aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/net/netlabel.h13
-rw-r--r--net/netlabel/netlabel_kapi.c84
2 files changed, 23 insertions, 74 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index e4d2d6baa983..5303749b7093 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -352,12 +352,9 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)
352int netlbl_cfg_map_del(const char *domain, struct netlbl_audit *audit_info); 352int netlbl_cfg_map_del(const char *domain, struct netlbl_audit *audit_info);
353int netlbl_cfg_unlbl_add_map(const char *domain, 353int netlbl_cfg_unlbl_add_map(const char *domain,
354 struct netlbl_audit *audit_info); 354 struct netlbl_audit *audit_info);
355int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
356 struct netlbl_audit *audit_info);
357int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, 355int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
358 const char *domain, 356 const char *domain,
359 struct netlbl_audit *audit_info); 357 struct netlbl_audit *audit_info);
360int netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info);
361 358
362/* 359/*
363 * LSM security attribute operations 360 * LSM security attribute operations
@@ -404,22 +401,12 @@ static inline int netlbl_cfg_unlbl_add_map(const char *domain,
404{ 401{
405 return -ENOSYS; 402 return -ENOSYS;
406} 403}
407static inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
408 struct netlbl_audit *audit_info)
409{
410 return -ENOSYS;
411}
412static inline int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, 404static inline int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
413 const char *domain, 405 const char *domain,
414 struct netlbl_audit *audit_info) 406 struct netlbl_audit *audit_info)
415{ 407{
416 return -ENOSYS; 408 return -ENOSYS;
417} 409}
418static inline int netlbl_cfg_cipsov4_del(u32 doi,
419 struct netlbl_audit *audit_info)
420{
421 return -ENOSYS;
422}
423static inline int netlbl_secattr_catmap_walk( 410static inline int netlbl_secattr_catmap_walk(
424 struct netlbl_lsm_secattr_catmap *catmap, 411 struct netlbl_lsm_secattr_catmap *catmap,
425 u32 offset) 412 u32 offset)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 39793a1a93aa..6c211fe97782 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -82,7 +82,7 @@ int netlbl_cfg_unlbl_add_map(const char *domain,
82 82
83 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 83 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
84 if (entry == NULL) 84 if (entry == NULL)
85 goto cfg_unlbl_add_map_failure; 85 return -ENOMEM;
86 if (domain != NULL) { 86 if (domain != NULL) {
87 entry->domain = kstrdup(domain, GFP_ATOMIC); 87 entry->domain = kstrdup(domain, GFP_ATOMIC);
88 if (entry->domain == NULL) 88 if (entry->domain == NULL)
@@ -104,49 +104,6 @@ cfg_unlbl_add_map_failure:
104} 104}
105 105
106/** 106/**
107 * netlbl_cfg_cipsov4_add - Add a new CIPSOv4 DOI definition
108 * @doi_def: the DOI definition
109 * @audit_info: NetLabel audit information
110 *
111 * Description:
112 * Add a new CIPSOv4 DOI definition to the NetLabel subsystem. Returns zero on
113 * success, negative values on failure.
114 *
115 */
116int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
117 struct netlbl_audit *audit_info)
118{
119 int ret_val;
120 const char *type_str;
121 struct audit_buffer *audit_buf;
122
123 ret_val = cipso_v4_doi_add(doi_def);
124
125 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
126 audit_info);
127 if (audit_buf != NULL) {
128 switch (doi_def->type) {
129 case CIPSO_V4_MAP_STD:
130 type_str = "std";
131 break;
132 case CIPSO_V4_MAP_PASS:
133 type_str = "pass";
134 break;
135 default:
136 type_str = "(unknown)";
137 }
138 audit_log_format(audit_buf,
139 " cipso_doi=%u cipso_type=%s res=%u",
140 doi_def->doi,
141 type_str,
142 ret_val == 0 ? 1 : 0);
143 audit_log_end(audit_buf);
144 }
145
146 return ret_val;
147}
148
149/**
150 * netlbl_cfg_cipsov4_add_map - Add a new CIPSOv4 DOI definition and mapping 107 * netlbl_cfg_cipsov4_add_map - Add a new CIPSOv4 DOI definition and mapping
151 * @doi_def: the DOI definition 108 * @doi_def: the DOI definition
152 * @domain: the domain mapping to add 109 * @domain: the domain mapping to add
@@ -165,10 +122,12 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
165{ 122{
166 int ret_val = -ENOMEM; 123 int ret_val = -ENOMEM;
167 struct netlbl_dom_map *entry; 124 struct netlbl_dom_map *entry;
125 const char *type_str;
126 struct audit_buffer *audit_buf;
168 127
169 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 128 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
170 if (entry == NULL) 129 if (entry == NULL)
171 goto cfg_cipsov4_add_map_failure; 130 return -ENOMEM;
172 if (domain != NULL) { 131 if (domain != NULL) {
173 entry->domain = kstrdup(domain, GFP_ATOMIC); 132 entry->domain = kstrdup(domain, GFP_ATOMIC);
174 if (entry->domain == NULL) 133 if (entry->domain == NULL)
@@ -182,7 +141,7 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
182 * domain mapping for it. */ 141 * domain mapping for it. */
183 142
184 rcu_read_lock(); 143 rcu_read_lock();
185 ret_val = netlbl_cfg_cipsov4_add(doi_def, audit_info); 144 ret_val = cipso_v4_doi_add(doi_def);
186 if (ret_val != 0) 145 if (ret_val != 0)
187 goto cfg_cipsov4_add_map_failure_unlock; 146 goto cfg_cipsov4_add_map_failure_unlock;
188 ret_val = netlbl_domhsh_add(entry, audit_info); 147 ret_val = netlbl_domhsh_add(entry, audit_info);
@@ -196,6 +155,24 @@ cfg_cipsov4_add_map_failure_remove_doi:
196 cipso_v4_doi_remove(doi_def->doi, audit_info, netlbl_cipsov4_doi_free); 155 cipso_v4_doi_remove(doi_def->doi, audit_info, netlbl_cipsov4_doi_free);
197cfg_cipsov4_add_map_failure_unlock: 156cfg_cipsov4_add_map_failure_unlock:
198 rcu_read_unlock(); 157 rcu_read_unlock();
158 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
159 audit_info);
160 if (audit_buf != NULL) {
161 switch (doi_def->type) {
162 case CIPSO_V4_MAP_STD:
163 type_str = "std";
164 break;
165 case CIPSO_V4_MAP_PASS:
166 type_str = "pass";
167 break;
168 default:
169 type_str = "(unknown)";
170 }
171 audit_log_format(audit_buf,
172 " cipso_doi=%u cipso_type=%s res=%u",
173 doi_def->doi, type_str, ret_val == 0 ? 1 : 0);
174 audit_log_end(audit_buf);
175 }
199cfg_cipsov4_add_map_failure: 176cfg_cipsov4_add_map_failure:
200 if (entry != NULL) 177 if (entry != NULL)
201 kfree(entry->domain); 178 kfree(entry->domain);
@@ -203,21 +180,6 @@ cfg_cipsov4_add_map_failure:
203 return ret_val; 180 return ret_val;
204} 181}
205 182
206/**
207 * netlbl_cfg_cipsov4_del - Removean existing CIPSOv4 DOI definition
208 * @doi: the CIPSO DOI value
209 * @audit_info: NetLabel audit information
210 *
211 * Description:
212 * Removes an existing CIPSOv4 DOI definition from the NetLabel subsystem.
213 * Returns zero on success, negative values on failure.
214 *
215 */
216int netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info)
217{
218 return cipso_v4_doi_remove(doi, audit_info, netlbl_cipsov4_doi_free);
219}
220
221/* 183/*
222 * Security Attribute Functions 184 * Security Attribute Functions
223 */ 185 */
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-14 02:44:52 -0500