diff options
author | Paul Moore <paul.moore@hp.com> | 2008-12-31 12:54:11 -0500 |
---|---|---|
committer | Paul Moore <paul.moore@hp.com> | 2008-12-31 12:54:11 -0500 |
commit | 6c2e8ac0953fccdd24dc6c4b9e08e8f1cd68cf07 (patch) | |
tree | c52e242ec5e5c2d131af2d9dbb038f78f724a74c /include/net | |
parent | 6a94cb73064c952255336cc57731904174b2c58f (diff) |
netlabel: Update kernel configuration API
Update the NetLabel kernel API to expose the new features added in kernel
releases 2.6.25 and 2.6.28: the static/fallback label functionality and network
address based selectors.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/cipso_ipv4.h | 6 | ||||
-rw-r--r-- | include/net/netlabel.h | 86 |
2 files changed, 84 insertions, 8 deletions
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h index 9909774eb998..bedc7f62e35d 100644 --- a/include/net/cipso_ipv4.h +++ b/include/net/cipso_ipv4.h | |||
@@ -131,7 +131,8 @@ extern int cipso_v4_rbm_strictvalid; | |||
131 | */ | 131 | */ |
132 | 132 | ||
133 | #ifdef CONFIG_NETLABEL | 133 | #ifdef CONFIG_NETLABEL |
134 | int cipso_v4_doi_add(struct cipso_v4_doi *doi_def); | 134 | int cipso_v4_doi_add(struct cipso_v4_doi *doi_def, |
135 | struct netlbl_audit *audit_info); | ||
135 | void cipso_v4_doi_free(struct cipso_v4_doi *doi_def); | 136 | void cipso_v4_doi_free(struct cipso_v4_doi *doi_def); |
136 | int cipso_v4_doi_remove(u32 doi, struct netlbl_audit *audit_info); | 137 | int cipso_v4_doi_remove(u32 doi, struct netlbl_audit *audit_info); |
137 | struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi); | 138 | struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi); |
@@ -140,7 +141,8 @@ int cipso_v4_doi_walk(u32 *skip_cnt, | |||
140 | int (*callback) (struct cipso_v4_doi *doi_def, void *arg), | 141 | int (*callback) (struct cipso_v4_doi *doi_def, void *arg), |
141 | void *cb_arg); | 142 | void *cb_arg); |
142 | #else | 143 | #else |
143 | static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def) | 144 | static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def, |
145 | struct netlbl_audit *audit_info) | ||
144 | { | 146 | { |
145 | return -ENOSYS; | 147 | return -ENOSYS; |
146 | } | 148 | } |
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 17c442a4514e..749011eedc0b 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h | |||
@@ -33,6 +33,8 @@ | |||
33 | #include <linux/types.h> | 33 | #include <linux/types.h> |
34 | #include <linux/net.h> | 34 | #include <linux/net.h> |
35 | #include <linux/skbuff.h> | 35 | #include <linux/skbuff.h> |
36 | #include <linux/in.h> | ||
37 | #include <linux/in6.h> | ||
36 | #include <net/netlink.h> | 38 | #include <net/netlink.h> |
37 | #include <asm/atomic.h> | 39 | #include <asm/atomic.h> |
38 | 40 | ||
@@ -353,13 +355,37 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr) | |||
353 | /* | 355 | /* |
354 | * LSM configuration operations | 356 | * LSM configuration operations |
355 | */ | 357 | */ |
356 | int netlbl_cfg_map_del(const char *domain, struct netlbl_audit *audit_info); | 358 | int netlbl_cfg_map_del(const char *domain, |
357 | int netlbl_cfg_unlbl_add_map(const char *domain, | 359 | u16 family, |
360 | const void *addr, | ||
361 | const void *mask, | ||
362 | struct netlbl_audit *audit_info); | ||
363 | int netlbl_cfg_unlbl_map_add(const char *domain, | ||
364 | u16 family, | ||
365 | const void *addr, | ||
366 | const void *mask, | ||
358 | struct netlbl_audit *audit_info); | 367 | struct netlbl_audit *audit_info); |
359 | int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, | 368 | int netlbl_cfg_unlbl_static_add(struct net *net, |
369 | const char *dev_name, | ||
370 | const void *addr, | ||
371 | const void *mask, | ||
372 | u16 family, | ||
373 | u32 secid, | ||
374 | struct netlbl_audit *audit_info); | ||
375 | int netlbl_cfg_unlbl_static_del(struct net *net, | ||
376 | const char *dev_name, | ||
377 | const void *addr, | ||
378 | const void *mask, | ||
379 | u16 family, | ||
380 | struct netlbl_audit *audit_info); | ||
381 | int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def, | ||
382 | struct netlbl_audit *audit_info); | ||
383 | void netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info); | ||
384 | int netlbl_cfg_cipsov4_map_add(u32 doi, | ||
360 | const char *domain, | 385 | const char *domain, |
386 | const struct in_addr *addr, | ||
387 | const struct in_addr *mask, | ||
361 | struct netlbl_audit *audit_info); | 388 | struct netlbl_audit *audit_info); |
362 | |||
363 | /* | 389 | /* |
364 | * LSM security attribute operations | 390 | * LSM security attribute operations |
365 | */ | 391 | */ |
@@ -401,19 +427,62 @@ void netlbl_skbuff_err(struct sk_buff *skb, int error, int gateway); | |||
401 | void netlbl_cache_invalidate(void); | 427 | void netlbl_cache_invalidate(void); |
402 | int netlbl_cache_add(const struct sk_buff *skb, | 428 | int netlbl_cache_add(const struct sk_buff *skb, |
403 | const struct netlbl_lsm_secattr *secattr); | 429 | const struct netlbl_lsm_secattr *secattr); |
430 | |||
431 | /* | ||
432 | * Protocol engine operations | ||
433 | */ | ||
434 | struct audit_buffer *netlbl_audit_start(int type, | ||
435 | struct netlbl_audit *audit_info); | ||
404 | #else | 436 | #else |
405 | static inline int netlbl_cfg_map_del(const char *domain, | 437 | static inline int netlbl_cfg_map_del(const char *domain, |
438 | u16 family, | ||
439 | const void *addr, | ||
440 | const void *mask, | ||
406 | struct netlbl_audit *audit_info) | 441 | struct netlbl_audit *audit_info) |
407 | { | 442 | { |
408 | return -ENOSYS; | 443 | return -ENOSYS; |
409 | } | 444 | } |
410 | static inline int netlbl_cfg_unlbl_add_map(const char *domain, | 445 | static inline int netlbl_cfg_unlbl_map_add(const char *domain, |
446 | u16 family, | ||
447 | void *addr, | ||
448 | void *mask, | ||
411 | struct netlbl_audit *audit_info) | 449 | struct netlbl_audit *audit_info) |
412 | { | 450 | { |
413 | return -ENOSYS; | 451 | return -ENOSYS; |
414 | } | 452 | } |
415 | static inline int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, | 453 | static inline int netlbl_cfg_unlbl_static_add(struct net *net, |
454 | const char *dev_name, | ||
455 | const void *addr, | ||
456 | const void *mask, | ||
457 | u16 family, | ||
458 | u32 secid, | ||
459 | struct netlbl_audit *audit_info) | ||
460 | { | ||
461 | return -ENOSYS; | ||
462 | } | ||
463 | static inline int netlbl_cfg_unlbl_static_del(struct net *net, | ||
464 | const char *dev_name, | ||
465 | const void *addr, | ||
466 | const void *mask, | ||
467 | u16 family, | ||
468 | struct netlbl_audit *audit_info) | ||
469 | { | ||
470 | return -ENOSYS; | ||
471 | } | ||
472 | static inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def, | ||
473 | struct netlbl_audit *audit_info) | ||
474 | { | ||
475 | return -ENOSYS; | ||
476 | } | ||
477 | static inline void netlbl_cfg_cipsov4_del(u32 doi, | ||
478 | struct netlbl_audit *audit_info) | ||
479 | { | ||
480 | return; | ||
481 | } | ||
482 | static inline int netlbl_cfg_cipsov4_map_add(u32 doi, | ||
416 | const char *domain, | 483 | const char *domain, |
484 | const struct in_addr *addr, | ||
485 | const struct in_addr *mask, | ||
417 | struct netlbl_audit *audit_info) | 486 | struct netlbl_audit *audit_info) |
418 | { | 487 | { |
419 | return -ENOSYS; | 488 | return -ENOSYS; |
@@ -495,6 +564,11 @@ static inline int netlbl_cache_add(const struct sk_buff *skb, | |||
495 | { | 564 | { |
496 | return 0; | 565 | return 0; |
497 | } | 566 | } |
567 | static inline struct audit_buffer *netlbl_audit_start(int type, | ||
568 | struct netlbl_audit *audit_info) | ||
569 | { | ||
570 | return NULL; | ||
571 | } | ||
498 | #endif /* CONFIG_NETLABEL */ | 572 | #endif /* CONFIG_NETLABEL */ |
499 | 573 | ||
500 | #endif /* _NETLABEL_H */ | 574 | #endif /* _NETLABEL_H */ |