aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlabel/netlabel_unlabeled.c
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-09-28 17:51:47 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-28 21:03:09 -0400
commit32f50cdee666333168b5203c7864bede159f789e (patch)
treec4989cc2521551714f656d60f6b895232ffdeda6 /net/netlabel/netlabel_unlabeled.c
parent8ea333eb5da3e3219f570220c56bca09f6f4d25a (diff)
[NetLabel]: add audit support for configuration changes
This patch adds audit support to NetLabel, including six new audit message types shown below. #define AUDIT_MAC_UNLBL_ACCEPT 1406 #define AUDIT_MAC_UNLBL_DENY 1407 #define AUDIT_MAC_CIPSOV4_ADD 1408 #define AUDIT_MAC_CIPSOV4_DEL 1409 #define AUDIT_MAC_MAP_ADD 1410 #define AUDIT_MAC_MAP_DEL 1411 Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlabel/netlabel_unlabeled.c')
-rw-r--r--net/netlabel/netlabel_unlabeled.c36
1 files changed, 30 insertions, 6 deletions
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 440f5c4e1e2d..ab36675fee8c 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -64,6 +64,27 @@ static struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1] = {
64}; 64};
65 65
66/* 66/*
67 * Helper Functions
68 */
69
70/**
71 * netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag
72 * @value: desired value
73 * @audit_secid: the LSM secid to use in the audit message
74 *
75 * Description:
76 * Set the value of the unlabeled accept flag to @value.
77 *
78 */
79static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
80{
81 atomic_set(&netlabel_unlabel_accept_flg, value);
82 netlbl_audit_nomsg((value ?
83 AUDIT_MAC_UNLBL_ACCEPT : AUDIT_MAC_UNLBL_DENY),
84 audit_secid);
85}
86
87/*
67 * NetLabel Command Handlers 88 * NetLabel Command Handlers
68 */ 89 */
69 90
@@ -79,18 +100,18 @@ static struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1] = {
79 */ 100 */
80static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info) 101static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info)
81{ 102{
82 int ret_val = -EINVAL;
83 u8 value; 103 u8 value;
84 104
85 if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) { 105 if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) {
86 value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]); 106 value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]);
87 if (value == 1 || value == 0) { 107 if (value == 1 || value == 0) {
88 atomic_set(&netlabel_unlabel_accept_flg, value); 108 netlbl_unlabel_acceptflg_set(value,
89 ret_val = 0; 109 NETLINK_CB(skb).sid);
110 return 0;
90 } 111 }
91 } 112 }
92 113
93 return ret_val; 114 return -EINVAL;
94} 115}
95 116
96/** 117/**
@@ -229,16 +250,19 @@ int netlbl_unlabel_defconf(void)
229{ 250{
230 int ret_val; 251 int ret_val;
231 struct netlbl_dom_map *entry; 252 struct netlbl_dom_map *entry;
253 u32 secid;
254
255 security_task_getsecid(current, &secid);
232 256
233 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 257 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
234 if (entry == NULL) 258 if (entry == NULL)
235 return -ENOMEM; 259 return -ENOMEM;
236 entry->type = NETLBL_NLTYPE_UNLABELED; 260 entry->type = NETLBL_NLTYPE_UNLABELED;
237 ret_val = netlbl_domhsh_add_default(entry); 261 ret_val = netlbl_domhsh_add_default(entry, secid);
238 if (ret_val != 0) 262 if (ret_val != 0)
239 return ret_val; 263 return ret_val;
240 264
241 atomic_set(&netlabel_unlabel_accept_flg, 1); 265 netlbl_unlabel_acceptflg_set(1, secid);
242 266
243 return 0; 267 return 0;
244} 268}
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-11 03:25:37 -0500