netlabel: Update kernel configuration API

Update the NetLabel kernel API to expose the new features added in kernel releases 2.6.25 and 2.6.28: the static/fallback label functionality and network address based selectors. Signed-off-by: Paul Moore <paul.moore@hp.com>
author: Paul Moore <paul.moore@hp.com> 2008-12-31 12:54:11 -0500
committer: Paul Moore <paul.moore@hp.com> 2008-12-31 12:54:11 -0500
commit: 6c2e8ac0953fccdd24dc6c4b9e08e8f1cd68cf07 (patch)
tree: c52e242ec5e5c2d131af2d9dbb038f78f724a74c /net/netlabel/netlabel_cipso_v4.c
parent: 6a94cb73064c952255336cc57731904174b2c58f (diff)
1 files changed, 18 insertions, 43 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index fff32b70efa9..bf1ab1a6790d 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -130,6 +130,7 @@ static int netlbl_cipsov4_add_common(struct genl_info *info,
 /**
 * netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition
 * @info: the Generic NETLINK info block
+ * @audit_info: NetLabel audit information
 *
 * Description:
 * Create a new CIPSO_V4_MAP_TRANS DOI definition based on the given ADD
@@ -137,7 +138,8 @@ static int netlbl_cipsov4_add_common(struct genl_info *info,
 * non-zero on error.
 *
 */
-static int netlbl_cipsov4_add_std(struct genl_info *info)
+static int netlbl_cipsov4_add_std(struct genl_info *info,
+                                  struct netlbl_audit *audit_info)
 {
        int ret_val = -EINVAL;
        struct cipso_v4_doi *doi_def = NULL;
@@ -316,7 +318,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info)
                        }
        }
-        ret_val = cipso_v4_doi_add(doi_def);
+        ret_val = cipso_v4_doi_add(doi_def, audit_info);
        if (ret_val != 0)
                goto add_std_failure;
        return 0;
@@ -330,6 +332,7 @@ add_std_failure:
 /**
 * netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition
 * @info: the Generic NETLINK info block
+ * @audit_info: NetLabel audit information
 *
 * Description:
 * Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message
@@ -337,7 +340,8 @@ add_std_failure:
 * error.
 *
 */
-static int netlbl_cipsov4_add_pass(struct genl_info *info)
+static int netlbl_cipsov4_add_pass(struct genl_info *info,
+                                   struct netlbl_audit *audit_info)
 {
        int ret_val;
        struct cipso_v4_doi *doi_def = NULL;
@@ -354,7 +358,7 @@ static int netlbl_cipsov4_add_pass(struct genl_info *info)
        if (ret_val != 0)
                goto add_pass_failure;
-        ret_val = cipso_v4_doi_add(doi_def);
+        ret_val = cipso_v4_doi_add(doi_def, audit_info);
        if (ret_val != 0)
                goto add_pass_failure;
        return 0;
@@ -367,6 +371,7 @@ add_pass_failure:
 /**
 * netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition
 * @info: the Generic NETLINK info block
+ * @audit_info: NetLabel audit information
 *
 * Description:
 * Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD
@@ -374,7 +379,8 @@ add_pass_failure:
 * non-zero on error.
 *
 */
-static int netlbl_cipsov4_add_local(struct genl_info *info)
+static int netlbl_cipsov4_add_local(struct genl_info *info,
+                                    struct netlbl_audit *audit_info)
 {
        int ret_val;
        struct cipso_v4_doi *doi_def = NULL;
@@ -391,7 +397,7 @@ static int netlbl_cipsov4_add_local(struct genl_info *info)
        if (ret_val != 0)
                goto add_local_failure;
-        ret_val = cipso_v4_doi_add(doi_def);
+        ret_val = cipso_v4_doi_add(doi_def, audit_info);
        if (ret_val != 0)
                goto add_local_failure;
        return 0;
@@ -415,48 +421,31 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
 {
        int ret_val = -EINVAL;
-        u32 type;
-        u32 doi;
        const char *type_str = "(unknown)";
-        struct audit_buffer *audit_buf;
        struct netlbl_audit audit_info;
        if (!info->attrs[NLBL_CIPSOV4_A_DOI] ||
            !info->attrs[NLBL_CIPSOV4_A_MTYPE])
                return -EINVAL;
-        doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
        netlbl_netlink_auditinfo(skb, &audit_info);
+        switch (nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE])) {
-        type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);
-        switch (type) {
        case CIPSO_V4_MAP_TRANS:
                type_str = "trans";
-                ret_val = netlbl_cipsov4_add_std(info);
+                ret_val = netlbl_cipsov4_add_std(info, &audit_info);
                break;
        case CIPSO_V4_MAP_PASS:
                type_str = "pass";
-                ret_val = netlbl_cipsov4_add_pass(info);
+                ret_val = netlbl_cipsov4_add_pass(info, &audit_info);
                break;
        case CIPSO_V4_MAP_LOCAL:
                type_str = "local";
-                ret_val = netlbl_cipsov4_add_local(info);
+                ret_val = netlbl_cipsov4_add_local(info, &audit_info);
                break;
        }
        if (ret_val == 0)
                atomic_inc(&netlabel_mgmt_protocount);
-        audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
-                                              &audit_info);
-        if (audit_buf != NULL) {
-                audit_log_format(audit_buf,
-                                 " cipso_doi=%u cipso_type=%s res=%u",
-                                 doi,
-                                 type_str,
-                                 ret_val == 0 ? 1 : 0);
-                audit_log_end(audit_buf);
-        }
        return ret_val;
 }
@@ -725,9 +714,7 @@ static int netlbl_cipsov4_remove_cb(struct netlbl_dom_map *entry, void *arg)
 static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
 {
        int ret_val = -EINVAL;
-        u32 doi = 0;
        struct netlbl_domhsh_walk_arg cb_arg;
-        struct audit_buffer *audit_buf;
        struct netlbl_audit audit_info;
        u32 skip_bkt = 0;
        u32 skip_chain = 0;
@@ -735,29 +722,17 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
        if (!info->attrs[NLBL_CIPSOV4_A_DOI])
                return -EINVAL;
-        doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
        netlbl_netlink_auditinfo(skb, &audit_info);
+        cb_arg.doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
-        cb_arg.doi = doi;
        cb_arg.audit_info = &audit_info;
        ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,
                                     netlbl_cipsov4_remove_cb, &cb_arg);
        if (ret_val == 0 || ret_val == -ENOENT) {
-                ret_val = cipso_v4_doi_remove(doi, &audit_info);
+                ret_val = cipso_v4_doi_remove(cb_arg.doi, &audit_info);
                if (ret_val == 0)
                        atomic_dec(&netlabel_mgmt_protocount);
        }
-        audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
-                                              &audit_info);
-        if (audit_buf != NULL) {
-                audit_log_format(audit_buf,
-                                 " cipso_doi=%u res=%u",
-                                 doi,
-                                 ret_val == 0 ? 1 : 0);
-                audit_log_end(audit_buf);
-        }
        return ret_val;
 }
author	Paul Moore <paul.moore@hp.com>	2008-12-31 12:54:11 -0500
committer	Paul Moore <paul.moore@hp.com>	2008-12-31 12:54:11 -0500
commit	6c2e8ac0953fccdd24dc6c4b9e08e8f1cd68cf07 (patch)
tree	c52e242ec5e5c2d131af2d9dbb038f78f724a74c /net/netlabel/netlabel_cipso_v4.c
parent	6a94cb73064c952255336cc57731904174b2c58f (diff)

diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index fff32b70efa9..bf1ab1a6790d 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c
@@ -130,6 +130,7 @@ static int netlbl_cipsov4_add_common(struct genl_info *info,
130	/**	130	/**
131	* netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition	131	* netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition
132	* @info: the Generic NETLINK info block	132	* @info: the Generic NETLINK info block
		133	* @audit_info: NetLabel audit information
133	*	134	*
134	* Description:	135	* Description:
135	* Create a new CIPSO_V4_MAP_TRANS DOI definition based on the given ADD	136	* Create a new CIPSO_V4_MAP_TRANS DOI definition based on the given ADD
@@ -137,7 +138,8 @@ static int netlbl_cipsov4_add_common(struct genl_info *info,
137	* non-zero on error.	138	* non-zero on error.
138	*	139	*
139	*/	140	*/
140	static int netlbl_cipsov4_add_std(struct genl_info *info)	141	static int netlbl_cipsov4_add_std(struct genl_info *info,
		142	struct netlbl_audit *audit_info)
141	{	143	{
142	int ret_val = -EINVAL;	144	int ret_val = -EINVAL;
143	struct cipso_v4_doi *doi_def = NULL;	145	struct cipso_v4_doi *doi_def = NULL;
@@ -316,7 +318,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info)
316	}	318	}
317	}	319	}
318		320
319	ret_val = cipso_v4_doi_add(doi_def);	321	ret_val = cipso_v4_doi_add(doi_def, audit_info);
320	if (ret_val != 0)	322	if (ret_val != 0)
321	goto add_std_failure;	323	goto add_std_failure;
322	return 0;	324	return 0;
@@ -330,6 +332,7 @@ add_std_failure:
330	/**	332	/**
331	* netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition	333	* netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition
332	* @info: the Generic NETLINK info block	334	* @info: the Generic NETLINK info block
		335	* @audit_info: NetLabel audit information
333	*	336	*
334	* Description:	337	* Description:
335	* Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message	338	* Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message
@@ -337,7 +340,8 @@ add_std_failure:
337	* error.	340	* error.
338	*	341	*
339	*/	342	*/
340	static int netlbl_cipsov4_add_pass(struct genl_info *info)	343	static int netlbl_cipsov4_add_pass(struct genl_info *info,
		344	struct netlbl_audit *audit_info)
341	{	345	{
342	int ret_val;	346	int ret_val;
343	struct cipso_v4_doi *doi_def = NULL;	347	struct cipso_v4_doi *doi_def = NULL;
@@ -354,7 +358,7 @@ static int netlbl_cipsov4_add_pass(struct genl_info *info)
354	if (ret_val != 0)	358	if (ret_val != 0)
355	goto add_pass_failure;	359	goto add_pass_failure;
356		360
357	ret_val = cipso_v4_doi_add(doi_def);	361	ret_val = cipso_v4_doi_add(doi_def, audit_info);
358	if (ret_val != 0)	362	if (ret_val != 0)
359	goto add_pass_failure;	363	goto add_pass_failure;
360	return 0;	364	return 0;
@@ -367,6 +371,7 @@ add_pass_failure:
367	/**	371	/**
368	* netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition	372	* netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition
369	* @info: the Generic NETLINK info block	373	* @info: the Generic NETLINK info block
		374	* @audit_info: NetLabel audit information
370	*	375	*
371	* Description:	376	* Description:
372	* Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD	377	* Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD
@@ -374,7 +379,8 @@ add_pass_failure:
374	* non-zero on error.	379	* non-zero on error.
375	*	380	*
376	*/	381	*/
377	static int netlbl_cipsov4_add_local(struct genl_info *info)	382	static int netlbl_cipsov4_add_local(struct genl_info *info,
		383	struct netlbl_audit *audit_info)
378	{	384	{
379	int ret_val;	385	int ret_val;
380	struct cipso_v4_doi *doi_def = NULL;	386	struct cipso_v4_doi *doi_def = NULL;
@@ -391,7 +397,7 @@ static int netlbl_cipsov4_add_local(struct genl_info *info)
391	if (ret_val != 0)	397	if (ret_val != 0)
392	goto add_local_failure;	398	goto add_local_failure;
393		399
394	ret_val = cipso_v4_doi_add(doi_def);	400	ret_val = cipso_v4_doi_add(doi_def, audit_info);
395	if (ret_val != 0)	401	if (ret_val != 0)
396	goto add_local_failure;	402	goto add_local_failure;
397	return 0;	403	return 0;
@@ -415,48 +421,31 @@ static int netlbl_cipsov4_add(struct sk_buff skb, struct genl_info info)
415		421
416	{	422	{
417	int ret_val = -EINVAL;	423	int ret_val = -EINVAL;
418	u32 type;
419	u32 doi;
420	const char *type_str = "(unknown)";	424	const char *type_str = "(unknown)";
421	struct audit_buffer *audit_buf;
422	struct netlbl_audit audit_info;	425	struct netlbl_audit audit_info;
423		426
424	if (!info->attrs[NLBL_CIPSOV4_A_DOI] \|\|	427	if (!info->attrs[NLBL_CIPSOV4_A_DOI] \|\|
425	!info->attrs[NLBL_CIPSOV4_A_MTYPE])	428	!info->attrs[NLBL_CIPSOV4_A_MTYPE])
426	return -EINVAL;	429	return -EINVAL;
427		430
428	doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
429	netlbl_netlink_auditinfo(skb, &audit_info);	431	netlbl_netlink_auditinfo(skb, &audit_info);
430		432	switch (nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE])) {
431	type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);
432	switch (type) {
433	case CIPSO_V4_MAP_TRANS:	433	case CIPSO_V4_MAP_TRANS:
434	type_str = "trans";	434	type_str = "trans";
435	ret_val = netlbl_cipsov4_add_std(info);	435	ret_val = netlbl_cipsov4_add_std(info, &audit_info);
436	break;	436	break;
437	case CIPSO_V4_MAP_PASS:	437	case CIPSO_V4_MAP_PASS:
438	type_str = "pass";	438	type_str = "pass";
439	ret_val = netlbl_cipsov4_add_pass(info);	439	ret_val = netlbl_cipsov4_add_pass(info, &audit_info);
440	break;	440	break;
441	case CIPSO_V4_MAP_LOCAL:	441	case CIPSO_V4_MAP_LOCAL:
442	type_str = "local";	442	type_str = "local";
443	ret_val = netlbl_cipsov4_add_local(info);	443	ret_val = netlbl_cipsov4_add_local(info, &audit_info);
444	break;	444	break;
445	}	445	}
446	if (ret_val == 0)	446	if (ret_val == 0)
447	atomic_inc(&netlabel_mgmt_protocount);	447	atomic_inc(&netlabel_mgmt_protocount);
448		448
449	audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
450	&audit_info);
451	if (audit_buf != NULL) {
452	audit_log_format(audit_buf,
453	" cipso_doi=%u cipso_type=%s res=%u",
454	doi,
455	type_str,
456	ret_val == 0 ? 1 : 0);
457	audit_log_end(audit_buf);
458	}
459
460	return ret_val;	449	return ret_val;
461	}	450	}
462		451
@@ -725,9 +714,7 @@ static int netlbl_cipsov4_remove_cb(struct netlbl_dom_map entry, void arg)
725	static int netlbl_cipsov4_remove(struct sk_buff skb, struct genl_info info)	714	static int netlbl_cipsov4_remove(struct sk_buff skb, struct genl_info info)
726	{	715	{
727	int ret_val = -EINVAL;	716	int ret_val = -EINVAL;
728	u32 doi = 0;
729	struct netlbl_domhsh_walk_arg cb_arg;	717	struct netlbl_domhsh_walk_arg cb_arg;
730	struct audit_buffer *audit_buf;
731	struct netlbl_audit audit_info;	718	struct netlbl_audit audit_info;
732	u32 skip_bkt = 0;	719	u32 skip_bkt = 0;
733	u32 skip_chain = 0;	720	u32 skip_chain = 0;
@@ -735,29 +722,17 @@ static int netlbl_cipsov4_remove(struct sk_buff skb, struct genl_info info)
735	if (!info->attrs[NLBL_CIPSOV4_A_DOI])	722	if (!info->attrs[NLBL_CIPSOV4_A_DOI])
736	return -EINVAL;	723	return -EINVAL;
737		724
738	doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
739	netlbl_netlink_auditinfo(skb, &audit_info);	725	netlbl_netlink_auditinfo(skb, &audit_info);
740		726	cb_arg.doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
741	cb_arg.doi = doi;
742	cb_arg.audit_info = &audit_info;	727	cb_arg.audit_info = &audit_info;
743	ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,	728	ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,
744	netlbl_cipsov4_remove_cb, &cb_arg);	729	netlbl_cipsov4_remove_cb, &cb_arg);
745	if (ret_val == 0 \|\| ret_val == -ENOENT) {	730	if (ret_val == 0 \|\| ret_val == -ENOENT) {
746	ret_val = cipso_v4_doi_remove(doi, &audit_info);	731	ret_val = cipso_v4_doi_remove(cb_arg.doi, &audit_info);
747	if (ret_val == 0)	732	if (ret_val == 0)
748	atomic_dec(&netlabel_mgmt_protocount);	733	atomic_dec(&netlabel_mgmt_protocount);
749	}	734	}
750		735
751	audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
752	&audit_info);
753	if (audit_buf != NULL) {
754	audit_log_format(audit_buf,
755	" cipso_doi=%u res=%u",
756	doi,
757	ret_val == 0 ? 1 : 0);
758	audit_log_end(audit_buf);
759	}
760
761	return ret_val;	736	return ret_val;
762	}	737	}
763		738