diff options
Diffstat (limited to 'net/netlabel/netlabel_cipso_v4.c')
-rw-r--r-- | net/netlabel/netlabel_cipso_v4.c | 61 |
1 files changed, 18 insertions, 43 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index fff32b70efa9..bf1ab1a6790d 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c | |||
@@ -130,6 +130,7 @@ static int netlbl_cipsov4_add_common(struct genl_info *info, | |||
130 | /** | 130 | /** |
131 | * netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition | 131 | * netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition |
132 | * @info: the Generic NETLINK info block | 132 | * @info: the Generic NETLINK info block |
133 | * @audit_info: NetLabel audit information | ||
133 | * | 134 | * |
134 | * Description: | 135 | * Description: |
135 | * Create a new CIPSO_V4_MAP_TRANS DOI definition based on the given ADD | 136 | * Create a new CIPSO_V4_MAP_TRANS DOI definition based on the given ADD |
@@ -137,7 +138,8 @@ static int netlbl_cipsov4_add_common(struct genl_info *info, | |||
137 | * non-zero on error. | 138 | * non-zero on error. |
138 | * | 139 | * |
139 | */ | 140 | */ |
140 | static int netlbl_cipsov4_add_std(struct genl_info *info) | 141 | static int netlbl_cipsov4_add_std(struct genl_info *info, |
142 | struct netlbl_audit *audit_info) | ||
141 | { | 143 | { |
142 | int ret_val = -EINVAL; | 144 | int ret_val = -EINVAL; |
143 | struct cipso_v4_doi *doi_def = NULL; | 145 | struct cipso_v4_doi *doi_def = NULL; |
@@ -316,7 +318,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) | |||
316 | } | 318 | } |
317 | } | 319 | } |
318 | 320 | ||
319 | ret_val = cipso_v4_doi_add(doi_def); | 321 | ret_val = cipso_v4_doi_add(doi_def, audit_info); |
320 | if (ret_val != 0) | 322 | if (ret_val != 0) |
321 | goto add_std_failure; | 323 | goto add_std_failure; |
322 | return 0; | 324 | return 0; |
@@ -330,6 +332,7 @@ add_std_failure: | |||
330 | /** | 332 | /** |
331 | * netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition | 333 | * netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition |
332 | * @info: the Generic NETLINK info block | 334 | * @info: the Generic NETLINK info block |
335 | * @audit_info: NetLabel audit information | ||
333 | * | 336 | * |
334 | * Description: | 337 | * Description: |
335 | * Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message | 338 | * Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message |
@@ -337,7 +340,8 @@ add_std_failure: | |||
337 | * error. | 340 | * error. |
338 | * | 341 | * |
339 | */ | 342 | */ |
340 | static int netlbl_cipsov4_add_pass(struct genl_info *info) | 343 | static int netlbl_cipsov4_add_pass(struct genl_info *info, |
344 | struct netlbl_audit *audit_info) | ||
341 | { | 345 | { |
342 | int ret_val; | 346 | int ret_val; |
343 | struct cipso_v4_doi *doi_def = NULL; | 347 | struct cipso_v4_doi *doi_def = NULL; |
@@ -354,7 +358,7 @@ static int netlbl_cipsov4_add_pass(struct genl_info *info) | |||
354 | if (ret_val != 0) | 358 | if (ret_val != 0) |
355 | goto add_pass_failure; | 359 | goto add_pass_failure; |
356 | 360 | ||
357 | ret_val = cipso_v4_doi_add(doi_def); | 361 | ret_val = cipso_v4_doi_add(doi_def, audit_info); |
358 | if (ret_val != 0) | 362 | if (ret_val != 0) |
359 | goto add_pass_failure; | 363 | goto add_pass_failure; |
360 | return 0; | 364 | return 0; |
@@ -367,6 +371,7 @@ add_pass_failure: | |||
367 | /** | 371 | /** |
368 | * netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition | 372 | * netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition |
369 | * @info: the Generic NETLINK info block | 373 | * @info: the Generic NETLINK info block |
374 | * @audit_info: NetLabel audit information | ||
370 | * | 375 | * |
371 | * Description: | 376 | * Description: |
372 | * Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD | 377 | * Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD |
@@ -374,7 +379,8 @@ add_pass_failure: | |||
374 | * non-zero on error. | 379 | * non-zero on error. |
375 | * | 380 | * |
376 | */ | 381 | */ |
377 | static int netlbl_cipsov4_add_local(struct genl_info *info) | 382 | static int netlbl_cipsov4_add_local(struct genl_info *info, |
383 | struct netlbl_audit *audit_info) | ||
378 | { | 384 | { |
379 | int ret_val; | 385 | int ret_val; |
380 | struct cipso_v4_doi *doi_def = NULL; | 386 | struct cipso_v4_doi *doi_def = NULL; |
@@ -391,7 +397,7 @@ static int netlbl_cipsov4_add_local(struct genl_info *info) | |||
391 | if (ret_val != 0) | 397 | if (ret_val != 0) |
392 | goto add_local_failure; | 398 | goto add_local_failure; |
393 | 399 | ||
394 | ret_val = cipso_v4_doi_add(doi_def); | 400 | ret_val = cipso_v4_doi_add(doi_def, audit_info); |
395 | if (ret_val != 0) | 401 | if (ret_val != 0) |
396 | goto add_local_failure; | 402 | goto add_local_failure; |
397 | return 0; | 403 | return 0; |
@@ -415,48 +421,31 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) | |||
415 | 421 | ||
416 | { | 422 | { |
417 | int ret_val = -EINVAL; | 423 | int ret_val = -EINVAL; |
418 | u32 type; | ||
419 | u32 doi; | ||
420 | const char *type_str = "(unknown)"; | 424 | const char *type_str = "(unknown)"; |
421 | struct audit_buffer *audit_buf; | ||
422 | struct netlbl_audit audit_info; | 425 | struct netlbl_audit audit_info; |
423 | 426 | ||
424 | if (!info->attrs[NLBL_CIPSOV4_A_DOI] || | 427 | if (!info->attrs[NLBL_CIPSOV4_A_DOI] || |
425 | !info->attrs[NLBL_CIPSOV4_A_MTYPE]) | 428 | !info->attrs[NLBL_CIPSOV4_A_MTYPE]) |
426 | return -EINVAL; | 429 | return -EINVAL; |
427 | 430 | ||
428 | doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); | ||
429 | netlbl_netlink_auditinfo(skb, &audit_info); | 431 | netlbl_netlink_auditinfo(skb, &audit_info); |
430 | 432 | switch (nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE])) { | |
431 | type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]); | ||
432 | switch (type) { | ||
433 | case CIPSO_V4_MAP_TRANS: | 433 | case CIPSO_V4_MAP_TRANS: |
434 | type_str = "trans"; | 434 | type_str = "trans"; |
435 | ret_val = netlbl_cipsov4_add_std(info); | 435 | ret_val = netlbl_cipsov4_add_std(info, &audit_info); |
436 | break; | 436 | break; |
437 | case CIPSO_V4_MAP_PASS: | 437 | case CIPSO_V4_MAP_PASS: |
438 | type_str = "pass"; | 438 | type_str = "pass"; |
439 | ret_val = netlbl_cipsov4_add_pass(info); | 439 | ret_val = netlbl_cipsov4_add_pass(info, &audit_info); |
440 | break; | 440 | break; |
441 | case CIPSO_V4_MAP_LOCAL: | 441 | case CIPSO_V4_MAP_LOCAL: |
442 | type_str = "local"; | 442 | type_str = "local"; |
443 | ret_val = netlbl_cipsov4_add_local(info); | 443 | ret_val = netlbl_cipsov4_add_local(info, &audit_info); |
444 | break; | 444 | break; |
445 | } | 445 | } |
446 | if (ret_val == 0) | 446 | if (ret_val == 0) |
447 | atomic_inc(&netlabel_mgmt_protocount); | 447 | atomic_inc(&netlabel_mgmt_protocount); |
448 | 448 | ||
449 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, | ||
450 | &audit_info); | ||
451 | if (audit_buf != NULL) { | ||
452 | audit_log_format(audit_buf, | ||
453 | " cipso_doi=%u cipso_type=%s res=%u", | ||
454 | doi, | ||
455 | type_str, | ||
456 | ret_val == 0 ? 1 : 0); | ||
457 | audit_log_end(audit_buf); | ||
458 | } | ||
459 | |||
460 | return ret_val; | 449 | return ret_val; |
461 | } | 450 | } |
462 | 451 | ||
@@ -725,9 +714,7 @@ static int netlbl_cipsov4_remove_cb(struct netlbl_dom_map *entry, void *arg) | |||
725 | static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) | 714 | static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) |
726 | { | 715 | { |
727 | int ret_val = -EINVAL; | 716 | int ret_val = -EINVAL; |
728 | u32 doi = 0; | ||
729 | struct netlbl_domhsh_walk_arg cb_arg; | 717 | struct netlbl_domhsh_walk_arg cb_arg; |
730 | struct audit_buffer *audit_buf; | ||
731 | struct netlbl_audit audit_info; | 718 | struct netlbl_audit audit_info; |
732 | u32 skip_bkt = 0; | 719 | u32 skip_bkt = 0; |
733 | u32 skip_chain = 0; | 720 | u32 skip_chain = 0; |
@@ -735,29 +722,17 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) | |||
735 | if (!info->attrs[NLBL_CIPSOV4_A_DOI]) | 722 | if (!info->attrs[NLBL_CIPSOV4_A_DOI]) |
736 | return -EINVAL; | 723 | return -EINVAL; |
737 | 724 | ||
738 | doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); | ||
739 | netlbl_netlink_auditinfo(skb, &audit_info); | 725 | netlbl_netlink_auditinfo(skb, &audit_info); |
740 | 726 | cb_arg.doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); | |
741 | cb_arg.doi = doi; | ||
742 | cb_arg.audit_info = &audit_info; | 727 | cb_arg.audit_info = &audit_info; |
743 | ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain, | 728 | ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain, |
744 | netlbl_cipsov4_remove_cb, &cb_arg); | 729 | netlbl_cipsov4_remove_cb, &cb_arg); |
745 | if (ret_val == 0 || ret_val == -ENOENT) { | 730 | if (ret_val == 0 || ret_val == -ENOENT) { |
746 | ret_val = cipso_v4_doi_remove(doi, &audit_info); | 731 | ret_val = cipso_v4_doi_remove(cb_arg.doi, &audit_info); |
747 | if (ret_val == 0) | 732 | if (ret_val == 0) |
748 | atomic_dec(&netlabel_mgmt_protocount); | 733 | atomic_dec(&netlabel_mgmt_protocount); |
749 | } | 734 | } |
750 | 735 | ||
751 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL, | ||
752 | &audit_info); | ||
753 | if (audit_buf != NULL) { | ||
754 | audit_log_format(audit_buf, | ||
755 | " cipso_doi=%u res=%u", | ||
756 | doi, | ||
757 | ret_val == 0 ? 1 : 0); | ||
758 | audit_log_end(audit_buf); | ||
759 | } | ||
760 | |||
761 | return ret_val; | 736 | return ret_val; |
762 | } | 737 | } |
763 | 738 | ||