diff options
Diffstat (limited to 'net/netlabel')
-rw-r--r-- | net/netlabel/netlabel_cipso_v4.c | 5 | ||||
-rw-r--r-- | net/netlabel/netlabel_kapi.c | 3 | ||||
-rw-r--r-- | net/netlabel/netlabel_mgmt.c | 63 | ||||
-rw-r--r-- | net/netlabel/netlabel_mgmt.h | 7 | ||||
-rw-r--r-- | net/netlabel/netlabel_unlabeled.c | 22 |
5 files changed, 15 insertions, 85 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index ba0ca8d3f77d..becf91a952ae 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c | |||
@@ -38,6 +38,7 @@ | |||
38 | #include <net/genetlink.h> | 38 | #include <net/genetlink.h> |
39 | #include <net/netlabel.h> | 39 | #include <net/netlabel.h> |
40 | #include <net/cipso_ipv4.h> | 40 | #include <net/cipso_ipv4.h> |
41 | #include <asm/atomic.h> | ||
41 | 42 | ||
42 | #include "netlabel_user.h" | 43 | #include "netlabel_user.h" |
43 | #include "netlabel_cipso_v4.h" | 44 | #include "netlabel_cipso_v4.h" |
@@ -421,7 +422,7 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) | |||
421 | break; | 422 | break; |
422 | } | 423 | } |
423 | if (ret_val == 0) | 424 | if (ret_val == 0) |
424 | netlbl_mgmt_protocount_inc(); | 425 | atomic_inc(&netlabel_mgmt_protocount); |
425 | 426 | ||
426 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, | 427 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, |
427 | &audit_info); | 428 | &audit_info); |
@@ -698,7 +699,7 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) | |||
698 | &audit_info, | 699 | &audit_info, |
699 | netlbl_cipsov4_doi_free); | 700 | netlbl_cipsov4_doi_free); |
700 | if (ret_val == 0) | 701 | if (ret_val == 0) |
701 | netlbl_mgmt_protocount_dec(); | 702 | atomic_dec(&netlabel_mgmt_protocount); |
702 | 703 | ||
703 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL, | 704 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL, |
704 | &audit_info); | 705 | &audit_info); |
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 4f50949722a9..d3762ea24957 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c | |||
@@ -34,6 +34,7 @@ | |||
34 | #include <net/netlabel.h> | 34 | #include <net/netlabel.h> |
35 | #include <net/cipso_ipv4.h> | 35 | #include <net/cipso_ipv4.h> |
36 | #include <asm/bug.h> | 36 | #include <asm/bug.h> |
37 | #include <asm/atomic.h> | ||
37 | 38 | ||
38 | #include "netlabel_domainhash.h" | 39 | #include "netlabel_domainhash.h" |
39 | #include "netlabel_unlabeled.h" | 40 | #include "netlabel_unlabeled.h" |
@@ -262,7 +263,7 @@ int netlbl_enabled(void) | |||
262 | /* At some point we probably want to expose this mechanism to the user | 263 | /* At some point we probably want to expose this mechanism to the user |
263 | * as well so that admins can toggle NetLabel regardless of the | 264 | * as well so that admins can toggle NetLabel regardless of the |
264 | * configuration */ | 265 | * configuration */ |
265 | return (netlbl_mgmt_protocount_value() > 0 ? 1 : 0); | 266 | return (atomic_read(&netlabel_mgmt_protocount) > 0); |
266 | } | 267 | } |
267 | 268 | ||
268 | /** | 269 | /** |
diff --git a/net/netlabel/netlabel_mgmt.c b/net/netlabel/netlabel_mgmt.c index 9c41464d58d1..e2258dc3c845 100644 --- a/net/netlabel/netlabel_mgmt.c +++ b/net/netlabel/netlabel_mgmt.c | |||
@@ -37,14 +37,14 @@ | |||
37 | #include <net/genetlink.h> | 37 | #include <net/genetlink.h> |
38 | #include <net/netlabel.h> | 38 | #include <net/netlabel.h> |
39 | #include <net/cipso_ipv4.h> | 39 | #include <net/cipso_ipv4.h> |
40 | #include <asm/atomic.h> | ||
40 | 41 | ||
41 | #include "netlabel_domainhash.h" | 42 | #include "netlabel_domainhash.h" |
42 | #include "netlabel_user.h" | 43 | #include "netlabel_user.h" |
43 | #include "netlabel_mgmt.h" | 44 | #include "netlabel_mgmt.h" |
44 | 45 | ||
45 | /* NetLabel configured protocol count */ | 46 | /* NetLabel configured protocol counter */ |
46 | static DEFINE_SPINLOCK(netlabel_mgmt_protocount_lock); | 47 | atomic_t netlabel_mgmt_protocount = ATOMIC_INIT(0); |
47 | static u32 netlabel_mgmt_protocount = 0; | ||
48 | 48 | ||
49 | /* Argument struct for netlbl_domhsh_walk() */ | 49 | /* Argument struct for netlbl_domhsh_walk() */ |
50 | struct netlbl_domhsh_walk_arg { | 50 | struct netlbl_domhsh_walk_arg { |
@@ -71,63 +71,6 @@ static const struct nla_policy netlbl_mgmt_genl_policy[NLBL_MGMT_A_MAX + 1] = { | |||
71 | }; | 71 | }; |
72 | 72 | ||
73 | /* | 73 | /* |
74 | * NetLabel Misc Management Functions | ||
75 | */ | ||
76 | |||
77 | /** | ||
78 | * netlbl_mgmt_protocount_inc - Increment the configured labeled protocol count | ||
79 | * | ||
80 | * Description: | ||
81 | * Increment the number of labeled protocol configurations in the current | ||
82 | * NetLabel configuration. Keep track of this for use in determining if | ||
83 | * NetLabel label enforcement should be active/enabled or not in the LSM. | ||
84 | * | ||
85 | */ | ||
86 | void netlbl_mgmt_protocount_inc(void) | ||
87 | { | ||
88 | spin_lock(&netlabel_mgmt_protocount_lock); | ||
89 | netlabel_mgmt_protocount++; | ||
90 | spin_unlock(&netlabel_mgmt_protocount_lock); | ||
91 | } | ||
92 | |||
93 | /** | ||
94 | * netlbl_mgmt_protocount_dec - Decrement the configured labeled protocol count | ||
95 | * | ||
96 | * Description: | ||
97 | * Decrement the number of labeled protocol configurations in the current | ||
98 | * NetLabel configuration. Keep track of this for use in determining if | ||
99 | * NetLabel label enforcement should be active/enabled or not in the LSM. | ||
100 | * | ||
101 | */ | ||
102 | void netlbl_mgmt_protocount_dec(void) | ||
103 | { | ||
104 | spin_lock(&netlabel_mgmt_protocount_lock); | ||
105 | if (netlabel_mgmt_protocount > 0) | ||
106 | netlabel_mgmt_protocount--; | ||
107 | spin_unlock(&netlabel_mgmt_protocount_lock); | ||
108 | } | ||
109 | |||
110 | /** | ||
111 | * netlbl_mgmt_protocount_value - Return the number of configured protocols | ||
112 | * | ||
113 | * Description: | ||
114 | * Return the number of labeled protocols in the current NetLabel | ||
115 | * configuration. This value is useful in determining if NetLabel label | ||
116 | * enforcement should be active/enabled or not in the LSM. | ||
117 | * | ||
118 | */ | ||
119 | u32 netlbl_mgmt_protocount_value(void) | ||
120 | { | ||
121 | u32 val; | ||
122 | |||
123 | rcu_read_lock(); | ||
124 | val = netlabel_mgmt_protocount; | ||
125 | rcu_read_unlock(); | ||
126 | |||
127 | return val; | ||
128 | } | ||
129 | |||
130 | /* | ||
131 | * NetLabel Command Handlers | 74 | * NetLabel Command Handlers |
132 | */ | 75 | */ |
133 | 76 | ||
diff --git a/net/netlabel/netlabel_mgmt.h b/net/netlabel/netlabel_mgmt.h index ccb2b3923591..a43bff169d6b 100644 --- a/net/netlabel/netlabel_mgmt.h +++ b/net/netlabel/netlabel_mgmt.h | |||
@@ -32,6 +32,7 @@ | |||
32 | #define _NETLABEL_MGMT_H | 32 | #define _NETLABEL_MGMT_H |
33 | 33 | ||
34 | #include <net/netlabel.h> | 34 | #include <net/netlabel.h> |
35 | #include <asm/atomic.h> | ||
35 | 36 | ||
36 | /* | 37 | /* |
37 | * The following NetLabel payloads are supported by the management interface. | 38 | * The following NetLabel payloads are supported by the management interface. |
@@ -168,9 +169,7 @@ enum { | |||
168 | /* NetLabel protocol functions */ | 169 | /* NetLabel protocol functions */ |
169 | int netlbl_mgmt_genl_init(void); | 170 | int netlbl_mgmt_genl_init(void); |
170 | 171 | ||
171 | /* NetLabel misc management functions */ | 172 | /* NetLabel configured protocol reference counter */ |
172 | void netlbl_mgmt_protocount_inc(void); | 173 | extern atomic_t netlabel_mgmt_protocount; |
173 | void netlbl_mgmt_protocount_dec(void); | ||
174 | u32 netlbl_mgmt_protocount_value(void); | ||
175 | 174 | ||
176 | #endif | 175 | #endif |
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 348292450deb..fd53c7ae2977 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c | |||
@@ -29,7 +29,6 @@ | |||
29 | */ | 29 | */ |
30 | 30 | ||
31 | #include <linux/types.h> | 31 | #include <linux/types.h> |
32 | #include <linux/rcupdate.h> | ||
33 | #include <linux/list.h> | 32 | #include <linux/list.h> |
34 | #include <linux/spinlock.h> | 33 | #include <linux/spinlock.h> |
35 | #include <linux/socket.h> | 34 | #include <linux/socket.h> |
@@ -48,7 +47,6 @@ | |||
48 | #include "netlabel_unlabeled.h" | 47 | #include "netlabel_unlabeled.h" |
49 | 48 | ||
50 | /* Accept unlabeled packets flag */ | 49 | /* Accept unlabeled packets flag */ |
51 | static DEFINE_SPINLOCK(netlabel_unlabel_acceptflg_lock); | ||
52 | static u8 netlabel_unlabel_acceptflg = 0; | 50 | static u8 netlabel_unlabel_acceptflg = 0; |
53 | 51 | ||
54 | /* NetLabel Generic NETLINK CIPSOv4 family */ | 52 | /* NetLabel Generic NETLINK CIPSOv4 family */ |
@@ -84,11 +82,8 @@ static void netlbl_unlabel_acceptflg_set(u8 value, | |||
84 | struct audit_buffer *audit_buf; | 82 | struct audit_buffer *audit_buf; |
85 | u8 old_val; | 83 | u8 old_val; |
86 | 84 | ||
87 | spin_lock(&netlabel_unlabel_acceptflg_lock); | ||
88 | old_val = netlabel_unlabel_acceptflg; | 85 | old_val = netlabel_unlabel_acceptflg; |
89 | netlabel_unlabel_acceptflg = value; | 86 | netlabel_unlabel_acceptflg = value; |
90 | spin_unlock(&netlabel_unlabel_acceptflg_lock); | ||
91 | |||
92 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW, | 87 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW, |
93 | audit_info); | 88 | audit_info); |
94 | if (audit_buf != NULL) { | 89 | if (audit_buf != NULL) { |
@@ -155,11 +150,9 @@ static int netlbl_unlabel_list(struct sk_buff *skb, struct genl_info *info) | |||
155 | goto list_failure; | 150 | goto list_failure; |
156 | } | 151 | } |
157 | 152 | ||
158 | rcu_read_lock(); | ||
159 | ret_val = nla_put_u8(ans_skb, | 153 | ret_val = nla_put_u8(ans_skb, |
160 | NLBL_UNLABEL_A_ACPTFLG, | 154 | NLBL_UNLABEL_A_ACPTFLG, |
161 | netlabel_unlabel_acceptflg); | 155 | netlabel_unlabel_acceptflg); |
162 | rcu_read_unlock(); | ||
163 | if (ret_val != 0) | 156 | if (ret_val != 0) |
164 | goto list_failure; | 157 | goto list_failure; |
165 | 158 | ||
@@ -245,17 +238,10 @@ int netlbl_unlabel_genl_init(void) | |||
245 | */ | 238 | */ |
246 | int netlbl_unlabel_getattr(struct netlbl_lsm_secattr *secattr) | 239 | int netlbl_unlabel_getattr(struct netlbl_lsm_secattr *secattr) |
247 | { | 240 | { |
248 | int ret_val; | 241 | if (netlabel_unlabel_acceptflg == 0) |
249 | 242 | return -ENOMSG; | |
250 | rcu_read_lock(); | 243 | netlbl_secattr_init(secattr); |
251 | if (netlabel_unlabel_acceptflg == 1) { | 244 | return 0; |
252 | netlbl_secattr_init(secattr); | ||
253 | ret_val = 0; | ||
254 | } else | ||
255 | ret_val = -ENOMSG; | ||
256 | rcu_read_unlock(); | ||
257 | |||
258 | return ret_val; | ||
259 | } | 245 | } |
260 | 246 | ||
261 | /** | 247 | /** |