mls_cat_len;
127 142
128 struct netlbl_lsm_cache *cache; 143 struct netlbl_lsm_cache *cache;
129}; 144};
@@ -171,6 +186,41 @@ static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache)
171} 186}
172 187
173/** 188/**
189 * netlbl_secattr_catmap_alloc - Allocate a LSM secattr catmap
190 * @flags: memory allocation flags
191 *
192 * Description:
193 * Allocate memory for a LSM secattr catmap, returns a pointer on success, NULL
194 * on failure.
195 *
196 */
197static inline struct netlbl_lsm_secattr_catmap *netlbl_secattr_catmap_alloc(
198 gfp_t flags)
199{
200 return kzalloc(sizeof(struct netlbl_lsm_secattr_catmap), flags);
201}
202
203/**
204 * netlbl_secattr_catmap_free - Free a LSM secattr catmap
205 * @catmap: the category bitmap
206 *
207 * Description:
208 * Free a LSM secattr catmap.
209 *
210 */
211static inline void netlbl_secattr_catmap_free(
212 struct netlbl_lsm_secattr_catmap *catmap)
213{
214 struct netlbl_lsm_secattr_catmap *iter;
215
216 do {
217 iter = catmap;
218 catmap = catmap->next;
219 kfree(iter);
220 } while (catmap);
221}
222
223/**
174 * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct 224 * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct
175 * @secattr: the struct to initialize 225 * @secattr: the struct to initialize
176 * 226 *
@@ -200,7 +250,8 @@ static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
200 if (secattr->cache) 250 if (secattr->cache)
201 netlbl_secattr_cache_free(secattr->cache); 251 netlbl_secattr_cache_free(secattr->cache);
202 kfree(secattr->domain); 252 kfree(secattr->domain);
203 kfree(secattr->mls_cat); 253 if (secattr->mls_cat)
254 netlbl_secattr_catmap_free(secattr->mls_cat);
204} 255}
205 256
206/** 257/**
@@ -231,6 +282,51 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)
231 kfree(secattr); 282 kfree(secattr);
232} 283}
233 284
285#ifdef CONFIG_NETLABEL
286int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
287 u32 offset);
288int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
289 u32 offset);
290int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap,
291 u32 bit,
292 gfp_t flags);
293int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
294 u32 start,
295 u32 end,
296 gfp_t flags);
297#else
298static inline int netlbl_secattr_catmap_walk(
299 struct netlbl_lsm_secattr_catmap *catmap,
300 u32 offset)
301{
302 return -ENOENT;
303}
304
305static inline int netlbl_secattr_catmap_walk_rng(
306 struct netlbl_lsm_secattr_catmap *catmap,
307 u32 offset)
308{
309 return -ENOENT;
310}
311
312static inline int netlbl_secattr_catmap_setbit(
313 struct netlbl_lsm_secattr_catmap *catmap,
314 u32 bit,
315 gfp_t flags)
316{
317 return 0;
318}
319
320static inline int netlbl_secattr_catmap_setrng(
321 struct netlbl_lsm_secattr_catmap *catmap,
322 u32 start,
323 u32 end,
324 gfp_t flags)
325{
326 return 0;
327}
328#endif
329
234/* 330/*
235 * LSM protocol operations 331 * LSM protocol operations
236 */ 332 */