1 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 294a0b228123..d70adc394f62 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -959,6 +959,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      Sets the new child socket's sid to the openreq sid.
 * @inet_conn_established:
 *      Sets the connection's peersid to the secmark on skb.
+ * @secmark_relabel_packet:
+ *      check if the process should be allowed to relabel packets to the given secid
+ * @security_secmark_refcount_inc
+ *      tells the LSM to increment the number of secmark labeling rules loaded
+ * @security_secmark_refcount_dec
+ *      tells the LSM to decrement the number of secmark labeling rules loaded
 * @req_classify_flow:
 *      Sets the flow's sid to the openreq sid.
 * @tun_dev_create:
@@ -1593,6 +1599,9 @@ struct security_operations {
                                  struct request_sock *req);
        void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
        void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
+        int (*secmark_relabel_packet) (u32 secid);
+        void (*secmark_refcount_inc) (void);
+        void (*secmark_refcount_dec) (void);
        void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
        int (*tun_dev_create)(void);
        void (*tun_dev_post_create)(struct sock *sk);
@@ -2547,6 +2556,9 @@ void security_inet_csk_clone(struct sock *newsk,
                        const struct request_sock *req);
 void security_inet_conn_established(struct sock *sk,
                        struct sk_buff *skb);
+int security_secmark_relabel_packet(u32 secid);
+void security_secmark_refcount_inc(void);
+void security_secmark_refcount_dec(void);
 int security_tun_dev_create(void);
 void security_tun_dev_post_create(struct sock *sk);
 int security_tun_dev_attach(struct sock *sk);
@@ -2701,6 +2713,19 @@ static inline void security_inet_conn_established(struct sock *sk,
 {
 }
+static inline int security_secmark_relabel_packet(u32 secid)
+{
+        return 0;
+}
+static inline void security_secmark_refcount_inc(void)
+{
+}
+static inline void security_secmark_refcount_dec(void)
+{
+}
 static inline int security_tun_dev_create(void)
 {
        return 0;

diff --git a/include/linux/security.h b/include/linux/security.h index 294a0b228123..d70adc394f62 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -959,6 +959,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
959	* Sets the new child socket's sid to the openreq sid.	959	* Sets the new child socket's sid to the openreq sid.
960	* @inet_conn_established:	960	* @inet_conn_established:
961	* Sets the connection's peersid to the secmark on skb.	961	* Sets the connection's peersid to the secmark on skb.
		962	* @secmark_relabel_packet:
		963	* check if the process should be allowed to relabel packets to the given secid
		964	* @security_secmark_refcount_inc
		965	* tells the LSM to increment the number of secmark labeling rules loaded
		966	* @security_secmark_refcount_dec
		967	* tells the LSM to decrement the number of secmark labeling rules loaded
962	* @req_classify_flow:	968	* @req_classify_flow:
963	* Sets the flow's sid to the openreq sid.	969	* Sets the flow's sid to the openreq sid.
964	* @tun_dev_create:	970	* @tun_dev_create:
@@ -1593,6 +1599,9 @@ struct security_operations {
1593	struct request_sock *req);	1599	struct request_sock *req);
1594	void (inet_csk_clone) (struct sock newsk, const struct request_sock *req);	1600	void (inet_csk_clone) (struct sock newsk, const struct request_sock *req);
1595	void (inet_conn_established) (struct sock sk, struct sk_buff *skb);	1601	void (inet_conn_established) (struct sock sk, struct sk_buff *skb);
		1602	int (*secmark_relabel_packet) (u32 secid);
		1603	void (*secmark_refcount_inc) (void);
		1604	void (*secmark_refcount_dec) (void);
1596	void (req_classify_flow) (const struct request_sock req, struct flowi *fl);	1605	void (req_classify_flow) (const struct request_sock req, struct flowi *fl);
1597	int (*tun_dev_create)(void);	1606	int (*tun_dev_create)(void);
1598	void (tun_dev_post_create)(struct sock sk);	1607	void (tun_dev_post_create)(struct sock sk);
@@ -2547,6 +2556,9 @@ void security_inet_csk_clone(struct sock *newsk,
2547	const struct request_sock *req);	2556	const struct request_sock *req);
2548	void security_inet_conn_established(struct sock *sk,	2557	void security_inet_conn_established(struct sock *sk,
2549	struct sk_buff *skb);	2558	struct sk_buff *skb);
		2559	int security_secmark_relabel_packet(u32 secid);
		2560	void security_secmark_refcount_inc(void);
		2561	void security_secmark_refcount_dec(void);
2550	int security_tun_dev_create(void);	2562	int security_tun_dev_create(void);
2551	void security_tun_dev_post_create(struct sock *sk);	2563	void security_tun_dev_post_create(struct sock *sk);
2552	int security_tun_dev_attach(struct sock *sk);	2564	int security_tun_dev_attach(struct sock *sk);
@@ -2701,6 +2713,19 @@ static inline void security_inet_conn_established(struct sock *sk,
2701	{	2713	{
2702	}	2714	}
2703		2715
		2716	static inline int security_secmark_relabel_packet(u32 secid)
		2717	{
		2718	return 0;
		2719	}
		2720
		2721	static inline void security_secmark_refcount_inc(void)
		2722	{
		2723	}
		2724
		2725	static inline void security_secmark_refcount_dec(void)
		2726	{
		2727	}
		2728
2704	static inline int security_tun_dev_create(void)	2729	static inline int security_tun_dev_create(void)
2705	{	2730	{
2706	return 0;	2731	return 0;