aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorVenkat Yekkirala <vyekkirala@TrustedCS.com>2006-07-25 02:32:20 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 17:53:28 -0400
commitcb969f072b6d67770b559617f14e767f47e77ece (patch)
tree4112eb0182e8b3e28b42aebaa40ca25454fc6b76 /include
parentbeb8d13bed80f8388f1a9a107d07ddd342e627e8 (diff)
[MLSXFRM]: Default labeling of socket specific IPSec policies
This defaults the label of socket-specific IPSec policies to be the same as the socket they are set on. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/security.h19
-rw-r--r--include/net/xfrm.h2
2 files changed, 17 insertions, 4 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index f3909d189fe0..8e3dc6c51a6d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -827,8 +827,10 @@ struct swap_info_struct;
827 * used by the XFRM system. 827 * used by the XFRM system.
828 * @sec_ctx contains the security context information being provided by 828 * @sec_ctx contains the security context information being provided by
829 * the user-level policy update program (e.g., setkey). 829 * the user-level policy update program (e.g., setkey).
830 * @sk refers to the sock from which to derive the security context.
830 * Allocate a security structure to the xp->security field; the security 831 * Allocate a security structure to the xp->security field; the security
831 * field is initialized to NULL when the xfrm_policy is allocated. 832 * field is initialized to NULL when the xfrm_policy is allocated. Only
833 * one of sec_ctx or sock can be specified.
832 * Return 0 if operation was successful (memory to allocate, legal context) 834 * Return 0 if operation was successful (memory to allocate, legal context)
833 * @xfrm_policy_clone_security: 835 * @xfrm_policy_clone_security:
834 * @old contains an existing xfrm_policy in the SPD. 836 * @old contains an existing xfrm_policy in the SPD.
@@ -1359,7 +1361,8 @@ struct security_operations {
1359#endif /* CONFIG_SECURITY_NETWORK */ 1361#endif /* CONFIG_SECURITY_NETWORK */
1360 1362
1361#ifdef CONFIG_SECURITY_NETWORK_XFRM 1363#ifdef CONFIG_SECURITY_NETWORK_XFRM
1362 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); 1364 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp,
1365 struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk);
1363 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); 1366 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
1364 void (*xfrm_policy_free_security) (struct xfrm_policy *xp); 1367 void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
1365 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); 1368 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
@@ -3057,7 +3060,12 @@ static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
3057#ifdef CONFIG_SECURITY_NETWORK_XFRM 3060#ifdef CONFIG_SECURITY_NETWORK_XFRM
3058static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) 3061static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
3059{ 3062{
3060 return security_ops->xfrm_policy_alloc_security(xp, sec_ctx); 3063 return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL);
3064}
3065
3066static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
3067{
3068 return security_ops->xfrm_policy_alloc_security(xp, NULL, sk);
3061} 3069}
3062 3070
3063static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 3071static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
@@ -3132,6 +3140,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm
3132 return 0; 3140 return 0;
3133} 3141}
3134 3142
3143static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
3144{
3145 return 0;
3146}
3147
3135static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 3148static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
3136{ 3149{
3137 return 0; 3150 return 0;
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 3ecd9fa1ed4b..00bf86e6e82b 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -362,7 +362,7 @@ struct xfrm_mgr
362 char *id; 362 char *id;
363 int (*notify)(struct xfrm_state *x, struct km_event *c); 363 int (*notify)(struct xfrm_state *x, struct km_event *c);
364 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); 364 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
365 struct xfrm_policy *(*compile_policy)(u16 family, int opt, u8 *data, int len, int *dir); 365 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
366 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); 366 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
367 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); 367 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
368}; 368};