aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h48
1 files changed, 24 insertions, 24 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index c673dfd4dffc..f5eb9ff47ac5 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -910,24 +910,24 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
910 * Security hooks for XFRM operations. 910 * Security hooks for XFRM operations.
911 * 911 *
912 * @xfrm_policy_alloc_security: 912 * @xfrm_policy_alloc_security:
913 * @xp contains the xfrm_policy being added to Security Policy Database 913 * @ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy
914 * used by the XFRM system. 914 * Database used by the XFRM system.
915 * @sec_ctx contains the security context information being provided by 915 * @sec_ctx contains the security context information being provided by
916 * the user-level policy update program (e.g., setkey). 916 * the user-level policy update program (e.g., setkey).
917 * Allocate a security structure to the xp->security field; the security 917 * Allocate a security structure to the xp->security field; the security
918 * field is initialized to NULL when the xfrm_policy is allocated. 918 * field is initialized to NULL when the xfrm_policy is allocated.
919 * Return 0 if operation was successful (memory to allocate, legal context) 919 * Return 0 if operation was successful (memory to allocate, legal context)
920 * @xfrm_policy_clone_security: 920 * @xfrm_policy_clone_security:
921 * @old contains an existing xfrm_policy in the SPD. 921 * @old_ctx contains an existing xfrm_sec_ctx.
922 * @new contains a new xfrm_policy being cloned from old. 922 * @new_ctxp contains a new xfrm_sec_ctx being cloned from old.
923 * Allocate a security structure to the new->security field 923 * Allocate a security structure in new_ctxp that contains the
924 * that contains the information from the old->security field. 924 * information from the old_ctx structure.
925 * Return 0 if operation was successful (memory to allocate). 925 * Return 0 if operation was successful (memory to allocate).
926 * @xfrm_policy_free_security: 926 * @xfrm_policy_free_security:
927 * @xp contains the xfrm_policy 927 * @ctx contains the xfrm_sec_ctx
928 * Deallocate xp->security. 928 * Deallocate xp->security.
929 * @xfrm_policy_delete_security: 929 * @xfrm_policy_delete_security:
930 * @xp contains the xfrm_policy. 930 * @ctx contains the xfrm_sec_ctx.
931 * Authorize deletion of xp->security. 931 * Authorize deletion of xp->security.
932 * @xfrm_state_alloc_security: 932 * @xfrm_state_alloc_security:
933 * @x contains the xfrm_state being added to the Security Association 933 * @x contains the xfrm_state being added to the Security Association
@@ -947,7 +947,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
947 * @x contains the xfrm_state. 947 * @x contains the xfrm_state.
948 * Authorize deletion of x->security. 948 * Authorize deletion of x->security.
949 * @xfrm_policy_lookup: 949 * @xfrm_policy_lookup:
950 * @xp contains the xfrm_policy for which the access control is being 950 * @ctx contains the xfrm_sec_ctx for which the access control is being
951 * checked. 951 * checked.
952 * @fl_secid contains the flow security label that is used to authorize 952 * @fl_secid contains the flow security label that is used to authorize
953 * access to the policy xp. 953 * access to the policy xp.
@@ -1454,17 +1454,17 @@ struct security_operations {
1454#endif /* CONFIG_SECURITY_NETWORK */ 1454#endif /* CONFIG_SECURITY_NETWORK */
1455 1455
1456#ifdef CONFIG_SECURITY_NETWORK_XFRM 1456#ifdef CONFIG_SECURITY_NETWORK_XFRM
1457 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, 1457 int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
1458 struct xfrm_user_sec_ctx *sec_ctx); 1458 struct xfrm_user_sec_ctx *sec_ctx);
1459 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); 1459 int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
1460 void (*xfrm_policy_free_security) (struct xfrm_policy *xp); 1460 void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
1461 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); 1461 int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
1462 int (*xfrm_state_alloc_security) (struct xfrm_state *x, 1462 int (*xfrm_state_alloc_security) (struct xfrm_state *x,
1463 struct xfrm_user_sec_ctx *sec_ctx, 1463 struct xfrm_user_sec_ctx *sec_ctx,
1464 u32 secid); 1464 u32 secid);
1465 void (*xfrm_state_free_security) (struct xfrm_state *x); 1465 void (*xfrm_state_free_security) (struct xfrm_state *x);
1466 int (*xfrm_state_delete_security) (struct xfrm_state *x); 1466 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1467 int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir); 1467 int (*xfrm_policy_lookup)(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
1468 int (*xfrm_state_pol_flow_match)(struct xfrm_state *x, 1468 int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,
1469 struct xfrm_policy *xp, struct flowi *fl); 1469 struct xfrm_policy *xp, struct flowi *fl);
1470 int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall); 1470 int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);
@@ -2562,16 +2562,16 @@ static inline void security_inet_conn_established(struct sock *sk,
2562 2562
2563#ifdef CONFIG_SECURITY_NETWORK_XFRM 2563#ifdef CONFIG_SECURITY_NETWORK_XFRM
2564 2564
2565int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); 2565int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx);
2566int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new); 2566int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
2567void security_xfrm_policy_free(struct xfrm_policy *xp); 2567void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
2568int security_xfrm_policy_delete(struct xfrm_policy *xp); 2568int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
2569int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 2569int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
2570int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 2570int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
2571 struct xfrm_sec_ctx *polsec, u32 secid); 2571 struct xfrm_sec_ctx *polsec, u32 secid);
2572int security_xfrm_state_delete(struct xfrm_state *x); 2572int security_xfrm_state_delete(struct xfrm_state *x);
2573void security_xfrm_state_free(struct xfrm_state *x); 2573void security_xfrm_state_free(struct xfrm_state *x);
2574int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir); 2574int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
2575int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 2575int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2576 struct xfrm_policy *xp, struct flowi *fl); 2576 struct xfrm_policy *xp, struct flowi *fl);
2577int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); 2577int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
@@ -2579,21 +2579,21 @@ void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
2579 2579
2580#else /* CONFIG_SECURITY_NETWORK_XFRM */ 2580#else /* CONFIG_SECURITY_NETWORK_XFRM */
2581 2581
2582static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) 2582static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
2583{ 2583{
2584 return 0; 2584 return 0;
2585} 2585}
2586 2586
2587static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 2587static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
2588{ 2588{
2589 return 0; 2589 return 0;
2590} 2590}
2591 2591
2592static inline void security_xfrm_policy_free(struct xfrm_policy *xp) 2592static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
2593{ 2593{
2594} 2594}
2595 2595
2596static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) 2596static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
2597{ 2597{
2598 return 0; 2598 return 0;
2599} 2599}
@@ -2619,7 +2619,7 @@ static inline int security_xfrm_state_delete(struct xfrm_state *x)
2619 return 0; 2619 return 0;
2620} 2620}
2621 2621
2622static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir) 2622static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
2623{ 2623{
2624 return 0; 2624 return 0;
2625} 2625}