Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/selinux/netif.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * Network interface table.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Network interfaces (devices) do not have a security field, so we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * maintain a table associating each interface with a SID.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  * Author: James Morris <jmorris@redhat.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12)  *		      Paul Moore <paul@paul-moore.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <linux/stddef.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <linux/list.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include <linux/notifier.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) #include <linux/netdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #include <linux/rcupdate.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) #include <net/net_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) #include "security.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) #include "objsec.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) #include "netif.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) #define SEL_NETIF_HASH_SIZE	64
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) #define SEL_NETIF_HASH_MAX	1024
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) struct sel_netif {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 	struct list_head list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	struct netif_security_struct nsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 	struct rcu_head rcu_head;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) static u32 sel_netif_total;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) static LIST_HEAD(sel_netif_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) static DEFINE_SPINLOCK(sel_netif_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) static struct list_head sel_netif_hash[SEL_NETIF_HASH_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44)  * sel_netif_hashfn - Hashing function for the interface table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45)  * @ns: the network namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46)  * @ifindex: the network interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48)  * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49)  * This is the hashing function for the network interface table, it returns the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50)  * bucket number for the given interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 	return (((uintptr_t)ns + ifindex) & (SEL_NETIF_HASH_SIZE - 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59)  * sel_netif_find - Search for an interface record
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60)  * @ns: the network namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61)  * @ifindex: the network interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63)  * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64)  * Search the network interface table and return the record matching @ifindex.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65)  * If an entry can not be found in the table return NULL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) static inline struct sel_netif *sel_netif_find(const struct net *ns,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 					       int ifindex)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	int idx = sel_netif_hashfn(ns, ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	struct sel_netif *netif;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	list_for_each_entry_rcu(netif, &sel_netif_hash[idx], list)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 		if (net_eq(netif->nsec.ns, ns) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 		    netif->nsec.ifindex == ifindex)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 			return netif;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83)  * sel_netif_insert - Insert a new interface into the table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84)  * @netif: the new interface record
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86)  * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87)  * Add a new interface record to the network interface hash table.  Returns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88)  * zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) static int sel_netif_insert(struct sel_netif *netif)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 	int idx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	if (sel_netif_total >= SEL_NETIF_HASH_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 		return -ENOSPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	idx = sel_netif_hashfn(netif->nsec.ns, netif->nsec.ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	list_add_rcu(&netif->list, &sel_netif_hash[idx]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	sel_netif_total++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106)  * sel_netif_destroy - Remove an interface record from the table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107)  * @netif: the existing interface record
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109)  * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)  * Remove an existing interface record from the network interface table.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) static void sel_netif_destroy(struct sel_netif *netif)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	list_del_rcu(&netif->list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 	sel_netif_total--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	kfree_rcu(netif, rcu_head);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121)  * sel_netif_sid_slow - Lookup the SID of a network interface using the policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122)  * @ns: the network namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123)  * @ifindex: the network interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124)  * @sid: interface SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)  * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)  * This function determines the SID of a network interface by querying the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)  * security policy.  The result is added to the network interface table to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)  * speedup future queries.  Returns zero on success, negative values on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)  * failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 	int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	struct sel_netif *netif;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 	struct sel_netif *new;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 	struct net_device *dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	/* NOTE: we always use init's network namespace since we don't
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 	 * currently support containers */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	dev = dev_get_by_index(ns, ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 	if (unlikely(dev == NULL)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 		pr_warn("SELinux: failure in %s(), invalid network interface (%d)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 			__func__, ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 		return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	spin_lock_bh(&sel_netif_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	netif = sel_netif_find(ns, ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 	if (netif != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 		*sid = netif->nsec.sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 	ret = security_netif_sid(&selinux_state, dev->name, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 	if (ret != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	new = kzalloc(sizeof(*new), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	if (new) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 		new->nsec.ns = ns;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 		new->nsec.ifindex = ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 		new->nsec.sid = *sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 		if (sel_netif_insert(new))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 			kfree(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 	spin_unlock_bh(&sel_netif_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	dev_put(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 	if (unlikely(ret))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 		pr_warn("SELinux: failure in %s(), unable to determine network interface label (%d)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 			__func__, ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179)  * sel_netif_sid - Lookup the SID of a network interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)  * @ns: the network namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181)  * @ifindex: the network interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182)  * @sid: interface SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184)  * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185)  * This function determines the SID of a network interface using the fastest
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)  * method possible.  First the interface table is queried, but if an entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187)  * can't be found then the policy is queried and the result is added to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)  * table to speedup future queries.  Returns zero on success, negative values
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189)  * on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) int sel_netif_sid(struct net *ns, int ifindex, u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 	struct sel_netif *netif;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 	rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	netif = sel_netif_find(ns, ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 	if (likely(netif != NULL)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 		*sid = netif->nsec.sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 		rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 	rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	return sel_netif_sid_slow(ns, ifindex, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)  * sel_netif_kill - Remove an entry from the network interface table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210)  * @ns: the network namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211)  * @ifindex: the network interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213)  * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)  * This function removes the entry matching @ifindex from the network interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)  * table if it exists.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) static void sel_netif_kill(const struct net *ns, int ifindex)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 	struct sel_netif *netif;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	spin_lock_bh(&sel_netif_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 	netif = sel_netif_find(ns, ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	if (netif)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 		sel_netif_destroy(netif);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	spin_unlock_bh(&sel_netif_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 	rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232)  * sel_netif_flush - Flush the entire network interface table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234)  * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)  * Remove all entries from the network interface table.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) void sel_netif_flush(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 	int idx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 	struct sel_netif *netif;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 	spin_lock_bh(&sel_netif_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	for (idx = 0; idx < SEL_NETIF_HASH_SIZE; idx++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 		list_for_each_entry(netif, &sel_netif_hash[idx], list)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 			sel_netif_destroy(netif);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	spin_unlock_bh(&sel_netif_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) static int sel_netif_netdev_notifier_handler(struct notifier_block *this,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 					     unsigned long event, void *ptr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 	if (event == NETDEV_DOWN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 		sel_netif_kill(dev_net(dev), dev->ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 	return NOTIFY_DONE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) static struct notifier_block sel_netif_netdev_notifier = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 	.notifier_call = sel_netif_netdev_notifier_handler,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) static __init int sel_netif_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 	int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 	if (!selinux_enabled_boot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 	for (i = 0; i < SEL_NETIF_HASH_SIZE; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 		INIT_LIST_HEAD(&sel_netif_hash[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 	register_netdevice_notifier(&sel_netif_netdev_notifier);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) __initcall(sel_netif_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281)
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.