Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/selinux/include/xfrm.h 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) /* SPDX-License-Identifier: GPL-2.0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3)  * SELinux support for the XFRM LSM hooks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5)  * Author : Trent Jaeger, <jaegert@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6)  * Updated : Venkat Yekkirala, <vyekkirala@TrustedCS.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) #ifndef _SELINUX_XFRM_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) #define _SELINUX_XFRM_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <net/flow.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 			      struct xfrm_user_sec_ctx *uctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 			      gfp_t gfp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 			      struct xfrm_sec_ctx **new_ctxp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) int selinux_xfrm_state_alloc(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 			     struct xfrm_user_sec_ctx *uctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 				     struct xfrm_sec_ctx *polsec, u32 secid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) void selinux_xfrm_state_free(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) int selinux_xfrm_state_delete(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 				      struct xfrm_policy *xp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) 				      const struct flowi *fl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #ifdef CONFIG_SECURITY_NETWORK_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) extern atomic_t selinux_xfrm_refcount;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) static inline int selinux_xfrm_enabled(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) 	return (atomic_read(&selinux_xfrm_refcount) > 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 			      struct common_audit_data *ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 				struct common_audit_data *ad, u8 proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) static inline void selinux_xfrm_notify_policyload(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) 	struct net *net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) 	down_read(&net_rwsem);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) 	for_each_net(net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) 		rt_genid_bump_all(net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) 	up_read(&net_rwsem);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) static inline int selinux_xfrm_enabled(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) 					    struct common_audit_data *ad)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) 					      struct common_audit_data *ad,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) 					      u8 proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) 					      int ckall)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) 	*sid = SECSID_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) static inline void selinux_xfrm_notify_policyload(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) static inline int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) 	*sid = SECSID_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) #endif /* _SELINUX_XFRM_H_ */
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.