Eric Lee / smarc-fsl-linux-kernel

Blame view

net/netlabel/netlabel_calipso.h 4.46 KB
edit raw normal view history
cb72d3821   Huw Davies   netlabel: Initial... 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
  /*
   * NetLabel CALIPSO Support
   *
   * This file defines the CALIPSO functions for the NetLabel system.  The
   * NetLabel system manages static and dynamic label mappings for network
   * protocols such as CIPSO and RIPSO.
   *
   * Authors: Paul Moore <paul@paul-moore.com>
   *          Huw Davies <huw@codeweavers.com>
   *
   */
  
  /* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
   * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015
   *
   * This program is free software;  you can redistribute it and/or modify
   * it under the terms of the GNU General Public License as published by
   * the Free Software Foundation; either version 2 of the License, or
   * (at your option) any later version.
   *
   * This program is distributed in the hope that it will be useful,
   * but WITHOUT ANY WARRANTY;  without even the implied warranty of
   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
   * the GNU General Public License for more details.
   *
   * You should have received a copy of the GNU General Public License
   * along with this program;  if not, see <http://www.gnu.org/licenses/>.
   *
   */
  
  #ifndef _NETLABEL_CALIPSO
  #define _NETLABEL_CALIPSO
  
  #include <net/netlabel.h>
  #include <net/calipso.h>
  
  /* The following NetLabel payloads are supported by the CALIPSO subsystem.
   *
   * o ADD:
   *   Sent by an application to add a new DOI mapping table.
   *
   *   Required attributes:
   *
   *     NLBL_CALIPSO_A_DOI
   *     NLBL_CALIPSO_A_MTYPE
   *
   *   If using CALIPSO_MAP_PASS no additional attributes are required.
   *
d7cce0150   Huw Davies   netlabel: Add sup... 
49
50
51
52
53
54
55
56
 
   * o REMOVE:
   *   Sent by an application to remove a specific DOI mapping table from the
   *   CALIPSO system.
   *
   *   Required attributes:
   *
   *     NLBL_CALIPSO_A_DOI
   *
a5e34490c   Huw Davies   netlabel: Add sup... 
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
   * o LIST:
   *   Sent by an application to list the details of a DOI definition.  On
   *   success the kernel should send a response using the following format.
   *
   *   Required attributes:
   *
   *     NLBL_CALIPSO_A_DOI
   *
   *   The valid response message format depends on the type of the DOI mapping,
   *   the defined formats are shown below.
   *
   *   Required attributes:
   *
   *     NLBL_CALIPSO_A_MTYPE
   *
   *   If using CALIPSO_MAP_PASS no additional attributes are required.
   *
e1ce69df7   Huw Davies   netlabel: Add sup... 
74
75
76
77
78
79
80
81
82
83
84
 
   * o LISTALL:
   *   This message is sent by an application to list the valid DOIs on the
   *   system.  When sent by an application there is no payload and the
   *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
   *   the following messages.
   *
   *   Required attributes:
   *
   *    NLBL_CALIPSO_A_DOI
   *    NLBL_CALIPSO_A_MTYPE
   *
cb72d3821   Huw Davies   netlabel: Initial... 
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
   */
  
  /* NetLabel CALIPSO commands */
  enum {
  	NLBL_CALIPSO_C_UNSPEC,
  	NLBL_CALIPSO_C_ADD,
  	NLBL_CALIPSO_C_REMOVE,
  	NLBL_CALIPSO_C_LIST,
  	NLBL_CALIPSO_C_LISTALL,
  	__NLBL_CALIPSO_C_MAX,
  };
  
  /* NetLabel CALIPSO attributes */
  enum {
  	NLBL_CALIPSO_A_UNSPEC,
  	NLBL_CALIPSO_A_DOI,
  	/* (NLA_U32)
  	 * the DOI value */
  	NLBL_CALIPSO_A_MTYPE,
  	/* (NLA_U32)
  	 * the mapping table type (defined in the calipso.h header as
  	 * CALIPSO_MAP_*) */
  	__NLBL_CALIPSO_A_MAX,
  };
  
  #define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1)
  
  /* NetLabel protocol functions */
  #if IS_ENABLED(CONFIG_IPV6)
  int netlbl_calipso_genl_init(void);
  #else
  static inline int netlbl_calipso_genl_init(void)
  {
  	return 0;
  }
  #endif
  
  int calipso_doi_add(struct calipso_doi *doi_def,
  		    struct netlbl_audit *audit_info);
  void calipso_doi_free(struct calipso_doi *doi_def);
d7cce0150   Huw Davies   netlabel: Add sup... 
125
 
  int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info);
a5e34490c   Huw Davies   netlabel: Add sup... 
126
127
 
  struct calipso_doi *calipso_doi_getdef(u32 doi);
  void calipso_doi_putdef(struct calipso_doi *doi_def);
e1ce69df7   Huw Davies   netlabel: Add sup... 
128
129
130
 
  int calipso_doi_walk(u32 *skip_cnt,
  		     int (*callback)(struct calipso_doi *doi_def, void *arg),
  		     void *cb_arg);
ceba1832b   Huw Davies   calipso: Set the ... 
131
132
133
134
135
 
  int calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
  int calipso_sock_setattr(struct sock *sk,
  			 const struct calipso_doi *doi_def,
  			 const struct netlbl_lsm_secattr *secattr);
  void calipso_sock_delattr(struct sock *sk);
e1adea927   Huw Davies   calipso: Allow re... 
136
137
138
139
 
  int calipso_req_setattr(struct request_sock *req,
  			const struct calipso_doi *doi_def,
  			const struct netlbl_lsm_secattr *secattr);
  void calipso_req_delattr(struct request_sock *req);
2917f57b6   Huw Davies   calipso: Allow th... 
140
141
142
143
144
145
146
 
  unsigned char *calipso_optptr(const struct sk_buff *skb);
  int calipso_getattr(const unsigned char *calipso,
  		    struct netlbl_lsm_secattr *secattr);
  int calipso_skbuff_setattr(struct sk_buff *skb,
  			   const struct calipso_doi *doi_def,
  			   const struct netlbl_lsm_secattr *secattr);
  int calipso_skbuff_delattr(struct sk_buff *skb);
4fee5242b   Huw Davies   calipso: Add a la... 
147
148
149
 
  void calipso_cache_invalidate(void);
  int calipso_cache_add(const unsigned char *calipso_ptr,
  		      const struct netlbl_lsm_secattr *secattr);
cb72d3821   Huw Davies   netlabel: Initial... 
150
151
 
  
  #endif