diff options
Diffstat (limited to 'net/netlabel/netlabel_cipso_v4.c')
| -rw-r--r-- | net/netlabel/netlabel_cipso_v4.c | 61 |
1 files changed, 18 insertions, 43 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index fff32b70efa9..bf1ab1a6790d 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c | |||
| @@ -130,6 +130,7 @@ static int netlbl_cipsov4_add_common(struct genl_info *info, | |||
| 130 | /** | 130 | /** |
| 131 | * netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition | 131 | * netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition |
| 132 | * @info: the Generic NETLINK info block | 132 | * @info: the Generic NETLINK info block |
| 133 | * @audit_info: NetLabel audit information | ||
| 133 | * | 134 | * |
| 134 | * Description: | 135 | * Description: |
| 135 | * Create a new CIPSO_V4_MAP_TRANS DOI definition based on the given ADD | 136 | * Create a new CIPSO_V4_MAP_TRANS DOI definition based on the given ADD |
| @@ -137,7 +138,8 @@ static int netlbl_cipsov4_add_common(struct genl_info *info, | |||
| 137 | * non-zero on error. | 138 | * non-zero on error. |
| 138 | * | 139 | * |
| 139 | */ | 140 | */ |
| 140 | static int netlbl_cipsov4_add_std(struct genl_info *info) | 141 | static int netlbl_cipsov4_add_std(struct genl_info *info, |
| 142 | struct netlbl_audit *audit_info) | ||
| 141 | { | 143 | { |
| 142 | int ret_val = -EINVAL; | 144 | int ret_val = -EINVAL; |
| 143 | struct cipso_v4_doi *doi_def = NULL; | 145 | struct cipso_v4_doi *doi_def = NULL; |
| @@ -316,7 +318,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) | |||
| 316 | } | 318 | } |
| 317 | } | 319 | } |
| 318 | 320 | ||
| 319 | ret_val = cipso_v4_doi_add(doi_def); | 321 | ret_val = cipso_v4_doi_add(doi_def, audit_info); |
| 320 | if (ret_val != 0) | 322 | if (ret_val != 0) |
| 321 | goto add_std_failure; | 323 | goto add_std_failure; |
| 322 | return 0; | 324 | return 0; |
| @@ -330,6 +332,7 @@ add_std_failure: | |||
| 330 | /** | 332 | /** |
| 331 | * netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition | 333 | * netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition |
| 332 | * @info: the Generic NETLINK info block | 334 | * @info: the Generic NETLINK info block |
| 335 | * @audit_info: NetLabel audit information | ||
| 333 | * | 336 | * |
| 334 | * Description: | 337 | * Description: |
| 335 | * Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message | 338 | * Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message |
| @@ -337,7 +340,8 @@ add_std_failure: | |||
| 337 | * error. | 340 | * error. |
| 338 | * | 341 | * |
| 339 | */ | 342 | */ |
| 340 | static int netlbl_cipsov4_add_pass(struct genl_info *info) | 343 | static int netlbl_cipsov4_add_pass(struct genl_info *info, |
| 344 | struct netlbl_audit *audit_info) | ||
| 341 | { | 345 | { |
| 342 | int ret_val; | 346 | int ret_val; |
| 343 | struct cipso_v4_doi *doi_def = NULL; | 347 | struct cipso_v4_doi *doi_def = NULL; |
| @@ -354,7 +358,7 @@ static int netlbl_cipsov4_add_pass(struct genl_info *info) | |||
| 354 | if (ret_val != 0) | 358 | if (ret_val != 0) |
| 355 | goto add_pass_failure; | 359 | goto add_pass_failure; |
| 356 | 360 | ||
| 357 | ret_val = cipso_v4_doi_add(doi_def); | 361 | ret_val = cipso_v4_doi_add(doi_def, audit_info); |
| 358 | if (ret_val != 0) | 362 | if (ret_val != 0) |
| 359 | goto add_pass_failure; | 363 | goto add_pass_failure; |
| 360 | return 0; | 364 | return 0; |
| @@ -367,6 +371,7 @@ add_pass_failure: | |||
| 367 | /** | 371 | /** |
| 368 | * netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition | 372 | * netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition |
| 369 | * @info: the Generic NETLINK info block | 373 | * @info: the Generic NETLINK info block |
| 374 | * @audit_info: NetLabel audit information | ||
| 370 | * | 375 | * |
| 371 | * Description: | 376 | * Description: |
| 372 | * Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD | 377 | * Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD |
| @@ -374,7 +379,8 @@ add_pass_failure: | |||
| 374 | * non-zero on error. | 379 | * non-zero on error. |
| 375 | * | 380 | * |
| 376 | */ | 381 | */ |
| 377 | static int netlbl_cipsov4_add_local(struct genl_info *info) | 382 | static int netlbl_cipsov4_add_local(struct genl_info *info, |
| 383 | struct netlbl_audit *audit_info) | ||
| 378 | { | 384 | { |
| 379 | int ret_val; | 385 | int ret_val; |
| 380 | struct cipso_v4_doi *doi_def = NULL; | 386 | struct cipso_v4_doi *doi_def = NULL; |
| @@ -391,7 +397,7 @@ static int netlbl_cipsov4_add_local(struct genl_info *info) | |||
| 391 | if (ret_val != 0) | 397 | if (ret_val != 0) |
| 392 | goto add_local_failure; | 398 | goto add_local_failure; |
| 393 | 399 | ||
| 394 | ret_val = cipso_v4_doi_add(doi_def); | 400 | ret_val = cipso_v4_doi_add(doi_def, audit_info); |
| 395 | if (ret_val != 0) | 401 | if (ret_val != 0) |
| 396 | goto add_local_failure; | 402 | goto add_local_failure; |
| 397 | return 0; | 403 | return 0; |
| @@ -415,48 +421,31 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) | |||
| 415 | 421 | ||
| 416 | { | 422 | { |
| 417 | int ret_val = -EINVAL; | 423 | int ret_val = -EINVAL; |
| 418 | u32 type; | ||
| 419 | u32 doi; | ||
| 420 | const char *type_str = "(unknown)"; | 424 | const char *type_str = "(unknown)"; |
| 421 | struct audit_buffer *audit_buf; | ||
| 422 | struct netlbl_audit audit_info; | 425 | struct netlbl_audit audit_info; |
| 423 | 426 | ||
| 424 | if (!info->attrs[NLBL_CIPSOV4_A_DOI] || | 427 | if (!info->attrs[NLBL_CIPSOV4_A_DOI] || |
| 425 | !info->attrs[NLBL_CIPSOV4_A_MTYPE]) | 428 | !info->attrs[NLBL_CIPSOV4_A_MTYPE]) |
| 426 | return -EINVAL; | 429 | return -EINVAL; |
| 427 | 430 | ||
| 428 | doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); | ||
| 429 | netlbl_netlink_auditinfo(skb, &audit_info); | 431 | netlbl_netlink_auditinfo(skb, &audit_info); |
| 430 | 432 | switch (nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE])) { | |
| 431 | type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]); | ||
| 432 | switch (type) { | ||
| 433 | case CIPSO_V4_MAP_TRANS: | 433 | case CIPSO_V4_MAP_TRANS: |
| 434 | type_str = "trans"; | 434 | type_str = "trans"; |
| 435 | ret_val = netlbl_cipsov4_add_std(info); | 435 | ret_val = netlbl_cipsov4_add_std(info, &audit_info); |
| 436 | break; | 436 | break; |
| 437 | case CIPSO_V4_MAP_PASS: | 437 | case CIPSO_V4_MAP_PASS: |
| 438 | type_str = "pass"; | 438 | type_str = "pass"; |
| 439 | ret_val = netlbl_cipsov4_add_pass(info); | 439 | ret_val = netlbl_cipsov4_add_pass(info, &audit_info); |
| 440 | break; | 440 | break; |
| 441 | case CIPSO_V4_MAP_LOCAL: | 441 | case CIPSO_V4_MAP_LOCAL: |
| 442 | type_str = "local"; | 442 | type_str = "local"; |
| 443 | ret_val = netlbl_cipsov4_add_local(info); | 443 | ret_val = netlbl_cipsov4_add_local(info, &audit_info); |
| 444 | break; | 444 | break; |
| 445 | } | 445 | } |
| 446 | if (ret_val == 0) | 446 | if (ret_val == 0) |
| 447 | atomic_inc(&netlabel_mgmt_protocount); | 447 | atomic_inc(&netlabel_mgmt_protocount); |
| 448 | 448 | ||
| 449 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, | ||
| 450 | &audit_info); | ||
| 451 | if (audit_buf != NULL) { | ||
| 452 | audit_log_format(audit_buf, | ||
| 453 | " cipso_doi=%u cipso_type=%s res=%u", | ||
| 454 | doi, | ||
| 455 | type_str, | ||
| 456 | ret_val == 0 ? 1 : 0); | ||
| 457 | audit_log_end(audit_buf); | ||
| 458 | } | ||
| 459 | |||
| 460 | return ret_val; | 449 | return ret_val; |
| 461 | } | 450 | } |
| 462 | 451 | ||
| @@ -725,9 +714,7 @@ static int netlbl_cipsov4_remove_cb(struct netlbl_dom_map *entry, void *arg) | |||
| 725 | static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) | 714 | static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) |
| 726 | { | 715 | { |
| 727 | int ret_val = -EINVAL; | 716 | int ret_val = -EINVAL; |
| 728 | u32 doi = 0; | ||
| 729 | struct netlbl_domhsh_walk_arg cb_arg; | 717 | struct netlbl_domhsh_walk_arg cb_arg; |
| 730 | struct audit_buffer *audit_buf; | ||
| 731 | struct netlbl_audit audit_info; | 718 | struct netlbl_audit audit_info; |
| 732 | u32 skip_bkt = 0; | 719 | u32 skip_bkt = 0; |
| 733 | u32 skip_chain = 0; | 720 | u32 skip_chain = 0; |
| @@ -735,29 +722,17 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) | |||
| 735 | if (!info->attrs[NLBL_CIPSOV4_A_DOI]) | 722 | if (!info->attrs[NLBL_CIPSOV4_A_DOI]) |
| 736 | return -EINVAL; | 723 | return -EINVAL; |
| 737 | 724 | ||
| 738 | doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); | ||
| 739 | netlbl_netlink_auditinfo(skb, &audit_info); | 725 | netlbl_netlink_auditinfo(skb, &audit_info); |
| 740 | 726 | cb_arg.doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); | |
| 741 | cb_arg.doi = doi; | ||
| 742 | cb_arg.audit_info = &audit_info; | 727 | cb_arg.audit_info = &audit_info; |
| 743 | ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain, | 728 | ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain, |
| 744 | netlbl_cipsov4_remove_cb, &cb_arg); | 729 | netlbl_cipsov4_remove_cb, &cb_arg); |
| 745 | if (ret_val == 0 || ret_val == -ENOENT) { | 730 | if (ret_val == 0 || ret_val == -ENOENT) { |
| 746 | ret_val = cipso_v4_doi_remove(doi, &audit_info); | 731 | ret_val = cipso_v4_doi_remove(cb_arg.doi, &audit_info); |
| 747 | if (ret_val == 0) | 732 | if (ret_val == 0) |
| 748 | atomic_dec(&netlabel_mgmt_protocount); | 733 | atomic_dec(&netlabel_mgmt_protocount); |
| 749 | } | 734 | } |
| 750 | 735 | ||
| 751 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL, | ||
| 752 | &audit_info); | ||
| 753 | if (audit_buf != NULL) { | ||
| 754 | audit_log_format(audit_buf, | ||
| 755 | " cipso_doi=%u res=%u", | ||
| 756 | doi, | ||
| 757 | ret_val == 0 ? 1 : 0); | ||
| 758 | audit_log_end(audit_buf); | ||
| 759 | } | ||
| 760 | |||
| 761 | return ret_val; | 736 | return ret_val; |
| 762 | } | 737 | } |
| 763 | 738 | ||