diff options
| author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:37:59 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:19 -0500 |
| commit | 16efd45435fa695b501b7f73c3259bd7c77cc12c (patch) | |
| tree | f26eb84f65192eb0a17aca399fd405100e4be974 /net | |
| parent | 1c3fad936acaf87b75055b95be781437e97d787f (diff) | |
NetLabel: Add secid token support to the NetLabel secattr struct
This patch adds support to the NetLabel LSM secattr struct for a secid token
and a type field, paving the way for full LSM/SELinux context support and
"static" or "fallback" labels. In addition, this patch adds a fair amount
of documentation to the core NetLabel structures used as part of the
NetLabel kernel API.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/cipso_ipv4.c | 59 | ||||
| -rw-r--r-- | net/netlabel/netlabel_unlabeled.c | 1 |
2 files changed, 38 insertions, 22 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index d4dc4eb48d95..a2241060113b 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c | |||
| @@ -348,6 +348,7 @@ static int cipso_v4_cache_check(const unsigned char *key, | |||
| 348 | atomic_inc(&entry->lsm_data->refcount); | 348 | atomic_inc(&entry->lsm_data->refcount); |
| 349 | secattr->cache = entry->lsm_data; | 349 | secattr->cache = entry->lsm_data; |
| 350 | secattr->flags |= NETLBL_SECATTR_CACHE; | 350 | secattr->flags |= NETLBL_SECATTR_CACHE; |
| 351 | secattr->type = NETLBL_NLTYPE_CIPSOV4; | ||
| 351 | if (prev_entry == NULL) { | 352 | if (prev_entry == NULL) { |
| 352 | spin_unlock_bh(&cipso_v4_cache[bkt].lock); | 353 | spin_unlock_bh(&cipso_v4_cache[bkt].lock); |
| 353 | return 0; | 354 | return 0; |
| @@ -865,7 +866,7 @@ static int cipso_v4_map_cat_rbm_hton(const struct cipso_v4_doi *doi_def, | |||
| 865 | } | 866 | } |
| 866 | 867 | ||
| 867 | for (;;) { | 868 | for (;;) { |
| 868 | host_spot = netlbl_secattr_catmap_walk(secattr->mls_cat, | 869 | host_spot = netlbl_secattr_catmap_walk(secattr->attr.mls.cat, |
| 869 | host_spot + 1); | 870 | host_spot + 1); |
| 870 | if (host_spot < 0) | 871 | if (host_spot < 0) |
| 871 | break; | 872 | break; |
| @@ -948,7 +949,7 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def, | |||
| 948 | return -EPERM; | 949 | return -EPERM; |
| 949 | break; | 950 | break; |
| 950 | } | 951 | } |
| 951 | ret_val = netlbl_secattr_catmap_setbit(secattr->mls_cat, | 952 | ret_val = netlbl_secattr_catmap_setbit(secattr->attr.mls.cat, |
| 952 | host_spot, | 953 | host_spot, |
| 953 | GFP_ATOMIC); | 954 | GFP_ATOMIC); |
| 954 | if (ret_val != 0) | 955 | if (ret_val != 0) |
| @@ -1014,7 +1015,8 @@ static int cipso_v4_map_cat_enum_hton(const struct cipso_v4_doi *doi_def, | |||
| 1014 | u32 cat_iter = 0; | 1015 | u32 cat_iter = 0; |
| 1015 | 1016 | ||
| 1016 | for (;;) { | 1017 | for (;;) { |
| 1017 | cat = netlbl_secattr_catmap_walk(secattr->mls_cat, cat + 1); | 1018 | cat = netlbl_secattr_catmap_walk(secattr->attr.mls.cat, |
| 1019 | cat + 1); | ||
| 1018 | if (cat < 0) | 1020 | if (cat < 0) |
| 1019 | break; | 1021 | break; |
| 1020 | if ((cat_iter + 2) > net_cat_len) | 1022 | if ((cat_iter + 2) > net_cat_len) |
| @@ -1049,7 +1051,7 @@ static int cipso_v4_map_cat_enum_ntoh(const struct cipso_v4_doi *doi_def, | |||
| 1049 | u32 iter; | 1051 | u32 iter; |
| 1050 | 1052 | ||
| 1051 | for (iter = 0; iter < net_cat_len; iter += 2) { | 1053 | for (iter = 0; iter < net_cat_len; iter += 2) { |
| 1052 | ret_val = netlbl_secattr_catmap_setbit(secattr->mls_cat, | 1054 | ret_val = netlbl_secattr_catmap_setbit(secattr->attr.mls.cat, |
| 1053 | ntohs(get_unaligned((__be16 *)&net_cat[iter])), | 1055 | ntohs(get_unaligned((__be16 *)&net_cat[iter])), |
| 1054 | GFP_ATOMIC); | 1056 | GFP_ATOMIC); |
| 1055 | if (ret_val != 0) | 1057 | if (ret_val != 0) |
| @@ -1130,7 +1132,8 @@ static int cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def, | |||
| 1130 | return -ENOSPC; | 1132 | return -ENOSPC; |
| 1131 | 1133 | ||
| 1132 | for (;;) { | 1134 | for (;;) { |
| 1133 | iter = netlbl_secattr_catmap_walk(secattr->mls_cat, iter + 1); | 1135 | iter = netlbl_secattr_catmap_walk(secattr->attr.mls.cat, |
| 1136 | iter + 1); | ||
| 1134 | if (iter < 0) | 1137 | if (iter < 0) |
| 1135 | break; | 1138 | break; |
| 1136 | cat_size += (iter == 0 ? 0 : sizeof(u16)); | 1139 | cat_size += (iter == 0 ? 0 : sizeof(u16)); |
| @@ -1138,7 +1141,8 @@ static int cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def, | |||
| 1138 | return -ENOSPC; | 1141 | return -ENOSPC; |
| 1139 | array[array_cnt++] = iter; | 1142 | array[array_cnt++] = iter; |
| 1140 | 1143 | ||
| 1141 | iter = netlbl_secattr_catmap_walk_rng(secattr->mls_cat, iter); | 1144 | iter = netlbl_secattr_catmap_walk_rng(secattr->attr.mls.cat, |
| 1145 | iter); | ||
| 1142 | if (iter < 0) | 1146 | if (iter < 0) |
| 1143 | return -EFAULT; | 1147 | return -EFAULT; |
| 1144 | cat_size += sizeof(u16); | 1148 | cat_size += sizeof(u16); |
| @@ -1191,7 +1195,7 @@ static int cipso_v4_map_cat_rng_ntoh(const struct cipso_v4_doi *doi_def, | |||
| 1191 | else | 1195 | else |
| 1192 | cat_low = 0; | 1196 | cat_low = 0; |
| 1193 | 1197 | ||
| 1194 | ret_val = netlbl_secattr_catmap_setrng(secattr->mls_cat, | 1198 | ret_val = netlbl_secattr_catmap_setrng(secattr->attr.mls.cat, |
| 1195 | cat_low, | 1199 | cat_low, |
| 1196 | cat_high, | 1200 | cat_high, |
| 1197 | GFP_ATOMIC); | 1201 | GFP_ATOMIC); |
| @@ -1251,7 +1255,9 @@ static int cipso_v4_gentag_rbm(const struct cipso_v4_doi *doi_def, | |||
| 1251 | if ((secattr->flags & NETLBL_SECATTR_MLS_LVL) == 0) | 1255 | if ((secattr->flags & NETLBL_SECATTR_MLS_LVL) == 0) |
| 1252 | return -EPERM; | 1256 | return -EPERM; |
| 1253 | 1257 | ||
| 1254 | ret_val = cipso_v4_map_lvl_hton(doi_def, secattr->mls_lvl, &level); | 1258 | ret_val = cipso_v4_map_lvl_hton(doi_def, |
| 1259 | secattr->attr.mls.lvl, | ||
| 1260 | &level); | ||
| 1255 | if (ret_val != 0) | 1261 | if (ret_val != 0) |
| 1256 | return ret_val; | 1262 | return ret_val; |
| 1257 | 1263 | ||
| @@ -1303,12 +1309,13 @@ static int cipso_v4_parsetag_rbm(const struct cipso_v4_doi *doi_def, | |||
| 1303 | ret_val = cipso_v4_map_lvl_ntoh(doi_def, tag[3], &level); | 1309 | ret_val = cipso_v4_map_lvl_ntoh(doi_def, tag[3], &level); |
| 1304 | if (ret_val != 0) | 1310 | if (ret_val != 0) |
| 1305 | return ret_val; | 1311 | return ret_val; |
| 1306 | secattr->mls_lvl = level; | 1312 | secattr->attr.mls.lvl = level; |
| 1307 | secattr->flags |= NETLBL_SECATTR_MLS_LVL; | 1313 | secattr->flags |= NETLBL_SECATTR_MLS_LVL; |
| 1308 | 1314 | ||
| 1309 | if (tag_len > 4) { | 1315 | if (tag_len > 4) { |
| 1310 | secattr->mls_cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC); | 1316 | secattr->attr.mls.cat = |
| 1311 | if (secattr->mls_cat == NULL) | 1317 | netlbl_secattr_catmap_alloc(GFP_ATOMIC); |
| 1318 | if (secattr->attr.mls.cat == NULL) | ||
| 1312 | return -ENOMEM; | 1319 | return -ENOMEM; |
| 1313 | 1320 | ||
| 1314 | ret_val = cipso_v4_map_cat_rbm_ntoh(doi_def, | 1321 | ret_val = cipso_v4_map_cat_rbm_ntoh(doi_def, |
| @@ -1316,7 +1323,7 @@ static int cipso_v4_parsetag_rbm(const struct cipso_v4_doi *doi_def, | |||
| 1316 | tag_len - 4, | 1323 | tag_len - 4, |
| 1317 | secattr); | 1324 | secattr); |
| 1318 | if (ret_val != 0) { | 1325 | if (ret_val != 0) { |
| 1319 | netlbl_secattr_catmap_free(secattr->mls_cat); | 1326 | netlbl_secattr_catmap_free(secattr->attr.mls.cat); |
| 1320 | return ret_val; | 1327 | return ret_val; |
| 1321 | } | 1328 | } |
| 1322 | 1329 | ||
| @@ -1350,7 +1357,9 @@ static int cipso_v4_gentag_enum(const struct cipso_v4_doi *doi_def, | |||
| 1350 | if (!(secattr->flags & NETLBL_SECATTR_MLS_LVL)) | 1357 | if (!(secattr->flags & NETLBL_SECATTR_MLS_LVL)) |
| 1351 | return -EPERM; | 1358 | return -EPERM; |
| 1352 | 1359 | ||
| 1353 | ret_val = cipso_v4_map_lvl_hton(doi_def, secattr->mls_lvl, &level); | 1360 | ret_val = cipso_v4_map_lvl_hton(doi_def, |
| 1361 | secattr->attr.mls.lvl, | ||
| 1362 | &level); | ||
| 1354 | if (ret_val != 0) | 1363 | if (ret_val != 0) |
| 1355 | return ret_val; | 1364 | return ret_val; |
| 1356 | 1365 | ||
| @@ -1396,12 +1405,13 @@ static int cipso_v4_parsetag_enum(const struct cipso_v4_doi *doi_def, | |||
| 1396 | ret_val = cipso_v4_map_lvl_ntoh(doi_def, tag[3], &level); | 1405 | ret_val = cipso_v4_map_lvl_ntoh(doi_def, tag[3], &level); |
| 1397 | if (ret_val != 0) | 1406 | if (ret_val != 0) |
| 1398 | return ret_val; | 1407 | return ret_val; |
| 1399 | secattr->mls_lvl = level; | 1408 | secattr->attr.mls.lvl = level; |
| 1400 | secattr->flags |= NETLBL_SECATTR_MLS_LVL; | 1409 | secattr->flags |= NETLBL_SECATTR_MLS_LVL; |
| 1401 | 1410 | ||
| 1402 | if (tag_len > 4) { | 1411 | if (tag_len > 4) { |
| 1403 | secattr->mls_cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC); | 1412 | secattr->attr.mls.cat = |
| 1404 | if (secattr->mls_cat == NULL) | 1413 | netlbl_secattr_catmap_alloc(GFP_ATOMIC); |
| 1414 | if (secattr->attr.mls.cat == NULL) | ||
| 1405 | return -ENOMEM; | 1415 | return -ENOMEM; |
| 1406 | 1416 | ||
| 1407 | ret_val = cipso_v4_map_cat_enum_ntoh(doi_def, | 1417 | ret_val = cipso_v4_map_cat_enum_ntoh(doi_def, |
| @@ -1409,7 +1419,7 @@ static int cipso_v4_parsetag_enum(const struct cipso_v4_doi *doi_def, | |||
| 1409 | tag_len - 4, | 1419 | tag_len - 4, |
| 1410 | secattr); | 1420 | secattr); |
| 1411 | if (ret_val != 0) { | 1421 | if (ret_val != 0) { |
| 1412 | netlbl_secattr_catmap_free(secattr->mls_cat); | 1422 | netlbl_secattr_catmap_free(secattr->attr.mls.cat); |
| 1413 | return ret_val; | 1423 | return ret_val; |
| 1414 | } | 1424 | } |
| 1415 | 1425 | ||
| @@ -1443,7 +1453,9 @@ static int cipso_v4_gentag_rng(const struct cipso_v4_doi *doi_def, | |||
| 1443 | if (!(secattr->flags & NETLBL_SECATTR_MLS_LVL)) | 1453 | if (!(secattr->flags & NETLBL_SECATTR_MLS_LVL)) |
| 1444 | return -EPERM; | 1454 | return -EPERM; |
| 1445 | 1455 | ||
| 1446 | ret_val = cipso_v4_map_lvl_hton(doi_def, secattr->mls_lvl, &level); | 1456 | ret_val = cipso_v4_map_lvl_hton(doi_def, |
| 1457 | secattr->attr.mls.lvl, | ||
| 1458 | &level); | ||
| 1447 | if (ret_val != 0) | 1459 | if (ret_val != 0) |
| 1448 | return ret_val; | 1460 | return ret_val; |
| 1449 | 1461 | ||
| @@ -1488,12 +1500,13 @@ static int cipso_v4_parsetag_rng(const struct cipso_v4_doi *doi_def, | |||
| 1488 | ret_val = cipso_v4_map_lvl_ntoh(doi_def, tag[3], &level); | 1500 | ret_val = cipso_v4_map_lvl_ntoh(doi_def, tag[3], &level); |
| 1489 | if (ret_val != 0) | 1501 | if (ret_val != 0) |
| 1490 | return ret_val; | 1502 | return ret_val; |
| 1491 | secattr->mls_lvl = level; | 1503 | secattr->attr.mls.lvl = level; |
| 1492 | secattr->flags |= NETLBL_SECATTR_MLS_LVL; | 1504 | secattr->flags |= NETLBL_SECATTR_MLS_LVL; |
| 1493 | 1505 | ||
| 1494 | if (tag_len > 4) { | 1506 | if (tag_len > 4) { |
| 1495 | secattr->mls_cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC); | 1507 | secattr->attr.mls.cat = |
| 1496 | if (secattr->mls_cat == NULL) | 1508 | netlbl_secattr_catmap_alloc(GFP_ATOMIC); |
| 1509 | if (secattr->attr.mls.cat == NULL) | ||
| 1497 | return -ENOMEM; | 1510 | return -ENOMEM; |
| 1498 | 1511 | ||
| 1499 | ret_val = cipso_v4_map_cat_rng_ntoh(doi_def, | 1512 | ret_val = cipso_v4_map_cat_rng_ntoh(doi_def, |
| @@ -1501,7 +1514,7 @@ static int cipso_v4_parsetag_rng(const struct cipso_v4_doi *doi_def, | |||
| 1501 | tag_len - 4, | 1514 | tag_len - 4, |
| 1502 | secattr); | 1515 | secattr); |
| 1503 | if (ret_val != 0) { | 1516 | if (ret_val != 0) { |
| 1504 | netlbl_secattr_catmap_free(secattr->mls_cat); | 1517 | netlbl_secattr_catmap_free(secattr->attr.mls.cat); |
| 1505 | return ret_val; | 1518 | return ret_val; |
| 1506 | } | 1519 | } |
| 1507 | 1520 | ||
| @@ -1850,6 +1863,8 @@ static int cipso_v4_getattr(const unsigned char *cipso, | |||
| 1850 | ret_val = cipso_v4_parsetag_rng(doi_def, &cipso[6], secattr); | 1863 | ret_val = cipso_v4_parsetag_rng(doi_def, &cipso[6], secattr); |
| 1851 | break; | 1864 | break; |
| 1852 | } | 1865 | } |
| 1866 | if (ret_val == 0) | ||
| 1867 | secattr->type = NETLBL_NLTYPE_CIPSOV4; | ||
| 1853 | 1868 | ||
| 1854 | getattr_return: | 1869 | getattr_return: |
| 1855 | rcu_read_unlock(); | 1870 | rcu_read_unlock(); |
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index fd53c7ae2977..7f5df0cbc63f 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c | |||
| @@ -241,6 +241,7 @@ int netlbl_unlabel_getattr(struct netlbl_lsm_secattr *secattr) | |||
| 241 | if (netlabel_unlabel_acceptflg == 0) | 241 | if (netlabel_unlabel_acceptflg == 0) |
| 242 | return -ENOMSG; | 242 | return -ENOMSG; |
| 243 | netlbl_secattr_init(secattr); | 243 | netlbl_secattr_init(secattr); |
| 244 | secattr->type = NETLBL_NLTYPE_UNLABELED; | ||
| 244 | return 0; | 245 | return 0; |
| 245 | } | 246 | } |
| 246 | 247 | ||