aboutsummaryrefslogtreecommitdiffstats
path: root/security/dummy.c
diff options
context:
space:
mode:
authorVenkat Yekkirala <vyekkirala@TrustedCS.com>2006-07-25 02:29:07 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 17:53:24 -0400
commite0d1caa7b0d5f02e4f34aa09c695d04251310c6c (patch)
treebf023c17abf6813f2694ebf5fafff82edd6a1023 /security/dummy.c
parentb6340fcd761acf9249b3acbc95c4dc555d9beb07 (diff)
[MLSXFRM]: Flow based matching of xfrm policy and state
This implements a seemless mechanism for xfrm policy selection and state matching based on the flow sid. This also includes the necessary SELinux enforcement pieces. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/dummy.c')
-rw-r--r--security/dummy.c23
1 files changed, 22 insertions, 1 deletions
diff --git a/security/dummy.c b/security/dummy.c
index bd3bc5faa9a8..c1f10654871e 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -835,7 +835,8 @@ static int dummy_xfrm_policy_delete_security(struct xfrm_policy *xp)
835 return 0; 835 return 0;
836} 836}
837 837
838static int dummy_xfrm_state_alloc_security(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 838static int dummy_xfrm_state_alloc_security(struct xfrm_state *x,
839 struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *pol, u32 secid)
839{ 840{
840 return 0; 841 return 0;
841} 842}
@@ -853,6 +854,23 @@ static int dummy_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
853{ 854{
854 return 0; 855 return 0;
855} 856}
857
858static int dummy_xfrm_state_pol_flow_match(struct xfrm_state *x,
859 struct xfrm_policy *xp, struct flowi *fl)
860{
861 return 1;
862}
863
864static int dummy_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm)
865{
866 return 1;
867}
868
869static int dummy_xfrm_decode_session(struct sk_buff *skb, struct flowi *fl)
870{
871 return 0;
872}
873
856#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 874#endif /* CONFIG_SECURITY_NETWORK_XFRM */
857static int dummy_register_security (const char *name, struct security_operations *ops) 875static int dummy_register_security (const char *name, struct security_operations *ops)
858{ 876{
@@ -1076,6 +1094,9 @@ void security_fixup_ops (struct security_operations *ops)
1076 set_to_dummy_if_null(ops, xfrm_state_free_security); 1094 set_to_dummy_if_null(ops, xfrm_state_free_security);
1077 set_to_dummy_if_null(ops, xfrm_state_delete_security); 1095 set_to_dummy_if_null(ops, xfrm_state_delete_security);
1078 set_to_dummy_if_null(ops, xfrm_policy_lookup); 1096 set_to_dummy_if_null(ops, xfrm_policy_lookup);
1097 set_to_dummy_if_null(ops, xfrm_state_pol_flow_match);
1098 set_to_dummy_if_null(ops, xfrm_flow_state_match);
1099 set_to_dummy_if_null(ops, xfrm_decode_session);
1079#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1100#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1080#ifdef CONFIG_KEYS 1101#ifdef CONFIG_KEYS
1081 set_to_dummy_if_null(ops, key_alloc); 1102 set_to_dummy_if_null(ops, key_alloc);