Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

};

/*

 * LSM security attribute operations

 * LSM security attribute operations (inline)

 */

/**

 * netlbl_secattr_cache_alloc - Allocate and initialize a secattr cache

 * @flags: the memory allocation flags

}

#ifdef CONFIG_NETLABEL

/*

 * LSM security attribute operations

 */

int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,

			       u32 offset);

int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,

				 u32 start,

				 u32 end,

				 gfp_t flags);

/*

 * LSM protocol operations

 */

int netlbl_enabled(void);

int netlbl_sock_setattr(struct sock *sk,

			const struct netlbl_lsm_secattr *secattr);

int netlbl_sock_getattr(struct sock *sk,

			struct netlbl_lsm_secattr *secattr);

int netlbl_skbuff_getattr(const struct sk_buff *skb,

			  struct netlbl_lsm_secattr *secattr);

void netlbl_skbuff_err(struct sk_buff *skb, int error);

/*

 * LSM label mapping cache operations

 */

void netlbl_cache_invalidate(void);

int netlbl_cache_add(const struct sk_buff *skb,

		     const struct netlbl_lsm_secattr *secattr);

#else

static inline int netlbl_secattr_catmap_walk(

	                              struct netlbl_lsm_secattr_catmap *catmap,

{

	return -ENOENT;

}

static inline int netlbl_secattr_catmap_walk_rng(

				      struct netlbl_lsm_secattr_catmap *catmap,

				      u32 offset)

{

	return -ENOENT;

}

static inline int netlbl_secattr_catmap_setbit(

	                              struct netlbl_lsm_secattr_catmap *catmap,

				      u32 bit,

{

	return 0;

}

static inline int netlbl_secattr_catmap_setrng(

	                              struct netlbl_lsm_secattr_catmap *catmap,

				      u32 start,

{

	return 0;

}

#endif

/*

 * LSM protocol operations

 */

#ifdef CONFIG_NETLABEL

int netlbl_sock_setattr(struct sock *sk,

			const struct netlbl_lsm_secattr *secattr);

int netlbl_sock_getattr(struct sock *sk,

			struct netlbl_lsm_secattr *secattr);

int netlbl_skbuff_getattr(const struct sk_buff *skb,

			  struct netlbl_lsm_secattr *secattr);

void netlbl_skbuff_err(struct sk_buff *skb, int error);

#else

static inline int netlbl_enabled(void)

{

	return 0;

}

static inline int netlbl_sock_setattr(struct sock *sk,

				     const struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int netlbl_sock_getattr(struct sock *sk,

				      struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,

					struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline void netlbl_skbuff_err(struct sk_buff *skb, int error)

{

	return;

}

#endif /* CONFIG_NETLABEL */

/*

 * LSM label mapping cache operations

 */

#ifdef CONFIG_NETLABEL

void netlbl_cache_invalidate(void);

int netlbl_cache_add(const struct sk_buff *skb,

		     const struct netlbl_lsm_secattr *secattr);

#else

static inline void netlbl_cache_invalidate(void)

{

	return;

}

static inline int netlbl_cache_add(const struct sk_buff *skb,

				   const struct netlbl_lsm_secattr *secattr)

{

#include "netlabel_user.h"

#include "netlabel_cipso_v4.h"

#include "netlabel_mgmt.h"

/* Argument struct for cipso_v4_doi_walk() */

struct netlbl_cipsov4_doiwalk_arg {

		ret_val = netlbl_cipsov4_add_pass(info);

		break;

	}

	if (ret_val == 0)

		netlbl_mgmt_protocount_inc();

	audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,

					      &audit_info);

	ret_val = cipso_v4_doi_remove(doi,

				      &audit_info,

				      netlbl_cipsov4_doi_free);

	if (ret_val == 0)

		netlbl_mgmt_protocount_dec();

	audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,

					      &audit_info);

#include "netlabel_domainhash.h"

#include "netlabel_unlabeled.h"

#include "netlabel_user.h"

#include "netlabel_mgmt.h"

/*

 * Security Attribute Functions

 * LSM Functions

 */

/**

 * netlbl_enabled - Determine if the NetLabel subsystem is enabled

 *

 * Description:

 * The LSM can use this function to determine if it should use NetLabel

 * security attributes in it's enforcement mechanism.  Currently, NetLabel is

 * considered to be enabled when it's configuration contains a valid setup for

 * at least one labeled protocol (i.e. NetLabel can understand incoming

 * labeled packets of at least one type); otherwise NetLabel is considered to

 * be disabled.

 *

 */

int netlbl_enabled(void)

{

	/* At some point we probably want to expose this mechanism to the user

	 * as well so that admins can toggle NetLabel regardless of the

	 * configuration */

	return (netlbl_mgmt_protocount_value() > 0 ? 1 : 0);

}

/**

 * netlbl_socket_setattr - Label a socket using the correct protocol

 * @sk: the socket to label

#include "netlabel_user.h"

#include "netlabel_mgmt.h"

/* NetLabel configured protocol count */

static DEFINE_SPINLOCK(netlabel_mgmt_protocount_lock);

static u32 netlabel_mgmt_protocount = 0;

/* Argument struct for netlbl_domhsh_walk() */

struct netlbl_domhsh_walk_arg {

	struct netlink_callback *nl_cb;

	[NLBL_MGMT_A_CV4DOI] = { .type = NLA_U32 },

};

/*

 * NetLabel Misc Managment Functions

 */

/**

 * netlbl_mgmt_protocount_inc - Increment the configured labeled protocol count

 *

 * Description:

 * Increment the number of labeled protocol configurations in the current

 * NetLabel configuration.  Keep track of this for use in determining if

 * NetLabel label enforcement should be active/enabled or not in the LSM.

 *

 */

void netlbl_mgmt_protocount_inc(void)

{

	rcu_read_lock();

	spin_lock(&netlabel_mgmt_protocount_lock);

	netlabel_mgmt_protocount++;

	spin_unlock(&netlabel_mgmt_protocount_lock);

	rcu_read_unlock();

}

/**

 * netlbl_mgmt_protocount_dec - Decrement the configured labeled protocol count

 *

 * Description:

 * Decrement the number of labeled protocol configurations in the current

 * NetLabel configuration.  Keep track of this for use in determining if

 * NetLabel label enforcement should be active/enabled or not in the LSM.

 *

 */

void netlbl_mgmt_protocount_dec(void)

{

	rcu_read_lock();

	spin_lock(&netlabel_mgmt_protocount_lock);

	if (netlabel_mgmt_protocount > 0)

		netlabel_mgmt_protocount--;

	spin_unlock(&netlabel_mgmt_protocount_lock);

	rcu_read_unlock();

}

/**

 * netlbl_mgmt_protocount_value - Return the number of configured protocols

 *

 * Description:

 * Return the number of labeled protocols in the current NetLabel

 * configuration.  This value is useful in  determining if NetLabel label

 * enforcement should be active/enabled or not in the LSM.

 *

 */

u32 netlbl_mgmt_protocount_value(void)

{

	u32 val;

	rcu_read_lock();

	val = netlabel_mgmt_protocount;

	rcu_read_unlock();

	return val;

}

/*

 * NetLabel Command Handlers

 */

/* NetLabel protocol functions */

int netlbl_mgmt_genl_init(void);

/* NetLabel misc management functions */

void netlbl_mgmt_protocount_inc(void);

void netlbl_mgmt_protocount_dec(void);

u32 netlbl_mgmt_protocount_value(void);

#endif