NetLabel: introduce a new kernel configuration API for NetLabel

Add a new set of configuration functions to the NetLabel/LSM API so that LSMs can perform their own configuration of the NetLabel subsystem without relying on assistance from userspace. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Paul Moore <paul.moore@hp.com> 2008-02-05 01:29:47 -0500
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2008-02-05 12:44:20 -0500
commit: eda61d32e8ad1d9102872f9a0abf3344bf9c5e67 (patch)
tree: d1c11a47c97b3f29d54021cd4aa9c0b8963ed0c8 /include/net
parent: 97829955ad291acec1d8b94e9911b3ceb1118bb1 (diff)
1 files changed, 41 insertions, 6 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index b3213c7c5309..0ca67d73c7ad 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -36,6 +36,8 @@
 #include <net/netlink.h>
 #include <asm/atomic.h>
+struct cipso_v4_doi;
 /*
 * NetLabel - A management interface for maintaining network packet label
 *            mapping tables for explicit packet labling protocols.
@@ -103,12 +105,6 @@ struct netlbl_audit {
        uid_t loginuid;
 };
-/* Domain mapping definition struct */
-struct netlbl_dom_map;
-/* Domain mapping operations */
-int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info);
 /*
 * LSM security attributes
 */
@@ -344,6 +340,19 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)
 #ifdef CONFIG_NETLABEL
 /*
+ * LSM configuration operations
+ */
+int netlbl_cfg_map_del(const char *domain, struct netlbl_audit *audit_info);
+int netlbl_cfg_unlbl_add_map(const char *domain,
+                             struct netlbl_audit *audit_info);
+int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
+                           struct netlbl_audit *audit_info);
+int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
+                               const char *domain,
+                               struct netlbl_audit *audit_info);
+int netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info);
+/*
 * LSM security attribute operations
 */
 int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
@@ -378,6 +387,32 @@ void netlbl_cache_invalidate(void);
 int netlbl_cache_add(const struct sk_buff *skb,
                     const struct netlbl_lsm_secattr *secattr);
 #else
+static inline int netlbl_cfg_map_del(const char *domain,
+                                     struct netlbl_audit *audit_info)
+{
+        return -ENOSYS;
+}
+static inline int netlbl_cfg_unlbl_add_map(const char *domain,
+                                           struct netlbl_audit *audit_info)
+{
+        return -ENOSYS;
+}
+static inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
+                                         struct netlbl_audit *audit_info)
+{
+        return -ENOSYS;
+}
+static inline int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
+                                             const char *domain,
+                                             struct netlbl_audit *audit_info)
+{
+        return -ENOSYS;
+}
+static inline int netlbl_cfg_cipsov4_del(u32 doi,
+                                         struct netlbl_audit *audit_info)
+{
+        return -ENOSYS;
+}
 static inline int netlbl_secattr_catmap_walk(
                                      struct netlbl_lsm_secattr_catmap *catmap,
                                      u32 offset)
author	Paul Moore <paul.moore@hp.com>	2008-02-05 01:29:47 -0500
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2008-02-05 12:44:20 -0500
commit	eda61d32e8ad1d9102872f9a0abf3344bf9c5e67 (patch)
tree	d1c11a47c97b3f29d54021cd4aa9c0b8963ed0c8 /include/net
parent	97829955ad291acec1d8b94e9911b3ceb1118bb1 (diff)

diff --git a/include/net/netlabel.h b/include/net/netlabel.h index b3213c7c5309..0ca67d73c7ad 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h
@@ -36,6 +36,8 @@
36	#include <net/netlink.h>	36	#include <net/netlink.h>
37	#include <asm/atomic.h>	37	#include <asm/atomic.h>
38		38
		39	struct cipso_v4_doi;
		40
39	/*	41	/*
40	* NetLabel - A management interface for maintaining network packet label	42	* NetLabel - A management interface for maintaining network packet label
41	* mapping tables for explicit packet labling protocols.	43	* mapping tables for explicit packet labling protocols.
@@ -103,12 +105,6 @@ struct netlbl_audit {
103	uid_t loginuid;	105	uid_t loginuid;
104	};	106	};
105		107
106	/* Domain mapping definition struct */
107	struct netlbl_dom_map;
108
109	/* Domain mapping operations */
110	int netlbl_domhsh_remove(const char domain, struct netlbl_audit audit_info);
111
112	/*	108	/*
113	* LSM security attributes	109	* LSM security attributes
114	*/	110	*/
@@ -344,6 +340,19 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)
344		340
345	#ifdef CONFIG_NETLABEL	341	#ifdef CONFIG_NETLABEL
346	/*	342	/*
		343	* LSM configuration operations
		344	*/
		345	int netlbl_cfg_map_del(const char domain, struct netlbl_audit audit_info);
		346	int netlbl_cfg_unlbl_add_map(const char *domain,
		347	struct netlbl_audit *audit_info);
		348	int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
		349	struct netlbl_audit *audit_info);
		350	int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
		351	const char *domain,
		352	struct netlbl_audit *audit_info);
		353	int netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info);
		354
		355	/*
347	* LSM security attribute operations	356	* LSM security attribute operations
348	*/	357	*/
349	int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,	358	int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
@@ -378,6 +387,32 @@ void netlbl_cache_invalidate(void);
378	int netlbl_cache_add(const struct sk_buff *skb,	387	int netlbl_cache_add(const struct sk_buff *skb,
379	const struct netlbl_lsm_secattr *secattr);	388	const struct netlbl_lsm_secattr *secattr);
380	#else	389	#else
		390	static inline int netlbl_cfg_map_del(const char *domain,
		391	struct netlbl_audit *audit_info)
		392	{
		393	return -ENOSYS;
		394	}
		395	static inline int netlbl_cfg_unlbl_add_map(const char *domain,
		396	struct netlbl_audit *audit_info)
		397	{
		398	return -ENOSYS;
		399	}
		400	static inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
		401	struct netlbl_audit *audit_info)
		402	{
		403	return -ENOSYS;
		404	}
		405	static inline int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
		406	const char *domain,
		407	struct netlbl_audit *audit_info)
		408	{
		409	return -ENOSYS;
		410	}
		411	static inline int netlbl_cfg_cipsov4_del(u32 doi,
		412	struct netlbl_audit *audit_info)
		413	{
		414	return -ENOSYS;
		415	}
381	static inline int netlbl_secattr_catmap_walk(	416	static inline int netlbl_secattr_catmap_walk(
382	struct netlbl_lsm_secattr_catmap *catmap,	417	struct netlbl_lsm_secattr_catmap *catmap,
383	u32 offset)	418	u32 offset)