^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * NetLabel NETLINK Interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * This file defines the NETLINK interface for the NetLabel system. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * NetLabel system manages static and dynamic label mappings for network
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * protocols such as CIPSO and RIPSO.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Author: Paul Moore <paul@paul-moore.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/list.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/socket.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/tty.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <linux/security.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <linux/gfp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <net/sock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <net/netlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <net/genetlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <net/netlabel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <asm/bug.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #include "netlabel_mgmt.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #include "netlabel_unlabeled.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #include "netlabel_cipso_v4.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #include "netlabel_calipso.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #include "netlabel_user.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) * NetLabel NETLINK Setup Functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) * netlbl_netlink_init - Initialize the NETLINK communication channel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) * Call out to the NetLabel components so they can register their families and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) * commands with the Generic NETLINK mechanism. Returns zero on success and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) * non-zero on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) int __init netlbl_netlink_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) int ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) ret_val = netlbl_mgmt_genl_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) ret_val = netlbl_cipsov4_genl_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) ret_val = netlbl_calipso_genl_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) if (ret_val != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) return ret_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) return netlbl_unlabel_genl_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) * NetLabel Audit Functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) * netlbl_audit_start_common - Start an audit message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) * @type: audit message type
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) * @audit_info: NetLabel audit information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) * Start an audit message using the type specified in @type and fill the audit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) * message with some fields common to all NetLabel audit messages. Returns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) * a pointer to the audit buffer on success, NULL on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) struct audit_buffer *netlbl_audit_start_common(int type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) struct netlbl_audit *audit_info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) struct audit_buffer *audit_buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) char *secctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) u32 secctx_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) if (audit_enabled == AUDIT_OFF)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) if (audit_buf == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) audit_log_format(audit_buf, "netlabel: auid=%u ses=%u",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) from_kuid(&init_user_ns, audit_info->loginuid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) audit_info->sessionid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) if (audit_info->secid != 0 &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) security_secid_to_secctx(audit_info->secid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) &secctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) &secctx_len) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) audit_log_format(audit_buf, " subj=%s", secctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) security_release_secctx(secctx, secctx_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) return audit_buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags