^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /* SPDX-License-Identifier: GPL-2.0-or-later */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * SELinux interface to the NetLabel subsystem
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Author: Paul Moore <paul@paul-moore.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #ifndef _SELINUX_NETLABEL_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #define _SELINUX_NETLABEL_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/net.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/skbuff.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <net/sock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <net/request_sock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <net/sctp/structs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include "avc.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include "objsec.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #ifdef CONFIG_NETLABEL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) void selinux_netlbl_cache_invalidate(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) void selinux_netlbl_err(struct sk_buff *skb, u16 family, int error,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) int gateway);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) u16 family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) u32 *type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) u32 *sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) u16 family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) u32 sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) u16 family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) struct common_audit_data *ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) int selinux_netlbl_socket_setsockopt(struct socket *sock,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) int level,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) int optname);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) int selinux_netlbl_socket_connect_locked(struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) struct sockaddr *addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) static inline void selinux_netlbl_cache_invalidate(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) static inline void selinux_netlbl_err(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) u16 family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) int error,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) int gateway)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) static inline void selinux_netlbl_sk_security_free(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) struct sk_security_struct *sksec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) static inline void selinux_netlbl_sk_security_reset(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) struct sk_security_struct *sksec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) u16 family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) u32 *type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) *type = NETLBL_NLTYPE_NONE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) *sid = SECSID_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) u16 family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) u32 sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) static inline int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) static inline int selinux_netlbl_inet_conn_request(struct request_sock *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) u16 family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) struct sock *newsk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) static inline int selinux_netlbl_socket_post_create(struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) u16 family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) u16 family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) struct common_audit_data *ad)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) int level,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) int optname)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) static inline int selinux_netlbl_socket_connect(struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) struct sockaddr *addr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) static inline int selinux_netlbl_socket_connect_locked(struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) struct sockaddr *addr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) #endif /* CONFIG_NETLABEL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) #endif
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags