aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlabel/netlabel_kapi.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/netlabel/netlabel_kapi.c')
-rw-r--r--net/netlabel/netlabel_kapi.c88
1 files changed, 35 insertions, 53 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 7c94aedd0912..96a458e12f60 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -122,7 +122,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
122 } 122 }
123 123
124 if (addr == NULL && mask == NULL) 124 if (addr == NULL && mask == NULL)
125 entry->type = NETLBL_NLTYPE_UNLABELED; 125 entry->def.type = NETLBL_NLTYPE_UNLABELED;
126 else if (addr != NULL && mask != NULL) { 126 else if (addr != NULL && mask != NULL) {
127 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC); 127 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC);
128 if (addrmap == NULL) 128 if (addrmap == NULL)
@@ -137,7 +137,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
137 map4 = kzalloc(sizeof(*map4), GFP_ATOMIC); 137 map4 = kzalloc(sizeof(*map4), GFP_ATOMIC);
138 if (map4 == NULL) 138 if (map4 == NULL)
139 goto cfg_unlbl_map_add_failure; 139 goto cfg_unlbl_map_add_failure;
140 map4->type = NETLBL_NLTYPE_UNLABELED; 140 map4->def.type = NETLBL_NLTYPE_UNLABELED;
141 map4->list.addr = addr4->s_addr & mask4->s_addr; 141 map4->list.addr = addr4->s_addr & mask4->s_addr;
142 map4->list.mask = mask4->s_addr; 142 map4->list.mask = mask4->s_addr;
143 map4->list.valid = 1; 143 map4->list.valid = 1;
@@ -154,7 +154,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
154 map6 = kzalloc(sizeof(*map6), GFP_ATOMIC); 154 map6 = kzalloc(sizeof(*map6), GFP_ATOMIC);
155 if (map6 == NULL) 155 if (map6 == NULL)
156 goto cfg_unlbl_map_add_failure; 156 goto cfg_unlbl_map_add_failure;
157 map6->type = NETLBL_NLTYPE_UNLABELED; 157 map6->def.type = NETLBL_NLTYPE_UNLABELED;
158 map6->list.addr = *addr6; 158 map6->list.addr = *addr6;
159 map6->list.addr.s6_addr32[0] &= mask6->s6_addr32[0]; 159 map6->list.addr.s6_addr32[0] &= mask6->s6_addr32[0];
160 map6->list.addr.s6_addr32[1] &= mask6->s6_addr32[1]; 160 map6->list.addr.s6_addr32[1] &= mask6->s6_addr32[1];
@@ -174,8 +174,8 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
174 break; 174 break;
175 } 175 }
176 176
177 entry->type_def.addrsel = addrmap; 177 entry->def.addrsel = addrmap;
178 entry->type = NETLBL_NLTYPE_ADDRSELECT; 178 entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
179 } else { 179 } else {
180 ret_val = -EINVAL; 180 ret_val = -EINVAL;
181 goto cfg_unlbl_map_add_failure; 181 goto cfg_unlbl_map_add_failure;
@@ -355,8 +355,8 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
355 } 355 }
356 356
357 if (addr == NULL && mask == NULL) { 357 if (addr == NULL && mask == NULL) {
358 entry->type_def.cipsov4 = doi_def; 358 entry->def.cipso = doi_def;
359 entry->type = NETLBL_NLTYPE_CIPSOV4; 359 entry->def.type = NETLBL_NLTYPE_CIPSOV4;
360 } else if (addr != NULL && mask != NULL) { 360 } else if (addr != NULL && mask != NULL) {
361 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC); 361 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC);
362 if (addrmap == NULL) 362 if (addrmap == NULL)
@@ -367,8 +367,8 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
367 addrinfo = kzalloc(sizeof(*addrinfo), GFP_ATOMIC); 367 addrinfo = kzalloc(sizeof(*addrinfo), GFP_ATOMIC);
368 if (addrinfo == NULL) 368 if (addrinfo == NULL)
369 goto out_addrinfo; 369 goto out_addrinfo;
370 addrinfo->type_def.cipsov4 = doi_def; 370 addrinfo->def.cipso = doi_def;
371 addrinfo->type = NETLBL_NLTYPE_CIPSOV4; 371 addrinfo->def.type = NETLBL_NLTYPE_CIPSOV4;
372 addrinfo->list.addr = addr->s_addr & mask->s_addr; 372 addrinfo->list.addr = addr->s_addr & mask->s_addr;
373 addrinfo->list.mask = mask->s_addr; 373 addrinfo->list.mask = mask->s_addr;
374 addrinfo->list.valid = 1; 374 addrinfo->list.valid = 1;
@@ -376,8 +376,8 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
376 if (ret_val != 0) 376 if (ret_val != 0)
377 goto cfg_cipsov4_map_add_failure; 377 goto cfg_cipsov4_map_add_failure;
378 378
379 entry->type_def.addrsel = addrmap; 379 entry->def.addrsel = addrmap;
380 entry->type = NETLBL_NLTYPE_ADDRSELECT; 380 entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
381 } else { 381 } else {
382 ret_val = -EINVAL; 382 ret_val = -EINVAL;
383 goto out_addrmap; 383 goto out_addrmap;
@@ -657,14 +657,14 @@ int netlbl_sock_setattr(struct sock *sk,
657 } 657 }
658 switch (family) { 658 switch (family) {
659 case AF_INET: 659 case AF_INET:
660 switch (dom_entry->type) { 660 switch (dom_entry->def.type) {
661 case NETLBL_NLTYPE_ADDRSELECT: 661 case NETLBL_NLTYPE_ADDRSELECT:
662 ret_val = -EDESTADDRREQ; 662 ret_val = -EDESTADDRREQ;
663 break; 663 break;
664 case NETLBL_NLTYPE_CIPSOV4: 664 case NETLBL_NLTYPE_CIPSOV4:
665 ret_val = cipso_v4_sock_setattr(sk, 665 ret_val = cipso_v4_sock_setattr(sk,
666 dom_entry->type_def.cipsov4, 666 dom_entry->def.cipso,
667 secattr); 667 secattr);
668 break; 668 break;
669 case NETLBL_NLTYPE_UNLABELED: 669 case NETLBL_NLTYPE_UNLABELED:
670 ret_val = 0; 670 ret_val = 0;
@@ -754,23 +754,22 @@ int netlbl_conn_setattr(struct sock *sk,
754{ 754{
755 int ret_val; 755 int ret_val;
756 struct sockaddr_in *addr4; 756 struct sockaddr_in *addr4;
757 struct netlbl_domaddr4_map *af4_entry; 757 struct netlbl_dommap_def *entry;
758 758
759 rcu_read_lock(); 759 rcu_read_lock();
760 switch (addr->sa_family) { 760 switch (addr->sa_family) {
761 case AF_INET: 761 case AF_INET:
762 addr4 = (struct sockaddr_in *)addr; 762 addr4 = (struct sockaddr_in *)addr;
763 af4_entry = netlbl_domhsh_getentry_af4(secattr->domain, 763 entry = netlbl_domhsh_getentry_af4(secattr->domain,
764 addr4->sin_addr.s_addr); 764 addr4->sin_addr.s_addr);
765 if (af4_entry == NULL) { 765 if (entry == NULL) {
766 ret_val = -ENOENT; 766 ret_val = -ENOENT;
767 goto conn_setattr_return; 767 goto conn_setattr_return;
768 } 768 }
769 switch (af4_entry->type) { 769 switch (entry->type) {
770 case NETLBL_NLTYPE_CIPSOV4: 770 case NETLBL_NLTYPE_CIPSOV4:
771 ret_val = cipso_v4_sock_setattr(sk, 771 ret_val = cipso_v4_sock_setattr(sk,
772 af4_entry->type_def.cipsov4, 772 entry->cipso, secattr);
773 secattr);
774 break; 773 break;
775 case NETLBL_NLTYPE_UNLABELED: 774 case NETLBL_NLTYPE_UNLABELED:
776 /* just delete the protocols we support for right now 775 /* just delete the protocols we support for right now
@@ -812,36 +811,21 @@ int netlbl_req_setattr(struct request_sock *req,
812 const struct netlbl_lsm_secattr *secattr) 811 const struct netlbl_lsm_secattr *secattr)
813{ 812{
814 int ret_val; 813 int ret_val;
815 struct netlbl_dom_map *dom_entry; 814 struct netlbl_dommap_def *entry;
816 struct netlbl_domaddr4_map *af4_entry;
817 u32 proto_type;
818 struct cipso_v4_doi *proto_cv4;
819 815
820 rcu_read_lock(); 816 rcu_read_lock();
821 dom_entry = netlbl_domhsh_getentry(secattr->domain);
822 if (dom_entry == NULL) {
823 ret_val = -ENOENT;
824 goto req_setattr_return;
825 }
826 switch (req->rsk_ops->family) { 817 switch (req->rsk_ops->family) {
827 case AF_INET: 818 case AF_INET:
828 if (dom_entry->type == NETLBL_NLTYPE_ADDRSELECT) { 819 entry = netlbl_domhsh_getentry_af4(secattr->domain,
829 struct inet_request_sock *req_inet = inet_rsk(req); 820 inet_rsk(req)->rmt_addr);
830 af4_entry = netlbl_domhsh_getentry_af4(secattr->domain, 821 if (entry == NULL) {
831 req_inet->rmt_addr); 822 ret_val = -ENOENT;
832 if (af4_entry == NULL) { 823 goto req_setattr_return;
833 ret_val = -ENOENT;
834 goto req_setattr_return;
835 }
836 proto_type = af4_entry->type;
837 proto_cv4 = af4_entry->type_def.cipsov4;
838 } else {
839 proto_type = dom_entry->type;
840 proto_cv4 = dom_entry->type_def.cipsov4;
841 } 824 }
842 switch (proto_type) { 825 switch (entry->type) {
843 case NETLBL_NLTYPE_CIPSOV4: 826 case NETLBL_NLTYPE_CIPSOV4:
844 ret_val = cipso_v4_req_setattr(req, proto_cv4, secattr); 827 ret_val = cipso_v4_req_setattr(req,
828 entry->cipso, secattr);
845 break; 829 break;
846 case NETLBL_NLTYPE_UNLABELED: 830 case NETLBL_NLTYPE_UNLABELED:
847 /* just delete the protocols we support for right now 831 /* just delete the protocols we support for right now
@@ -899,23 +883,21 @@ int netlbl_skbuff_setattr(struct sk_buff *skb,
899{ 883{
900 int ret_val; 884 int ret_val;
901 struct iphdr *hdr4; 885 struct iphdr *hdr4;
902 struct netlbl_domaddr4_map *af4_entry; 886 struct netlbl_dommap_def *entry;
903 887
904 rcu_read_lock(); 888 rcu_read_lock();
905 switch (family) { 889 switch (family) {
906 case AF_INET: 890 case AF_INET:
907 hdr4 = ip_hdr(skb); 891 hdr4 = ip_hdr(skb);
908 af4_entry = netlbl_domhsh_getentry_af4(secattr->domain, 892 entry = netlbl_domhsh_getentry_af4(secattr->domain,hdr4->daddr);
909 hdr4->daddr); 893 if (entry == NULL) {
910 if (af4_entry == NULL) {
911 ret_val = -ENOENT; 894 ret_val = -ENOENT;
912 goto skbuff_setattr_return; 895 goto skbuff_setattr_return;
913 } 896 }
914 switch (af4_entry->type) { 897 switch (entry->type) {
915 case NETLBL_NLTYPE_CIPSOV4: 898 case NETLBL_NLTYPE_CIPSOV4:
916 ret_val = cipso_v4_skbuff_setattr(skb, 899 ret_val = cipso_v4_skbuff_setattr(skb, entry->cipso,
917 af4_entry->type_def.cipsov4, 900 secattr);
918 secattr);
919 break; 901 break;
920 case NETLBL_NLTYPE_UNLABELED: 902 case NETLBL_NLTYPE_UNLABELED:
921 /* just delete the protocols we support for right now 903 /* just delete the protocols we support for right now
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-27 10:36:02 -0500