1 files changed, 29 insertions, 0 deletions
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 0fb077d68441..82fbb758e28f 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -27,6 +27,22 @@ struct xfrm_id
        __u8            proto;
 };
+struct xfrm_sec_ctx {
+        __u8    ctx_doi;
+        __u8    ctx_alg;
+        __u16   ctx_len;
+        __u32   ctx_sid;
+        char    ctx_str[0];
+};
+/* Security Context Domains of Interpretation */
+#define XFRM_SC_DOI_RESERVED 0
+#define XFRM_SC_DOI_LSM 1
+/* Security Context Algorithms */
+#define XFRM_SC_ALG_RESERVED 0
+#define XFRM_SC_ALG_SELINUX 1
 /* Selector, used as selector both on policy rules (SPD) and SAs. */
 struct xfrm_selector
@@ -146,6 +162,18 @@ enum {
 #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
+/*
+ * Generic LSM security context for comunicating to user space
+ * NOTE: Same format as sadb_x_sec_ctx
+ */
+struct xfrm_user_sec_ctx {
+        __u16                   len;
+        __u16                   exttype;
+        __u8                    ctx_alg;  /* LSMs: e.g., selinux == 1 */
+        __u8                    ctx_doi;
+        __u16                   ctx_len;
+};
 struct xfrm_user_tmpl {
        struct xfrm_id          id;
        __u16                   family;
@@ -176,6 +204,7 @@ enum xfrm_attr_type_t {
        XFRMA_TMPL,             /* 1 or more struct xfrm_user_tmpl */
        XFRMA_SA,
        XFRMA_POLICY,
+        XFRMA_SEC_CTX,          /* struct xfrm_sec_ctx */
        __XFRMA_MAX
 #define XFRMA_MAX (__XFRMA_MAX - 1)

diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h index 0fb077d68441..82fbb758e28f 100644 --- a/include/linux/xfrm.h +++ b/include/linux/xfrm.h
@@ -27,6 +27,22 @@ struct xfrm_id
27	__u8 proto;	27	__u8 proto;
28	};	28	};
29		29
		30	struct xfrm_sec_ctx {
		31	__u8 ctx_doi;
		32	__u8 ctx_alg;
		33	__u16 ctx_len;
		34	__u32 ctx_sid;
		35	char ctx_str[0];
		36	};
		37
		38	/* Security Context Domains of Interpretation */
		39	#define XFRM_SC_DOI_RESERVED 0
		40	#define XFRM_SC_DOI_LSM 1
		41
		42	/* Security Context Algorithms */
		43	#define XFRM_SC_ALG_RESERVED 0
		44	#define XFRM_SC_ALG_SELINUX 1
		45
30	/* Selector, used as selector both on policy rules (SPD) and SAs. */	46	/* Selector, used as selector both on policy rules (SPD) and SAs. */
31		47
32	struct xfrm_selector	48	struct xfrm_selector
@@ -146,6 +162,18 @@ enum {
146		162
147	#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)	163	#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
148		164
		165	/*
		166	* Generic LSM security context for comunicating to user space
		167	* NOTE: Same format as sadb_x_sec_ctx
		168	*/
		169	struct xfrm_user_sec_ctx {
		170	__u16 len;
		171	__u16 exttype;
		172	__u8 ctx_alg; /* LSMs: e.g., selinux == 1 */
		173	__u8 ctx_doi;
		174	__u16 ctx_len;
		175	};
		176
149	struct xfrm_user_tmpl {	177	struct xfrm_user_tmpl {
150	struct xfrm_id id;	178	struct xfrm_id id;
151	__u16 family;	179	__u16 family;
@@ -176,6 +204,7 @@ enum xfrm_attr_type_t {
176	XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */	204	XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */
177	XFRMA_SA,	205	XFRMA_SA,
178	XFRMA_POLICY,	206	XFRMA_POLICY,
		207	XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */
179	__XFRMA_MAX	208	__XFRMA_MAX
180		209
181	#define XFRMA_MAX (__XFRMA_MAX - 1)	210	#define XFRMA_MAX (__XFRMA_MAX - 1)