diff options
author | Venkat Yekkirala <vyekkirala@TrustedCS.com> | 2006-07-25 02:29:07 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:24 -0400 |
commit | e0d1caa7b0d5f02e4f34aa09c695d04251310c6c (patch) | |
tree | bf023c17abf6813f2694ebf5fafff82edd6a1023 /security/dummy.c | |
parent | b6340fcd761acf9249b3acbc95c4dc555d9beb07 (diff) |
[MLSXFRM]: Flow based matching of xfrm policy and state
This implements a seemless mechanism for xfrm policy selection and
state matching based on the flow sid. This also includes the necessary
SELinux enforcement pieces.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/dummy.c')
-rw-r--r-- | security/dummy.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/security/dummy.c b/security/dummy.c index bd3bc5faa9a8..c1f10654871e 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -835,7 +835,8 @@ static int dummy_xfrm_policy_delete_security(struct xfrm_policy *xp) | |||
835 | return 0; | 835 | return 0; |
836 | } | 836 | } |
837 | 837 | ||
838 | static int dummy_xfrm_state_alloc_security(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) | 838 | static int dummy_xfrm_state_alloc_security(struct xfrm_state *x, |
839 | struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *pol, u32 secid) | ||
839 | { | 840 | { |
840 | return 0; | 841 | return 0; |
841 | } | 842 | } |
@@ -853,6 +854,23 @@ static int dummy_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) | |||
853 | { | 854 | { |
854 | return 0; | 855 | return 0; |
855 | } | 856 | } |
857 | |||
858 | static int dummy_xfrm_state_pol_flow_match(struct xfrm_state *x, | ||
859 | struct xfrm_policy *xp, struct flowi *fl) | ||
860 | { | ||
861 | return 1; | ||
862 | } | ||
863 | |||
864 | static int dummy_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm) | ||
865 | { | ||
866 | return 1; | ||
867 | } | ||
868 | |||
869 | static int dummy_xfrm_decode_session(struct sk_buff *skb, struct flowi *fl) | ||
870 | { | ||
871 | return 0; | ||
872 | } | ||
873 | |||
856 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 874 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
857 | static int dummy_register_security (const char *name, struct security_operations *ops) | 875 | static int dummy_register_security (const char *name, struct security_operations *ops) |
858 | { | 876 | { |
@@ -1076,6 +1094,9 @@ void security_fixup_ops (struct security_operations *ops) | |||
1076 | set_to_dummy_if_null(ops, xfrm_state_free_security); | 1094 | set_to_dummy_if_null(ops, xfrm_state_free_security); |
1077 | set_to_dummy_if_null(ops, xfrm_state_delete_security); | 1095 | set_to_dummy_if_null(ops, xfrm_state_delete_security); |
1078 | set_to_dummy_if_null(ops, xfrm_policy_lookup); | 1096 | set_to_dummy_if_null(ops, xfrm_policy_lookup); |
1097 | set_to_dummy_if_null(ops, xfrm_state_pol_flow_match); | ||
1098 | set_to_dummy_if_null(ops, xfrm_flow_state_match); | ||
1099 | set_to_dummy_if_null(ops, xfrm_decode_session); | ||
1079 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 1100 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
1080 | #ifdef CONFIG_KEYS | 1101 | #ifdef CONFIG_KEYS |
1081 | set_to_dummy_if_null(ops, key_alloc); | 1102 | set_to_dummy_if_null(ops, key_alloc); |