diff options
author | Venkat Yekkirala <vyekkirala@TrustedCS.com> | 2006-07-25 02:32:20 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:28 -0400 |
commit | cb969f072b6d67770b559617f14e767f47e77ece (patch) | |
tree | 4112eb0182e8b3e28b42aebaa40ca25454fc6b76 /include | |
parent | beb8d13bed80f8388f1a9a107d07ddd342e627e8 (diff) |
[MLSXFRM]: Default labeling of socket specific IPSec policies
This defaults the label of socket-specific IPSec policies to be the
same as the socket they are set on.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/security.h | 19 | ||||
-rw-r--r-- | include/net/xfrm.h | 2 |
2 files changed, 17 insertions, 4 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index f3909d189fe0..8e3dc6c51a6d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -827,8 +827,10 @@ struct swap_info_struct; | |||
827 | * used by the XFRM system. | 827 | * used by the XFRM system. |
828 | * @sec_ctx contains the security context information being provided by | 828 | * @sec_ctx contains the security context information being provided by |
829 | * the user-level policy update program (e.g., setkey). | 829 | * the user-level policy update program (e.g., setkey). |
830 | * @sk refers to the sock from which to derive the security context. | ||
830 | * Allocate a security structure to the xp->security field; the security | 831 | * Allocate a security structure to the xp->security field; the security |
831 | * field is initialized to NULL when the xfrm_policy is allocated. | 832 | * field is initialized to NULL when the xfrm_policy is allocated. Only |
833 | * one of sec_ctx or sock can be specified. | ||
832 | * Return 0 if operation was successful (memory to allocate, legal context) | 834 | * Return 0 if operation was successful (memory to allocate, legal context) |
833 | * @xfrm_policy_clone_security: | 835 | * @xfrm_policy_clone_security: |
834 | * @old contains an existing xfrm_policy in the SPD. | 836 | * @old contains an existing xfrm_policy in the SPD. |
@@ -1359,7 +1361,8 @@ struct security_operations { | |||
1359 | #endif /* CONFIG_SECURITY_NETWORK */ | 1361 | #endif /* CONFIG_SECURITY_NETWORK */ |
1360 | 1362 | ||
1361 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1363 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
1362 | int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); | 1364 | int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, |
1365 | struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk); | ||
1363 | int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); | 1366 | int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); |
1364 | void (*xfrm_policy_free_security) (struct xfrm_policy *xp); | 1367 | void (*xfrm_policy_free_security) (struct xfrm_policy *xp); |
1365 | int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); | 1368 | int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); |
@@ -3057,7 +3060,12 @@ static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl) | |||
3057 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 3060 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
3058 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) | 3061 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) |
3059 | { | 3062 | { |
3060 | return security_ops->xfrm_policy_alloc_security(xp, sec_ctx); | 3063 | return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL); |
3064 | } | ||
3065 | |||
3066 | static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk) | ||
3067 | { | ||
3068 | return security_ops->xfrm_policy_alloc_security(xp, NULL, sk); | ||
3061 | } | 3069 | } |
3062 | 3070 | ||
3063 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) | 3071 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) |
@@ -3132,6 +3140,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm | |||
3132 | return 0; | 3140 | return 0; |
3133 | } | 3141 | } |
3134 | 3142 | ||
3143 | static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk) | ||
3144 | { | ||
3145 | return 0; | ||
3146 | } | ||
3147 | |||
3135 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) | 3148 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) |
3136 | { | 3149 | { |
3137 | return 0; | 3150 | return 0; |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 3ecd9fa1ed4b..00bf86e6e82b 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -362,7 +362,7 @@ struct xfrm_mgr | |||
362 | char *id; | 362 | char *id; |
363 | int (*notify)(struct xfrm_state *x, struct km_event *c); | 363 | int (*notify)(struct xfrm_state *x, struct km_event *c); |
364 | int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); | 364 | int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); |
365 | struct xfrm_policy *(*compile_policy)(u16 family, int opt, u8 *data, int len, int *dir); | 365 | struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir); |
366 | int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); | 366 | int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); |
367 | int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); | 367 | int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); |
368 | }; | 368 | }; |