diff options
Diffstat (limited to 'include/net/netlabel.h')
-rw-r--r-- | include/net/netlabel.h | 123 |
1 files changed, 113 insertions, 10 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 12c214b9eadf..83da7e1f0d3d 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h | |||
@@ -111,13 +111,34 @@ struct netlbl_lsm_cache { | |||
111 | void (*free) (const void *data); | 111 | void (*free) (const void *data); |
112 | void *data; | 112 | void *data; |
113 | }; | 113 | }; |
114 | /* The catmap bitmap field MUST be a power of two in length and large | ||
115 | * enough to hold at least 240 bits. Special care (i.e. check the code!) | ||
116 | * should be used when changing these values as the LSM implementation | ||
117 | * probably has functions which rely on the sizes of these types to speed | ||
118 | * processing. */ | ||
119 | #define NETLBL_CATMAP_MAPTYPE u64 | ||
120 | #define NETLBL_CATMAP_MAPCNT 4 | ||
121 | #define NETLBL_CATMAP_MAPSIZE (sizeof(NETLBL_CATMAP_MAPTYPE) * 8) | ||
122 | #define NETLBL_CATMAP_SIZE (NETLBL_CATMAP_MAPSIZE * \ | ||
123 | NETLBL_CATMAP_MAPCNT) | ||
124 | #define NETLBL_CATMAP_BIT (NETLBL_CATMAP_MAPTYPE)0x01 | ||
125 | struct netlbl_lsm_secattr_catmap { | ||
126 | u32 startbit; | ||
127 | NETLBL_CATMAP_MAPTYPE bitmap[NETLBL_CATMAP_MAPCNT]; | ||
128 | struct netlbl_lsm_secattr_catmap *next; | ||
129 | }; | ||
130 | #define NETLBL_SECATTR_NONE 0x00000000 | ||
131 | #define NETLBL_SECATTR_DOMAIN 0x00000001 | ||
132 | #define NETLBL_SECATTR_CACHE 0x00000002 | ||
133 | #define NETLBL_SECATTR_MLS_LVL 0x00000004 | ||
134 | #define NETLBL_SECATTR_MLS_CAT 0x00000008 | ||
114 | struct netlbl_lsm_secattr { | 135 | struct netlbl_lsm_secattr { |
136 | u32 flags; | ||
137 | |||
115 | char *domain; | 138 | char *domain; |
116 | 139 | ||
117 | u32 mls_lvl; | 140 | u32 mls_lvl; |
118 | u32 mls_lvl_vld; | 141 | struct netlbl_lsm_secattr_catmap *mls_cat; |
119 | unsigned char *mls_cat; | ||
120 | size_t mls_cat_len; | ||
121 | 142 | ||
122 | struct netlbl_lsm_cache *cache; | 143 | struct netlbl_lsm_cache *cache; |
123 | }; | 144 | }; |
@@ -165,18 +186,54 @@ static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache) | |||
165 | } | 186 | } |
166 | 187 | ||
167 | /** | 188 | /** |
189 | * netlbl_secattr_catmap_alloc - Allocate a LSM secattr catmap | ||
190 | * @flags: memory allocation flags | ||
191 | * | ||
192 | * Description: | ||
193 | * Allocate memory for a LSM secattr catmap, returns a pointer on success, NULL | ||
194 | * on failure. | ||
195 | * | ||
196 | */ | ||
197 | static inline struct netlbl_lsm_secattr_catmap *netlbl_secattr_catmap_alloc( | ||
198 | gfp_t flags) | ||
199 | { | ||
200 | return kzalloc(sizeof(struct netlbl_lsm_secattr_catmap), flags); | ||
201 | } | ||
202 | |||
203 | /** | ||
204 | * netlbl_secattr_catmap_free - Free a LSM secattr catmap | ||
205 | * @catmap: the category bitmap | ||
206 | * | ||
207 | * Description: | ||
208 | * Free a LSM secattr catmap. | ||
209 | * | ||
210 | */ | ||
211 | static inline void netlbl_secattr_catmap_free( | ||
212 | struct netlbl_lsm_secattr_catmap *catmap) | ||
213 | { | ||
214 | struct netlbl_lsm_secattr_catmap *iter; | ||
215 | |||
216 | do { | ||
217 | iter = catmap; | ||
218 | catmap = catmap->next; | ||
219 | kfree(iter); | ||
220 | } while (catmap); | ||
221 | } | ||
222 | |||
223 | /** | ||
168 | * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct | 224 | * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct |
169 | * @secattr: the struct to initialize | 225 | * @secattr: the struct to initialize |
170 | * | 226 | * |
171 | * Description: | 227 | * Description: |
172 | * Initialize an already allocated netlbl_lsm_secattr struct. Returns zero on | 228 | * Initialize an already allocated netlbl_lsm_secattr struct. |
173 | * success, negative values on error. | ||
174 | * | 229 | * |
175 | */ | 230 | */ |
176 | static inline int netlbl_secattr_init(struct netlbl_lsm_secattr *secattr) | 231 | static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr) |
177 | { | 232 | { |
178 | memset(secattr, 0, sizeof(*secattr)); | 233 | secattr->flags = 0; |
179 | return 0; | 234 | secattr->domain = NULL; |
235 | secattr->mls_cat = NULL; | ||
236 | secattr->cache = NULL; | ||
180 | } | 237 | } |
181 | 238 | ||
182 | /** | 239 | /** |
@@ -193,7 +250,8 @@ static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr) | |||
193 | if (secattr->cache) | 250 | if (secattr->cache) |
194 | netlbl_secattr_cache_free(secattr->cache); | 251 | netlbl_secattr_cache_free(secattr->cache); |
195 | kfree(secattr->domain); | 252 | kfree(secattr->domain); |
196 | kfree(secattr->mls_cat); | 253 | if (secattr->mls_cat) |
254 | netlbl_secattr_catmap_free(secattr->mls_cat); | ||
197 | } | 255 | } |
198 | 256 | ||
199 | /** | 257 | /** |
@@ -205,7 +263,7 @@ static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr) | |||
205 | * pointer on success, or NULL on failure. | 263 | * pointer on success, or NULL on failure. |
206 | * | 264 | * |
207 | */ | 265 | */ |
208 | static inline struct netlbl_lsm_secattr *netlbl_secattr_alloc(int flags) | 266 | static inline struct netlbl_lsm_secattr *netlbl_secattr_alloc(gfp_t flags) |
209 | { | 267 | { |
210 | return kzalloc(sizeof(struct netlbl_lsm_secattr), flags); | 268 | return kzalloc(sizeof(struct netlbl_lsm_secattr), flags); |
211 | } | 269 | } |
@@ -224,6 +282,51 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr) | |||
224 | kfree(secattr); | 282 | kfree(secattr); |
225 | } | 283 | } |
226 | 284 | ||
285 | #ifdef CONFIG_NETLABEL | ||
286 | int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap, | ||
287 | u32 offset); | ||
288 | int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap, | ||
289 | u32 offset); | ||
290 | int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap, | ||
291 | u32 bit, | ||
292 | gfp_t flags); | ||
293 | int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap, | ||
294 | u32 start, | ||
295 | u32 end, | ||
296 | gfp_t flags); | ||
297 | #else | ||
298 | static inline int netlbl_secattr_catmap_walk( | ||
299 | struct netlbl_lsm_secattr_catmap *catmap, | ||
300 | u32 offset) | ||
301 | { | ||
302 | return -ENOENT; | ||
303 | } | ||
304 | |||
305 | static inline int netlbl_secattr_catmap_walk_rng( | ||
306 | struct netlbl_lsm_secattr_catmap *catmap, | ||
307 | u32 offset) | ||
308 | { | ||
309 | return -ENOENT; | ||
310 | } | ||
311 | |||
312 | static inline int netlbl_secattr_catmap_setbit( | ||
313 | struct netlbl_lsm_secattr_catmap *catmap, | ||
314 | u32 bit, | ||
315 | gfp_t flags) | ||
316 | { | ||
317 | return 0; | ||
318 | } | ||
319 | |||
320 | static inline int netlbl_secattr_catmap_setrng( | ||
321 | struct netlbl_lsm_secattr_catmap *catmap, | ||
322 | u32 start, | ||
323 | u32 end, | ||
324 | gfp_t flags) | ||
325 | { | ||
326 | return 0; | ||
327 | } | ||
328 | #endif | ||
329 | |||
227 | /* | 330 | /* |
228 | * LSM protocol operations | 331 | * LSM protocol operations |
229 | */ | 332 | */ |