^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * NetLabel Management Support
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * This file defines the management functions for the NetLabel system. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * NetLabel system manages static and dynamic label mappings for network
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * protocols such as CIPSO and RIPSO.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Author: Paul Moore <paul@paul-moore.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/socket.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/skbuff.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/in.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/in6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <net/sock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <net/netlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <net/genetlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <net/ip.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <net/ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <net/netlabel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) #include <net/cipso_ipv4.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #include <net/calipso.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #include <linux/atomic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #include "netlabel_calipso.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #include "netlabel_domainhash.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #include "netlabel_user.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #include "netlabel_mgmt.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) /* NetLabel configured protocol counter */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) atomic_t netlabel_mgmt_protocount = ATOMIC_INIT(0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) /* Argument struct for netlbl_domhsh_walk() */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) struct netlbl_domhsh_walk_arg {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) struct netlink_callback *nl_cb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) u32 seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) /* NetLabel Generic NETLINK CIPSOv4 family */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) static struct genl_family netlbl_mgmt_gnl_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) /* NetLabel Netlink attribute policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) static const struct nla_policy netlbl_mgmt_genl_policy[NLBL_MGMT_A_MAX + 1] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) [NLBL_MGMT_A_DOMAIN] = { .type = NLA_NUL_STRING },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) [NLBL_MGMT_A_PROTOCOL] = { .type = NLA_U32 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) [NLBL_MGMT_A_VERSION] = { .type = NLA_U32 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) [NLBL_MGMT_A_CV4DOI] = { .type = NLA_U32 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) [NLBL_MGMT_A_FAMILY] = { .type = NLA_U16 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) [NLBL_MGMT_A_CLPDOI] = { .type = NLA_U32 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) * Helper Functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) * netlbl_mgmt_add - Handle an ADD message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) * @audit_info: NetLabel audit information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) * Helper function for the ADD and ADDDEF messages to add the domain mappings
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) * from the message to the hash table. See netlabel.h for a description of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) * message format. Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) static int netlbl_mgmt_add_common(struct genl_info *info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) struct netlbl_audit *audit_info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) void *pmap = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) int ret_val = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) struct netlbl_domaddr_map *addrmap = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) struct cipso_v4_doi *cipsov4 = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) struct calipso_doi *calipso = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) u32 tmp_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) struct netlbl_dom_map *entry = kzalloc(sizeof(*entry), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) if (!entry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) entry->def.type = nla_get_u32(info->attrs[NLBL_MGMT_A_PROTOCOL]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) if (info->attrs[NLBL_MGMT_A_DOMAIN]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) size_t tmp_size = nla_len(info->attrs[NLBL_MGMT_A_DOMAIN]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) entry->domain = kmalloc(tmp_size, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) if (entry->domain == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) goto add_free_entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) nla_strlcpy(entry->domain,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) info->attrs[NLBL_MGMT_A_DOMAIN], tmp_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) /* NOTE: internally we allow/use a entry->def.type value of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) * NETLBL_NLTYPE_ADDRSELECT but we don't currently allow users
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) * to pass that as a protocol value because we need to know the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) * "real" protocol */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) switch (entry->def.type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) case NETLBL_NLTYPE_UNLABELED:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) if (info->attrs[NLBL_MGMT_A_FAMILY])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) entry->family =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) nla_get_u16(info->attrs[NLBL_MGMT_A_FAMILY]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) entry->family = AF_UNSPEC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) case NETLBL_NLTYPE_CIPSOV4:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) if (!info->attrs[NLBL_MGMT_A_CV4DOI])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) goto add_free_domain;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) cipsov4 = cipso_v4_doi_getdef(tmp_val);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) if (cipsov4 == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) goto add_free_domain;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) entry->family = AF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) entry->def.cipso = cipsov4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) case NETLBL_NLTYPE_CALIPSO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) if (!info->attrs[NLBL_MGMT_A_CLPDOI])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) goto add_free_domain;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CLPDOI]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) calipso = calipso_doi_getdef(tmp_val);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) if (calipso == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) goto add_free_domain;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) entry->family = AF_INET6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) entry->def.calipso = calipso;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) #endif /* IPv6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) goto add_free_domain;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) if ((entry->family == AF_INET && info->attrs[NLBL_MGMT_A_IPV6ADDR]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) (entry->family == AF_INET6 && info->attrs[NLBL_MGMT_A_IPV4ADDR]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) goto add_doi_put_def;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) if (info->attrs[NLBL_MGMT_A_IPV4ADDR]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) struct in_addr *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) struct in_addr *mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) struct netlbl_domaddr4_map *map;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) addrmap = kzalloc(sizeof(*addrmap), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) if (addrmap == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) goto add_doi_put_def;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) INIT_LIST_HEAD(&addrmap->list4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) INIT_LIST_HEAD(&addrmap->list6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) if (nla_len(info->attrs[NLBL_MGMT_A_IPV4ADDR]) !=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) sizeof(struct in_addr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) ret_val = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) goto add_free_addrmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) if (nla_len(info->attrs[NLBL_MGMT_A_IPV4MASK]) !=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) sizeof(struct in_addr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) ret_val = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) goto add_free_addrmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) addr = nla_data(info->attrs[NLBL_MGMT_A_IPV4ADDR]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) mask = nla_data(info->attrs[NLBL_MGMT_A_IPV4MASK]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) map = kzalloc(sizeof(*map), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) if (map == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) goto add_free_addrmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) pmap = map;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) map->list.addr = addr->s_addr & mask->s_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) map->list.mask = mask->s_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) map->list.valid = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) map->def.type = entry->def.type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) if (cipsov4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) map->def.cipso = cipsov4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) ret_val = netlbl_af4list_add(&map->list, &addrmap->list4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) goto add_free_map;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) entry->family = AF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) entry->def.addrsel = addrmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) } else if (info->attrs[NLBL_MGMT_A_IPV6ADDR]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) struct in6_addr *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) struct in6_addr *mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) struct netlbl_domaddr6_map *map;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) addrmap = kzalloc(sizeof(*addrmap), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) if (addrmap == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) goto add_doi_put_def;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) INIT_LIST_HEAD(&addrmap->list4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) INIT_LIST_HEAD(&addrmap->list6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) if (nla_len(info->attrs[NLBL_MGMT_A_IPV6ADDR]) !=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) sizeof(struct in6_addr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) ret_val = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) goto add_free_addrmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) if (nla_len(info->attrs[NLBL_MGMT_A_IPV6MASK]) !=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) sizeof(struct in6_addr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) ret_val = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) goto add_free_addrmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) addr = nla_data(info->attrs[NLBL_MGMT_A_IPV6ADDR]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) mask = nla_data(info->attrs[NLBL_MGMT_A_IPV6MASK]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) map = kzalloc(sizeof(*map), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) if (map == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) goto add_free_addrmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) pmap = map;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) map->list.addr = *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) map->list.addr.s6_addr32[0] &= mask->s6_addr32[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) map->list.addr.s6_addr32[1] &= mask->s6_addr32[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) map->list.addr.s6_addr32[2] &= mask->s6_addr32[2];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) map->list.addr.s6_addr32[3] &= mask->s6_addr32[3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) map->list.mask = *mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) map->list.valid = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) map->def.type = entry->def.type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) if (calipso)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) map->def.calipso = calipso;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) ret_val = netlbl_af6list_add(&map->list, &addrmap->list6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) goto add_free_map;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) entry->family = AF_INET6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) entry->def.addrsel = addrmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) #endif /* IPv6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) ret_val = netlbl_domhsh_add(entry, audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) goto add_free_map;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) add_free_map:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) kfree(pmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) add_free_addrmap:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) kfree(addrmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) add_doi_put_def:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) cipso_v4_doi_putdef(cipsov4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) calipso_doi_putdef(calipso);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) add_free_domain:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) kfree(entry->domain);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) add_free_entry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) kfree(entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) * netlbl_mgmt_listentry - List a NetLabel/LSM domain map entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) * @entry: the map entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) * This function is a helper function used by the LISTALL and LISTDEF command
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) * handlers. The caller is responsible for ensuring that the RCU read lock
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) * is held. Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) static int netlbl_mgmt_listentry(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) struct netlbl_dom_map *entry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) int ret_val = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) struct nlattr *nla_a;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) struct nlattr *nla_b;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) struct netlbl_af4list *iter4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) struct netlbl_af6list *iter6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) if (entry->domain != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) ret_val = nla_put_string(skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) NLBL_MGMT_A_DOMAIN, entry->domain);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) ret_val = nla_put_u16(skb, NLBL_MGMT_A_FAMILY, entry->family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) switch (entry->def.type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) case NETLBL_NLTYPE_ADDRSELECT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) nla_a = nla_nest_start_noflag(skb, NLBL_MGMT_A_SELECTORLIST);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) if (nla_a == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) struct netlbl_domaddr4_map *map4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) struct in_addr addr_struct;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) nla_b = nla_nest_start_noflag(skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) NLBL_MGMT_A_ADDRSELECTOR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) if (nla_b == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) addr_struct.s_addr = iter4->addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) ret_val = nla_put_in_addr(skb, NLBL_MGMT_A_IPV4ADDR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) addr_struct.s_addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) addr_struct.s_addr = iter4->mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) ret_val = nla_put_in_addr(skb, NLBL_MGMT_A_IPV4MASK,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) addr_struct.s_addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) map4 = netlbl_domhsh_addr4_entry(iter4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) map4->def.type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) switch (map4->def.type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) case NETLBL_NLTYPE_CIPSOV4:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) map4->def.cipso->doi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) nla_nest_end(skb, nla_b);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) struct netlbl_domaddr6_map *map6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) nla_b = nla_nest_start_noflag(skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) NLBL_MGMT_A_ADDRSELECTOR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) if (nla_b == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) ret_val = nla_put_in6_addr(skb, NLBL_MGMT_A_IPV6ADDR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) &iter6->addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) ret_val = nla_put_in6_addr(skb, NLBL_MGMT_A_IPV6MASK,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) &iter6->mask);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) map6 = netlbl_domhsh_addr6_entry(iter6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) map6->def.type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) switch (map6->def.type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) case NETLBL_NLTYPE_CALIPSO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) ret_val = nla_put_u32(skb, NLBL_MGMT_A_CLPDOI,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) map6->def.calipso->doi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) nla_nest_end(skb, nla_b);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) #endif /* IPv6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) nla_nest_end(skb, nla_a);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) case NETLBL_NLTYPE_UNLABELED:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) entry->def.type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) case NETLBL_NLTYPE_CIPSOV4:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) entry->def.type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) entry->def.cipso->doi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) case NETLBL_NLTYPE_CALIPSO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) entry->def.type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) ret_val = nla_put_u32(skb, NLBL_MGMT_A_CLPDOI,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) entry->def.calipso->doi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) * NetLabel Command Handlers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) * netlbl_mgmt_add - Handle an ADD message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) * Process a user generated ADD message and add the domains from the message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) * to the hash table. See netlabel.h for a description of the message format.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) * Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) struct netlbl_audit audit_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) if ((!info->attrs[NLBL_MGMT_A_DOMAIN]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) (!info->attrs[NLBL_MGMT_A_PROTOCOL]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) (info->attrs[NLBL_MGMT_A_IPV4ADDR] &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) info->attrs[NLBL_MGMT_A_IPV6ADDR]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) (info->attrs[NLBL_MGMT_A_IPV4MASK] &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) info->attrs[NLBL_MGMT_A_IPV6MASK]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) ((info->attrs[NLBL_MGMT_A_IPV4ADDR] != NULL) ^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) (info->attrs[NLBL_MGMT_A_IPV4MASK] != NULL)) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) ((info->attrs[NLBL_MGMT_A_IPV6ADDR] != NULL) ^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) netlbl_netlink_auditinfo(skb, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) return netlbl_mgmt_add_common(info, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) * netlbl_mgmt_remove - Handle a REMOVE message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) * Process a user generated REMOVE message and remove the specified domain
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) * mappings. Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) static int netlbl_mgmt_remove(struct sk_buff *skb, struct genl_info *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) char *domain;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) struct netlbl_audit audit_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) if (!info->attrs[NLBL_MGMT_A_DOMAIN])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) netlbl_netlink_auditinfo(skb, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) domain = nla_data(info->attrs[NLBL_MGMT_A_DOMAIN]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) return netlbl_domhsh_remove(domain, AF_UNSPEC, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) * netlbl_mgmt_listall_cb - netlbl_domhsh_walk() callback for LISTALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) * @entry: the domain mapping hash table entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) * @arg: the netlbl_domhsh_walk_arg structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) * This function is designed to be used as a callback to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) * netlbl_domhsh_walk() function for use in generating a response for a LISTALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) * message. Returns the size of the message on success, negative values on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) * failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) static int netlbl_mgmt_listall_cb(struct netlbl_dom_map *entry, void *arg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) int ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) struct netlbl_domhsh_walk_arg *cb_arg = arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) void *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) cb_arg->seq, &netlbl_mgmt_gnl_family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) NLM_F_MULTI, NLBL_MGMT_C_LISTALL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) if (data == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) goto listall_cb_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) ret_val = netlbl_mgmt_listentry(cb_arg->skb, entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) goto listall_cb_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) cb_arg->seq++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) genlmsg_end(cb_arg->skb, data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) listall_cb_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) genlmsg_cancel(cb_arg->skb, data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) * netlbl_mgmt_listall - Handle a LISTALL message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) * @cb: the NETLINK callback
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) * Process a user generated LISTALL message and dumps the domain hash table in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) * a form suitable for use in a kernel generated LISTALL message. Returns zero
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) * on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) static int netlbl_mgmt_listall(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) struct netlink_callback *cb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) struct netlbl_domhsh_walk_arg cb_arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) u32 skip_bkt = cb->args[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) u32 skip_chain = cb->args[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) cb_arg.nl_cb = cb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) cb_arg.skb = skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) cb_arg.seq = cb->nlh->nlmsg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) netlbl_domhsh_walk(&skip_bkt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) &skip_chain,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) netlbl_mgmt_listall_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) &cb_arg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) cb->args[0] = skip_bkt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) cb->args[1] = skip_chain;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) return skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) * netlbl_mgmt_adddef - Handle an ADDDEF message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) * Process a user generated ADDDEF message and respond accordingly. Returns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) * zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) struct netlbl_audit audit_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) if ((!info->attrs[NLBL_MGMT_A_PROTOCOL]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) (info->attrs[NLBL_MGMT_A_IPV4ADDR] &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) info->attrs[NLBL_MGMT_A_IPV6ADDR]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) (info->attrs[NLBL_MGMT_A_IPV4MASK] &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) info->attrs[NLBL_MGMT_A_IPV6MASK]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) ((info->attrs[NLBL_MGMT_A_IPV4ADDR] != NULL) ^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) (info->attrs[NLBL_MGMT_A_IPV4MASK] != NULL)) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) ((info->attrs[NLBL_MGMT_A_IPV6ADDR] != NULL) ^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) netlbl_netlink_auditinfo(skb, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) return netlbl_mgmt_add_common(info, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) * netlbl_mgmt_removedef - Handle a REMOVEDEF message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) * Process a user generated REMOVEDEF message and remove the default domain
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) * mapping. Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) static int netlbl_mgmt_removedef(struct sk_buff *skb, struct genl_info *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) struct netlbl_audit audit_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) netlbl_netlink_auditinfo(skb, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) return netlbl_domhsh_remove_default(AF_UNSPEC, &audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) * netlbl_mgmt_listdef - Handle a LISTDEF message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) * Process a user generated LISTDEF message and dumps the default domain
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) * mapping in a form suitable for use in a kernel generated LISTDEF message.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) * Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) static int netlbl_mgmt_listdef(struct sk_buff *skb, struct genl_info *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) int ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) struct sk_buff *ans_skb = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) void *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) struct netlbl_dom_map *entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) u16 family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) if (info->attrs[NLBL_MGMT_A_FAMILY])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) family = nla_get_u16(info->attrs[NLBL_MGMT_A_FAMILY]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) family = AF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) if (ans_skb == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) data = genlmsg_put_reply(ans_skb, info, &netlbl_mgmt_gnl_family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) 0, NLBL_MGMT_C_LISTDEF);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) if (data == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) goto listdef_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) entry = netlbl_domhsh_getentry(NULL, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) if (entry == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) ret_val = -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) goto listdef_failure_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) ret_val = netlbl_mgmt_listentry(ans_skb, entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) goto listdef_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) genlmsg_end(ans_skb, data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) return genlmsg_reply(ans_skb, info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) listdef_failure_lock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) listdef_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) kfree_skb(ans_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) * netlbl_mgmt_protocols_cb - Write an individual PROTOCOL message response
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) * @skb: the skb to write to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) * @cb: the NETLINK callback
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) * @protocol: the NetLabel protocol to use in the message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) * This function is to be used in conjunction with netlbl_mgmt_protocols() to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) * answer a application's PROTOCOLS message. Returns the size of the message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) * on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) static int netlbl_mgmt_protocols_cb(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) struct netlink_callback *cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) u32 protocol)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) int ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) void *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) data = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) &netlbl_mgmt_gnl_family, NLM_F_MULTI,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) NLBL_MGMT_C_PROTOCOLS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) if (data == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) goto protocols_cb_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) goto protocols_cb_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) genlmsg_end(skb, data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) protocols_cb_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) genlmsg_cancel(skb, data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) * netlbl_mgmt_protocols - Handle a PROTOCOLS message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) * @cb: the NETLINK callback
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) * Process a user generated PROTOCOLS message and respond accordingly.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) static int netlbl_mgmt_protocols(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) struct netlink_callback *cb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) u32 protos_sent = cb->args[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) if (protos_sent == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) if (netlbl_mgmt_protocols_cb(skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) NETLBL_NLTYPE_UNLABELED) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) goto protocols_return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) protos_sent++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) if (protos_sent == 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) if (netlbl_mgmt_protocols_cb(skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) NETLBL_NLTYPE_CIPSOV4) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) goto protocols_return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) protos_sent++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) if (protos_sent == 2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) if (netlbl_mgmt_protocols_cb(skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) NETLBL_NLTYPE_CALIPSO) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) goto protocols_return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) protos_sent++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) protocols_return:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) cb->args[0] = protos_sent;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) return skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) * netlbl_mgmt_version - Handle a VERSION message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) * @skb: the NETLINK buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) * @info: the Generic NETLINK info block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) * Process a user generated VERSION message and respond accordingly. Returns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) * zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) static int netlbl_mgmt_version(struct sk_buff *skb, struct genl_info *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) int ret_val = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) struct sk_buff *ans_skb = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) void *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) if (ans_skb == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) data = genlmsg_put_reply(ans_skb, info, &netlbl_mgmt_gnl_family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) 0, NLBL_MGMT_C_VERSION);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) if (data == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) goto version_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) ret_val = nla_put_u32(ans_skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) NLBL_MGMT_A_VERSION,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) NETLBL_PROTO_VERSION);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) goto version_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) genlmsg_end(ans_skb, data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) return genlmsg_reply(ans_skb, info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) version_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) kfree_skb(ans_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) * NetLabel Generic NETLINK Command Definitions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) static const struct genl_small_ops netlbl_mgmt_genl_ops[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) .cmd = NLBL_MGMT_C_ADD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) .flags = GENL_ADMIN_PERM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) .doit = netlbl_mgmt_add,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) .dumpit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) .cmd = NLBL_MGMT_C_REMOVE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) .flags = GENL_ADMIN_PERM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) .doit = netlbl_mgmt_remove,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) .dumpit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) .cmd = NLBL_MGMT_C_LISTALL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) .flags = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) .doit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) .dumpit = netlbl_mgmt_listall,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) .cmd = NLBL_MGMT_C_ADDDEF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) .flags = GENL_ADMIN_PERM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) .doit = netlbl_mgmt_adddef,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) .dumpit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) .cmd = NLBL_MGMT_C_REMOVEDEF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) .flags = GENL_ADMIN_PERM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) .doit = netlbl_mgmt_removedef,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) .dumpit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798) .cmd = NLBL_MGMT_C_LISTDEF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) .flags = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) .doit = netlbl_mgmt_listdef,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) .dumpit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805) .cmd = NLBL_MGMT_C_PROTOCOLS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807) .flags = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) .doit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) .dumpit = netlbl_mgmt_protocols,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) .cmd = NLBL_MGMT_C_VERSION,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813) .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) .flags = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) .doit = netlbl_mgmt_version,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) .dumpit = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820) static struct genl_family netlbl_mgmt_gnl_family __ro_after_init = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) .hdrsize = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) .name = NETLBL_NLTYPE_MGMT_NAME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) .version = NETLBL_PROTO_VERSION,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824) .maxattr = NLBL_MGMT_A_MAX,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) .policy = netlbl_mgmt_genl_policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) .module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) .small_ops = netlbl_mgmt_genl_ops,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) .n_small_ops = ARRAY_SIZE(netlbl_mgmt_genl_ops),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832) * NetLabel Generic NETLINK Protocol Functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836) * netlbl_mgmt_genl_init - Register the NetLabel management component
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) * Register the NetLabel management component with the Generic NETLINK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840) * mechanism. Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) int __init netlbl_mgmt_genl_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) return genl_register_family(&netlbl_mgmt_gnl_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags