^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * NetLabel CALIPSO/IPv6 Support
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * This file defines the CALIPSO/IPv6 functions for the NetLabel system. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * NetLabel system manages static and dynamic label mappings for network
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * protocols such as CIPSO and CALIPSO.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Authors: Paul Moore <paul@paul-moore.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) * Huw Davies <huw@codeweavers.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) /* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/socket.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/skbuff.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <net/sock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <net/netlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <net/genetlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <net/netlabel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <net/calipso.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <linux/atomic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #include "netlabel_user.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #include "netlabel_calipso.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #include "netlabel_mgmt.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #include "netlabel_domainhash.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) /* Argument struct for calipso_doi_walk() */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) struct netlbl_calipso_doiwalk_arg {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) struct netlink_callback *nl_cb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) u32 seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) /* Argument struct for netlbl_domhsh_walk() */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) struct netlbl_domhsh_walk_arg {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) struct netlbl_audit *audit_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) u32 doi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) /* NetLabel Generic NETLINK CALIPSO family */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) static struct genl_family netlbl_calipso_gnl_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) /* NetLabel Netlink attribute policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) static const struct nla_policy calipso_genl_policy[NLBL_CALIPSO_A_MAX + 1] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) [NLBL_CALIPSO_A_DOI] = { .type = NLA_U32 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) [NLBL_CALIPSO_A_MTYPE] = { .type = NLA_U32 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) /* NetLabel Command Handlers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) * netlbl_calipso_add_pass - Adds a CALIPSO pass DOI definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) * @audit_info: NetLabel audit information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) * Create a new CALIPSO_MAP_PASS DOI definition based on the given ADD message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) * and add it to the CALIPSO engine. Return zero on success and non-zero on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) * error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) static int netlbl_calipso_add_pass(struct genl_info *info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) struct netlbl_audit *audit_info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) int ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) struct calipso_doi *doi_def = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) if (!doi_def)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) doi_def->type = CALIPSO_MAP_PASS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) doi_def->doi = nla_get_u32(info->attrs[NLBL_CALIPSO_A_DOI]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) ret_val = calipso_doi_add(doi_def, audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) calipso_doi_free(doi_def);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) * netlbl_calipso_add - Handle an ADD message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) * Create a new DOI definition based on the given ADD message and add it to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) * CALIPSO engine. Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) static int netlbl_calipso_add(struct sk_buff *skb, struct genl_info *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) int ret_val = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) struct netlbl_audit audit_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) if (!info->attrs[NLBL_CALIPSO_A_DOI] ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) !info->attrs[NLBL_CALIPSO_A_MTYPE])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) netlbl_netlink_auditinfo(skb, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) switch (nla_get_u32(info->attrs[NLBL_CALIPSO_A_MTYPE])) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) case CALIPSO_MAP_PASS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) ret_val = netlbl_calipso_add_pass(info, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) if (ret_val == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) atomic_inc(&netlabel_mgmt_protocount);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) * netlbl_calipso_list - Handle a LIST message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) * Process a user generated LIST message and respond accordingly.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) * Returns zero on success and negative values on error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) static int netlbl_calipso_list(struct sk_buff *skb, struct genl_info *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) int ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) struct sk_buff *ans_skb = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) void *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) u32 doi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) struct calipso_doi *doi_def;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) if (!info->attrs[NLBL_CALIPSO_A_DOI]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) ret_val = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) goto list_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) doi = nla_get_u32(info->attrs[NLBL_CALIPSO_A_DOI]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) doi_def = calipso_doi_getdef(doi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) if (!doi_def) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) ret_val = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) goto list_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) if (!ans_skb) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) goto list_failure_put;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) data = genlmsg_put_reply(ans_skb, info, &netlbl_calipso_gnl_family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 0, NLBL_CALIPSO_C_LIST);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) if (!data) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) goto list_failure_put;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) ret_val = nla_put_u32(ans_skb, NLBL_CALIPSO_A_MTYPE, doi_def->type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) goto list_failure_put;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) calipso_doi_putdef(doi_def);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) genlmsg_end(ans_skb, data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) return genlmsg_reply(ans_skb, info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) list_failure_put:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) calipso_doi_putdef(doi_def);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) list_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) kfree_skb(ans_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) * netlbl_calipso_listall_cb - calipso_doi_walk() callback for LISTALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) * @doi_def: the CALIPSO DOI definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) * @arg: the netlbl_calipso_doiwalk_arg structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) * This function is designed to be used as a callback to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) * calipso_doi_walk() function for use in generating a response for a LISTALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) * message. Returns the size of the message on success, negative values on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) * failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) static int netlbl_calipso_listall_cb(struct calipso_doi *doi_def, void *arg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) int ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) struct netlbl_calipso_doiwalk_arg *cb_arg = arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) void *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) cb_arg->seq, &netlbl_calipso_gnl_family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) NLM_F_MULTI, NLBL_CALIPSO_C_LISTALL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) if (!data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) goto listall_cb_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) ret_val = nla_put_u32(cb_arg->skb, NLBL_CALIPSO_A_DOI, doi_def->doi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) goto listall_cb_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) ret_val = nla_put_u32(cb_arg->skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) NLBL_CALIPSO_A_MTYPE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) doi_def->type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) goto listall_cb_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) genlmsg_end(cb_arg->skb, data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) listall_cb_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) genlmsg_cancel(cb_arg->skb, data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) * netlbl_calipso_listall - Handle a LISTALL message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) * @cb: the NETLINK callback
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) * Process a user generated LISTALL message and respond accordingly. Returns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) * zero on success and negative values on error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) static int netlbl_calipso_listall(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) struct netlink_callback *cb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) struct netlbl_calipso_doiwalk_arg cb_arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) u32 doi_skip = cb->args[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) cb_arg.nl_cb = cb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) cb_arg.skb = skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) cb_arg.seq = cb->nlh->nlmsg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) calipso_doi_walk(&doi_skip, netlbl_calipso_listall_cb, &cb_arg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) cb->args[0] = doi_skip;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) return skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) * netlbl_calipso_remove_cb - netlbl_calipso_remove() callback for REMOVE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) * @entry: LSM domain mapping entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) * @arg: the netlbl_domhsh_walk_arg structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) * This function is intended for use by netlbl_calipso_remove() as the callback
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) * for the netlbl_domhsh_walk() function; it removes LSM domain map entries
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) * which are associated with the CALIPSO DOI specified in @arg. Returns zero on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) * success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) static int netlbl_calipso_remove_cb(struct netlbl_dom_map *entry, void *arg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) struct netlbl_domhsh_walk_arg *cb_arg = arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) if (entry->def.type == NETLBL_NLTYPE_CALIPSO &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) entry->def.calipso->doi == cb_arg->doi)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) return netlbl_domhsh_remove_entry(entry, cb_arg->audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) * netlbl_calipso_remove - Handle a REMOVE message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) * Process a user generated REMOVE message and respond accordingly. Returns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) * zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) static int netlbl_calipso_remove(struct sk_buff *skb, struct genl_info *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) int ret_val = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) struct netlbl_domhsh_walk_arg cb_arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) struct netlbl_audit audit_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) u32 skip_bkt = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) u32 skip_chain = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) if (!info->attrs[NLBL_CALIPSO_A_DOI])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) netlbl_netlink_auditinfo(skb, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) cb_arg.doi = nla_get_u32(info->attrs[NLBL_CALIPSO_A_DOI]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) cb_arg.audit_info = &audit_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) netlbl_calipso_remove_cb, &cb_arg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) if (ret_val == 0 || ret_val == -ENOENT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) ret_val = calipso_doi_remove(cb_arg.doi, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) if (ret_val == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) atomic_dec(&netlabel_mgmt_protocount);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) /* NetLabel Generic NETLINK Command Definitions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) static const struct genl_small_ops netlbl_calipso_ops[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) .cmd = NLBL_CALIPSO_C_ADD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) .flags = GENL_ADMIN_PERM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) .doit = netlbl_calipso_add,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) .dumpit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) .cmd = NLBL_CALIPSO_C_REMOVE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) .flags = GENL_ADMIN_PERM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) .doit = netlbl_calipso_remove,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) .dumpit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) .cmd = NLBL_CALIPSO_C_LIST,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) .flags = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) .doit = netlbl_calipso_list,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) .dumpit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) .cmd = NLBL_CALIPSO_C_LISTALL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) .flags = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) .doit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) .dumpit = netlbl_calipso_listall,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) static struct genl_family netlbl_calipso_gnl_family __ro_after_init = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) .hdrsize = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) .name = NETLBL_NLTYPE_CALIPSO_NAME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) .version = NETLBL_PROTO_VERSION,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) .maxattr = NLBL_CALIPSO_A_MAX,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) .policy = calipso_genl_policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) .module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) .small_ops = netlbl_calipso_ops,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) .n_small_ops = ARRAY_SIZE(netlbl_calipso_ops),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) /* NetLabel Generic NETLINK Protocol Functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) * netlbl_calipso_genl_init - Register the CALIPSO NetLabel component
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) * Register the CALIPSO packet NetLabel component with the Generic NETLINK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) * mechanism. Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) int __init netlbl_calipso_genl_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) return genl_register_family(&netlbl_calipso_gnl_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) static const struct netlbl_calipso_ops *calipso_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) * netlbl_calipso_ops_register - Register the CALIPSO operations
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) * Register the CALIPSO packet engine operations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) const struct netlbl_calipso_ops *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) netlbl_calipso_ops_register(const struct netlbl_calipso_ops *ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) return xchg(&calipso_ops, ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) EXPORT_SYMBOL(netlbl_calipso_ops_register);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) static const struct netlbl_calipso_ops *netlbl_calipso_ops_get(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) return READ_ONCE(calipso_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) * calipso_doi_add - Add a new DOI to the CALIPSO protocol engine
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) * @doi_def: the DOI structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) * @audit_info: NetLabel audit information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) * The caller defines a new DOI for use by the CALIPSO engine and calls this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) * function to add it to the list of acceptable domains. The caller must
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) * ensure that the mapping table specified in @doi_def->map meets all of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) * requirements of the mapping type (see calipso.h for details). Returns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) * zero on success and non-zero on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) int calipso_doi_add(struct calipso_doi *doi_def,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) struct netlbl_audit *audit_info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) ret_val = ops->doi_add(doi_def, audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) * calipso_doi_free - Frees a DOI definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) * @doi_def: the DOI definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) * This function frees all of the memory associated with a DOI definition.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) void calipso_doi_free(struct calipso_doi *doi_def)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) ops->doi_free(doi_def);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) * calipso_doi_remove - Remove an existing DOI from the CALIPSO protocol engine
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) * @doi: the DOI value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) * @audit_info: NetLabel audit information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) * Removes a DOI definition from the CALIPSO engine. The NetLabel routines will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) * be called to release their own LSM domain mappings as well as our own
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) * domain list. Returns zero on success and negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) ret_val = ops->doi_remove(doi, audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) * calipso_doi_getdef - Returns a reference to a valid DOI definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) * @doi: the DOI value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) * Searches for a valid DOI definition and if one is found it is returned to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) * the caller. Otherwise NULL is returned. The caller must ensure that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) * calipso_doi_putdef() is called when the caller is done.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) struct calipso_doi *calipso_doi_getdef(u32 doi)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) struct calipso_doi *ret_val = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) ret_val = ops->doi_getdef(doi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) * calipso_doi_putdef - Releases a reference for the given DOI definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) * @doi_def: the DOI definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) * Releases a DOI definition reference obtained from calipso_doi_getdef().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) void calipso_doi_putdef(struct calipso_doi *doi_def)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) ops->doi_putdef(doi_def);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) * calipso_doi_walk - Iterate through the DOI definitions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) * @skip_cnt: skip past this number of DOI definitions, updated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) * @callback: callback for each DOI definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) * @cb_arg: argument for the callback function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) * Iterate over the DOI definition list, skipping the first @skip_cnt entries.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) * For each entry call @callback, if @callback returns a negative value stop
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) * 'walking' through the list and return. Updates the value in @skip_cnt upon
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) * return. Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) int calipso_doi_walk(u32 *skip_cnt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) int (*callback)(struct calipso_doi *doi_def, void *arg),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) void *cb_arg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) ret_val = ops->doi_walk(skip_cnt, callback, cb_arg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) * calipso_sock_getattr - Get the security attributes from a sock
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) * @sk: the sock
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) * @secattr: the security attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) * Query @sk to see if there is a CALIPSO option attached to the sock and if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) * there is return the CALIPSO security attributes in @secattr. This function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) * requires that @sk be locked, or privately held, but it does not do any
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) * locking itself. Returns zero on success and negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) int calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) ret_val = ops->sock_getattr(sk, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) * calipso_sock_setattr - Add a CALIPSO option to a socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) * @sk: the socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) * @doi_def: the CALIPSO DOI to use
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) * @secattr: the specific security attributes of the socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) * Set the CALIPSO option on the given socket using the DOI definition and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) * security attributes passed to the function. This function requires
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) * exclusive access to @sk, which means it either needs to be in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) * process of being created or locked. Returns zero on success and negative
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) * values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) int calipso_sock_setattr(struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) const struct calipso_doi *doi_def,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) const struct netlbl_lsm_secattr *secattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) ret_val = ops->sock_setattr(sk, doi_def, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) * calipso_sock_delattr - Delete the CALIPSO option from a socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) * @sk: the socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) * Removes the CALIPSO option from a socket, if present.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) void calipso_sock_delattr(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) ops->sock_delattr(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) * calipso_req_setattr - Add a CALIPSO option to a connection request socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) * @req: the connection request socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) * @doi_def: the CALIPSO DOI to use
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) * @secattr: the specific security attributes of the socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) * Set the CALIPSO option on the given socket using the DOI definition and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) * security attributes passed to the function. Returns zero on success and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) * negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) int calipso_req_setattr(struct request_sock *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) const struct calipso_doi *doi_def,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) const struct netlbl_lsm_secattr *secattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) ret_val = ops->req_setattr(req, doi_def, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) * calipso_req_delattr - Delete the CALIPSO option from a request socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) * @req: the request socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) * Removes the CALIPSO option from a request socket, if present.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) void calipso_req_delattr(struct request_sock *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) ops->req_delattr(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) * calipso_optptr - Find the CALIPSO option in the packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) * @skb: the packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) * Parse the packet's IP header looking for a CALIPSO option. Returns a pointer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) * to the start of the CALIPSO option on success, NULL if one if not found.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) unsigned char *calipso_optptr(const struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) unsigned char *ret_val = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) ret_val = ops->skbuff_optptr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) * calipso_getattr - Get the security attributes from a memory block.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) * @calipso: the CALIPSO option
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) * @secattr: the security attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) * Inspect @calipso and return the security attributes in @secattr.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) * Returns zero on success and negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) int calipso_getattr(const unsigned char *calipso,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) struct netlbl_lsm_secattr *secattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) ret_val = ops->opt_getattr(calipso, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) * calipso_skbuff_setattr - Set the CALIPSO option on a packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) * @skb: the packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) * @doi_def: the CALIPSO DOI to use
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) * @secattr: the security attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) * Set the CALIPSO option on the given packet based on the security attributes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) * Returns a pointer to the IP header on success and NULL on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) int calipso_skbuff_setattr(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) const struct calipso_doi *doi_def,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) const struct netlbl_lsm_secattr *secattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) ret_val = ops->skbuff_setattr(skb, doi_def, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) * calipso_skbuff_delattr - Delete any CALIPSO options from a packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) * @skb: the packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) * Removes any and all CALIPSO options from the given packet. Returns zero on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) * success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) int calipso_skbuff_delattr(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) ret_val = ops->skbuff_delattr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) * calipso_cache_invalidate - Invalidates the current CALIPSO cache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) * Invalidates and frees any entries in the CALIPSO cache. Returns zero on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) * success and negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) void calipso_cache_invalidate(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) ops->cache_invalidate();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) * calipso_cache_add - Add an entry to the CALIPSO cache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) * @calipso_ptr: the CALIPSO option
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) * @secattr: the packet's security attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) * Add a new entry into the CALIPSO label mapping cache.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) * Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) int calipso_cache_add(const unsigned char *calipso_ptr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) const struct netlbl_lsm_secattr *secattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) int ret_val = -ENOMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) if (ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) ret_val = ops->cache_add(calipso_ptr, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags