Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/*
2 * SELinux interface to the NetLabel subsystem
3 *
4 * Author: Paul Moore <paul@paul-moore.com>
5 *
6 */
7
8/*
9 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
19 * the GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 *
25 */
26
27#ifndef _SELINUX_NETLABEL_H_
28#define _SELINUX_NETLABEL_H_
29
30#include <linux/types.h>
31#include <linux/fs.h>
32#include <linux/net.h>
33#include <linux/skbuff.h>
34#include <net/sock.h>
35#include <net/request_sock.h>
36
37#include "avc.h"
38#include "objsec.h"
39
40#ifdef CONFIG_NETLABEL
41void selinux_netlbl_cache_invalidate(void);
42
43void selinux_netlbl_err(struct sk_buff *skb, u16 family, int error,
44 int gateway);
45
46void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec);
47void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec);
48
49int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
50 u16 family,
51 u32 *type,
52 u32 *sid);
53int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
54 u16 family,
55 u32 sid);
56
57int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family);
58void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
59int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
60int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
61 struct sk_buff *skb,
62 u16 family,
63 struct common_audit_data *ad);
64int selinux_netlbl_socket_setsockopt(struct socket *sock,
65 int level,
66 int optname);
67int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
68
69#else
70static inline void selinux_netlbl_cache_invalidate(void)
71{
72 return;
73}
74
75static inline void selinux_netlbl_err(struct sk_buff *skb,
76 u16 family,
77 int error,
78 int gateway)
79{
80 return;
81}
82
83static inline void selinux_netlbl_sk_security_free(
84 struct sk_security_struct *sksec)
85{
86 return;
87}
88
89static inline void selinux_netlbl_sk_security_reset(
90 struct sk_security_struct *sksec)
91{
92 return;
93}
94
95static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
96 u16 family,
97 u32 *type,
98 u32 *sid)
99{
100 *type = NETLBL_NLTYPE_NONE;
101 *sid = SECSID_NULL;
102 return 0;
103}
104static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
105 u16 family,
106 u32 sid)
107{
108 return 0;
109}
110
111static inline int selinux_netlbl_conn_setsid(struct sock *sk,
112 struct sockaddr *addr)
113{
114 return 0;
115}
116
117static inline int selinux_netlbl_inet_conn_request(struct request_sock *req,
118 u16 family)
119{
120 return 0;
121}
122static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
123{
124 return;
125}
126static inline int selinux_netlbl_socket_post_create(struct sock *sk,
127 u16 family)
128{
129 return 0;
130}
131static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
132 struct sk_buff *skb,
133 u16 family,
134 struct common_audit_data *ad)
135{
136 return 0;
137}
138static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
139 int level,
140 int optname)
141{
142 return 0;
143}
144static inline int selinux_netlbl_socket_connect(struct sock *sk,
145 struct sockaddr *addr)
146{
147 return 0;
148}
149#endif /* CONFIG_NETLABEL */
150
151#endif