Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/*
2 * SELinux interface to the NetLabel subsystem
3 *
4 * Author: Paul Moore <paul@paul-moore.com>
5 *
6 */
7
8/*
9 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
19 * the GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program. If not, see <http://www.gnu.org/licenses/>.
23 *
24 */
25
26#ifndef _SELINUX_NETLABEL_H_
27#define _SELINUX_NETLABEL_H_
28
29#include <linux/types.h>
30#include <linux/fs.h>
31#include <linux/net.h>
32#include <linux/skbuff.h>
33#include <net/sock.h>
34#include <net/request_sock.h>
35
36#include "avc.h"
37#include "objsec.h"
38
39#ifdef CONFIG_NETLABEL
40void selinux_netlbl_cache_invalidate(void);
41
42void selinux_netlbl_err(struct sk_buff *skb, u16 family, int error,
43 int gateway);
44
45void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec);
46void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec);
47
48int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
49 u16 family,
50 u32 *type,
51 u32 *sid);
52int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
53 u16 family,
54 u32 sid);
55
56int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family);
57void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
58int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
59int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
60 struct sk_buff *skb,
61 u16 family,
62 struct common_audit_data *ad);
63int selinux_netlbl_socket_setsockopt(struct socket *sock,
64 int level,
65 int optname);
66int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
67
68#else
69static inline void selinux_netlbl_cache_invalidate(void)
70{
71 return;
72}
73
74static inline void selinux_netlbl_err(struct sk_buff *skb,
75 u16 family,
76 int error,
77 int gateway)
78{
79 return;
80}
81
82static inline void selinux_netlbl_sk_security_free(
83 struct sk_security_struct *sksec)
84{
85 return;
86}
87
88static inline void selinux_netlbl_sk_security_reset(
89 struct sk_security_struct *sksec)
90{
91 return;
92}
93
94static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
95 u16 family,
96 u32 *type,
97 u32 *sid)
98{
99 *type = NETLBL_NLTYPE_NONE;
100 *sid = SECSID_NULL;
101 return 0;
102}
103static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
104 u16 family,
105 u32 sid)
106{
107 return 0;
108}
109
110static inline int selinux_netlbl_conn_setsid(struct sock *sk,
111 struct sockaddr *addr)
112{
113 return 0;
114}
115
116static inline int selinux_netlbl_inet_conn_request(struct request_sock *req,
117 u16 family)
118{
119 return 0;
120}
121static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
122{
123 return;
124}
125static inline int selinux_netlbl_socket_post_create(struct sock *sk,
126 u16 family)
127{
128 return 0;
129}
130static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
131 struct sk_buff *skb,
132 u16 family,
133 struct common_audit_data *ad)
134{
135 return 0;
136}
137static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
138 int level,
139 int optname)
140{
141 return 0;
142}
143static inline int selinux_netlbl_socket_connect(struct sock *sk,
144 struct sockaddr *addr)
145{
146 return 0;
147}
148#endif /* CONFIG_NETLABEL */
149
150#endif