diff options
Diffstat (limited to 'net/netlabel/netlabel_kapi.c')
-rw-r--r-- | net/netlabel/netlabel_kapi.c | 84 |
1 files changed, 23 insertions, 61 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 39793a1a93aa..6c211fe97782 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c | |||
@@ -82,7 +82,7 @@ int netlbl_cfg_unlbl_add_map(const char *domain, | |||
82 | 82 | ||
83 | entry = kzalloc(sizeof(*entry), GFP_ATOMIC); | 83 | entry = kzalloc(sizeof(*entry), GFP_ATOMIC); |
84 | if (entry == NULL) | 84 | if (entry == NULL) |
85 | goto cfg_unlbl_add_map_failure; | 85 | return -ENOMEM; |
86 | if (domain != NULL) { | 86 | if (domain != NULL) { |
87 | entry->domain = kstrdup(domain, GFP_ATOMIC); | 87 | entry->domain = kstrdup(domain, GFP_ATOMIC); |
88 | if (entry->domain == NULL) | 88 | if (entry->domain == NULL) |
@@ -104,49 +104,6 @@ cfg_unlbl_add_map_failure: | |||
104 | } | 104 | } |
105 | 105 | ||
106 | /** | 106 | /** |
107 | * netlbl_cfg_cipsov4_add - Add a new CIPSOv4 DOI definition | ||
108 | * @doi_def: the DOI definition | ||
109 | * @audit_info: NetLabel audit information | ||
110 | * | ||
111 | * Description: | ||
112 | * Add a new CIPSOv4 DOI definition to the NetLabel subsystem. Returns zero on | ||
113 | * success, negative values on failure. | ||
114 | * | ||
115 | */ | ||
116 | int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def, | ||
117 | struct netlbl_audit *audit_info) | ||
118 | { | ||
119 | int ret_val; | ||
120 | const char *type_str; | ||
121 | struct audit_buffer *audit_buf; | ||
122 | |||
123 | ret_val = cipso_v4_doi_add(doi_def); | ||
124 | |||
125 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, | ||
126 | audit_info); | ||
127 | if (audit_buf != NULL) { | ||
128 | switch (doi_def->type) { | ||
129 | case CIPSO_V4_MAP_STD: | ||
130 | type_str = "std"; | ||
131 | break; | ||
132 | case CIPSO_V4_MAP_PASS: | ||
133 | type_str = "pass"; | ||
134 | break; | ||
135 | default: | ||
136 | type_str = "(unknown)"; | ||
137 | } | ||
138 | audit_log_format(audit_buf, | ||
139 | " cipso_doi=%u cipso_type=%s res=%u", | ||
140 | doi_def->doi, | ||
141 | type_str, | ||
142 | ret_val == 0 ? 1 : 0); | ||
143 | audit_log_end(audit_buf); | ||
144 | } | ||
145 | |||
146 | return ret_val; | ||
147 | } | ||
148 | |||
149 | /** | ||
150 | * netlbl_cfg_cipsov4_add_map - Add a new CIPSOv4 DOI definition and mapping | 107 | * netlbl_cfg_cipsov4_add_map - Add a new CIPSOv4 DOI definition and mapping |
151 | * @doi_def: the DOI definition | 108 | * @doi_def: the DOI definition |
152 | * @domain: the domain mapping to add | 109 | * @domain: the domain mapping to add |
@@ -165,10 +122,12 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, | |||
165 | { | 122 | { |
166 | int ret_val = -ENOMEM; | 123 | int ret_val = -ENOMEM; |
167 | struct netlbl_dom_map *entry; | 124 | struct netlbl_dom_map *entry; |
125 | const char *type_str; | ||
126 | struct audit_buffer *audit_buf; | ||
168 | 127 | ||
169 | entry = kzalloc(sizeof(*entry), GFP_ATOMIC); | 128 | entry = kzalloc(sizeof(*entry), GFP_ATOMIC); |
170 | if (entry == NULL) | 129 | if (entry == NULL) |
171 | goto cfg_cipsov4_add_map_failure; | 130 | return -ENOMEM; |
172 | if (domain != NULL) { | 131 | if (domain != NULL) { |
173 | entry->domain = kstrdup(domain, GFP_ATOMIC); | 132 | entry->domain = kstrdup(domain, GFP_ATOMIC); |
174 | if (entry->domain == NULL) | 133 | if (entry->domain == NULL) |
@@ -182,7 +141,7 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, | |||
182 | * domain mapping for it. */ | 141 | * domain mapping for it. */ |
183 | 142 | ||
184 | rcu_read_lock(); | 143 | rcu_read_lock(); |
185 | ret_val = netlbl_cfg_cipsov4_add(doi_def, audit_info); | 144 | ret_val = cipso_v4_doi_add(doi_def); |
186 | if (ret_val != 0) | 145 | if (ret_val != 0) |
187 | goto cfg_cipsov4_add_map_failure_unlock; | 146 | goto cfg_cipsov4_add_map_failure_unlock; |
188 | ret_val = netlbl_domhsh_add(entry, audit_info); | 147 | ret_val = netlbl_domhsh_add(entry, audit_info); |
@@ -196,6 +155,24 @@ cfg_cipsov4_add_map_failure_remove_doi: | |||
196 | cipso_v4_doi_remove(doi_def->doi, audit_info, netlbl_cipsov4_doi_free); | 155 | cipso_v4_doi_remove(doi_def->doi, audit_info, netlbl_cipsov4_doi_free); |
197 | cfg_cipsov4_add_map_failure_unlock: | 156 | cfg_cipsov4_add_map_failure_unlock: |
198 | rcu_read_unlock(); | 157 | rcu_read_unlock(); |
158 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, | ||
159 | audit_info); | ||
160 | if (audit_buf != NULL) { | ||
161 | switch (doi_def->type) { | ||
162 | case CIPSO_V4_MAP_STD: | ||
163 | type_str = "std"; | ||
164 | break; | ||
165 | case CIPSO_V4_MAP_PASS: | ||
166 | type_str = "pass"; | ||
167 | break; | ||
168 | default: | ||
169 | type_str = "(unknown)"; | ||
170 | } | ||
171 | audit_log_format(audit_buf, | ||
172 | " cipso_doi=%u cipso_type=%s res=%u", | ||
173 | doi_def->doi, type_str, ret_val == 0 ? 1 : 0); | ||
174 | audit_log_end(audit_buf); | ||
175 | } | ||
199 | cfg_cipsov4_add_map_failure: | 176 | cfg_cipsov4_add_map_failure: |
200 | if (entry != NULL) | 177 | if (entry != NULL) |
201 | kfree(entry->domain); | 178 | kfree(entry->domain); |
@@ -203,21 +180,6 @@ cfg_cipsov4_add_map_failure: | |||
203 | return ret_val; | 180 | return ret_val; |
204 | } | 181 | } |
205 | 182 | ||
206 | /** | ||
207 | * netlbl_cfg_cipsov4_del - Removean existing CIPSOv4 DOI definition | ||
208 | * @doi: the CIPSO DOI value | ||
209 | * @audit_info: NetLabel audit information | ||
210 | * | ||
211 | * Description: | ||
212 | * Removes an existing CIPSOv4 DOI definition from the NetLabel subsystem. | ||
213 | * Returns zero on success, negative values on failure. | ||
214 | * | ||
215 | */ | ||
216 | int netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info) | ||
217 | { | ||
218 | return cipso_v4_doi_remove(doi, audit_info, netlbl_cipsov4_doi_free); | ||
219 | } | ||
220 | |||
221 | /* | 183 | /* |
222 | * Security Attribute Functions | 184 | * Security Attribute Functions |
223 | */ | 185 | */ |