Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fd385855 authored by Paul Moore's avatar Paul Moore Committed by David S. Miller
Browse files

[NetLabel]: rework the Netlink attribute handling (part 2) 



At the suggestion of Thomas Graf, rewrite NetLabel's use of Netlink attributes
to better follow the common Netlink attribute usage.

Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent fcd48280

net/netlabel/netlabel_cipso_v4.c

+413 −215
Original line number Diff line number Diff line
@@ -41,15 +41,37 @@ 
#include "netlabel_user.h"

#include "netlabel_cipso_v4.h"



/* Argument struct for cipso_v4_doi_walk() */

struct netlbl_cipsov4_doiwalk_arg {

	struct netlink_callback *nl_cb;

	struct sk_buff *skb;

	u32 seq;

};



/* NetLabel Generic NETLINK CIPSOv4 family */

static struct genl_family netlbl_cipsov4_gnl_family = {

	.id = GENL_ID_GENERATE,

	.hdrsize = 0,

	.name = NETLBL_NLTYPE_CIPSOV4_NAME,

	.version = NETLBL_PROTO_VERSION,

	.maxattr = 0,

	.maxattr = NLBL_CIPSOV4_A_MAX,

};



/* NetLabel Netlink attribute policy */

static struct nla_policy netlbl_cipsov4_genl_policy[NLBL_CIPSOV4_A_MAX + 1] = {

	[NLBL_CIPSOV4_A_DOI] = { .type = NLA_U32 },

	[NLBL_CIPSOV4_A_MTYPE] = { .type = NLA_U32 },

	[NLBL_CIPSOV4_A_TAG] = { .type = NLA_U8 },

	[NLBL_CIPSOV4_A_TAGLST] = { .type = NLA_NESTED },

	[NLBL_CIPSOV4_A_MLSLVLLOC] = { .type = NLA_U32 },

	[NLBL_CIPSOV4_A_MLSLVLREM] = { .type = NLA_U32 },

	[NLBL_CIPSOV4_A_MLSLVL] = { .type = NLA_NESTED },

	[NLBL_CIPSOV4_A_MLSLVLLST] = { .type = NLA_NESTED },

	[NLBL_CIPSOV4_A_MLSCATLOC] = { .type = NLA_U32 },

	[NLBL_CIPSOV4_A_MLSCATREM] = { .type = NLA_U32 },

	[NLBL_CIPSOV4_A_MLSCAT] = { .type = NLA_NESTED },

	[NLBL_CIPSOV4_A_MLSCATLST] = { .type = NLA_NESTED },

};



/*

 * Helper Functions
@@ -81,6 +103,41 @@ static void netlbl_cipsov4_doi_free(struct rcu_head *entry) 
	kfree(ptr);

}



/**

 * netlbl_cipsov4_add_common - Parse the common sections of a ADD message

 * @info: the Generic NETLINK info block

 * @doi_def: the CIPSO V4 DOI definition

 *

 * Description:

 * Parse the common sections of a ADD message and fill in the related values

 * in @doi_def.  Returns zero on success, negative values on failure.

 *

 */

static int netlbl_cipsov4_add_common(struct genl_info *info,

				     struct cipso_v4_doi *doi_def)

{

	struct nlattr *nla;

	int nla_rem;

	u32 iter = 0;



	doi_def->doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);



	if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_TAGLST],

				NLBL_CIPSOV4_A_MAX,

				netlbl_cipsov4_genl_policy) != 0)

		return -EINVAL;



	nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem)

		if (nla->nla_type == NLBL_CIPSOV4_A_TAG) {

			if (iter > CIPSO_V4_TAG_MAXCNT)

				return -EINVAL;

			doi_def->tags[iter++] = nla_get_u8(nla);

		}

	if (iter < CIPSO_V4_TAG_MAXCNT)

		doi_def->tags[iter] = CIPSO_V4_TAG_INVALID;



	return 0;

}



/*

 * NetLabel Command Handlers
@@ -88,9 +145,7 @@ static void netlbl_cipsov4_doi_free(struct rcu_head *entry) 


/**

 * netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition

 * @doi: the DOI value

 * @msg: the ADD message data

 * @msg_size: the size of the ADD message buffer

 * @info: the Generic NETLINK info block

 *

 * Description:

 * Create a new CIPSO_V4_MAP_STD DOI definition based on the given ADD message
@@ -98,29 +153,28 @@ static void netlbl_cipsov4_doi_free(struct rcu_head *entry) 
 * error.

 *

 */

static int netlbl_cipsov4_add_std(u32 doi, struct nlattr *msg, size_t msg_size)

static int netlbl_cipsov4_add_std(struct genl_info *info)

{

	int ret_val = -EINVAL;

	int msg_len = msg_size;

	u32 num_tags;

	u32 num_lvls;

	u32 num_cats;

	struct cipso_v4_doi *doi_def = NULL;

	u32 iter;

	u32 tmp_val_a;

	u32 tmp_val_b;

	struct nlattr *nla_a;

	struct nlattr *nla_b;

	int nla_a_rem;

	int nla_b_rem;



	if (msg_len < NETLBL_LEN_U32)

		goto add_std_failure;

	num_tags = netlbl_getinc_u32(&msg, &msg_len);

	if (num_tags == 0 || num_tags > CIPSO_V4_TAG_MAXCNT)

		goto add_std_failure;

	if (!info->attrs[NLBL_CIPSOV4_A_DOI] ||

	    !info->attrs[NLBL_CIPSOV4_A_TAGLST] ||

	    !info->attrs[NLBL_CIPSOV4_A_MLSLVLLST])

		return -EINVAL;



	if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],

				NLBL_CIPSOV4_A_MAX,

				netlbl_cipsov4_genl_policy) != 0)

		return -EINVAL;



	doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);

	if (doi_def == NULL) {

		ret_val = -ENOMEM;

		goto add_std_failure;

	}

	if (doi_def == NULL)

		return -ENOMEM;

	doi_def->map.std = kzalloc(sizeof(*doi_def->map.std), GFP_KERNEL);

	if (doi_def->map.std == NULL) {

		ret_val = -ENOMEM;
@@ -128,28 +182,32 @@ static int netlbl_cipsov4_add_std(u32 doi, struct nlattr *msg, size_t msg_size) 
	}

	doi_def->type = CIPSO_V4_MAP_STD;



	for (iter = 0; iter < num_tags; iter++) {

		if (msg_len < NETLBL_LEN_U8)

	ret_val = netlbl_cipsov4_add_common(info, doi_def);

	if (ret_val != 0)

		goto add_std_failure;

		doi_def->tags[iter] = netlbl_getinc_u8(&msg, &msg_len);

		switch (doi_def->tags[iter]) {

		case CIPSO_V4_TAG_RBITMAP:



	nla_for_each_nested(nla_a,

			    info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],

			    nla_a_rem)

		if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSLVL) {

			nla_for_each_nested(nla_b, nla_a, nla_b_rem)

				switch (nla_b->nla_type) {

				case NLBL_CIPSOV4_A_MLSLVLLOC:

					if (nla_get_u32(nla_b) >=

					    doi_def->map.std->lvl.local_size)

					     doi_def->map.std->lvl.local_size =

						     nla_get_u32(nla_b) + 1;

					break;

				case NLBL_CIPSOV4_A_MLSLVLREM:

					if (nla_get_u32(nla_b) >=

					    doi_def->map.std->lvl.cipso_size)

					     doi_def->map.std->lvl.cipso_size =

						     nla_get_u32(nla_b) + 1;

					break;

		default:

			goto add_std_failure;

				}

		}

	if (iter < CIPSO_V4_TAG_MAXCNT)

		doi_def->tags[iter] = CIPSO_V4_TAG_INVALID;



	if (msg_len < 6 * NETLBL_LEN_U32)

		goto add_std_failure;



	num_lvls = netlbl_getinc_u32(&msg, &msg_len);

	if (num_lvls == 0)

		goto add_std_failure;

	doi_def->map.std->lvl.local_size = netlbl_getinc_u32(&msg, &msg_len);

	if (doi_def->map.std->lvl.local_size > CIPSO_V4_MAX_LOC_LVLS)

	if (doi_def->map.std->lvl.local_size > CIPSO_V4_MAX_LOC_LVLS ||

	    doi_def->map.std->lvl.cipso_size > CIPSO_V4_MAX_REM_LVLS)

		goto add_std_failure;

	doi_def->map.std->lvl.local = kcalloc(doi_def->map.std->lvl.local_size,

					      sizeof(u32),
@@ -158,9 +216,6 @@ static int netlbl_cipsov4_add_std(u32 doi, struct nlattr *msg, size_t msg_size) 
		ret_val = -ENOMEM;

		goto add_std_failure;

	}

	doi_def->map.std->lvl.cipso_size = netlbl_getinc_u8(&msg, &msg_len);

	if (doi_def->map.std->lvl.cipso_size > CIPSO_V4_MAX_REM_LVLS)

		goto add_std_failure;

	doi_def->map.std->lvl.cipso = kcalloc(doi_def->map.std->lvl.cipso_size,

					      sizeof(u32),

					      GFP_KERNEL);
@@ -168,68 +223,101 @@ static int netlbl_cipsov4_add_std(u32 doi, struct nlattr *msg, size_t msg_size) 
		ret_val = -ENOMEM;

		goto add_std_failure;

	}

	nla_for_each_nested(nla_a,

			    info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],

			    nla_a_rem)

		if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSLVL) {

			struct nlattr *lvl_loc;

			struct nlattr *lvl_rem;



			if (nla_validate_nested(nla_a,

					      NLBL_CIPSOV4_A_MAX,

					      netlbl_cipsov4_genl_policy) != 0)

				goto add_std_failure;



			lvl_loc = nla_find_nested(nla_a,

						  NLBL_CIPSOV4_A_MLSLVLLOC);

			lvl_rem = nla_find_nested(nla_a,

						  NLBL_CIPSOV4_A_MLSLVLREM);

			if (lvl_loc == NULL || lvl_rem == NULL)

				goto add_std_failure;

			doi_def->map.std->lvl.local[nla_get_u32(lvl_loc)] =

				nla_get_u32(lvl_rem);

			doi_def->map.std->lvl.cipso[nla_get_u32(lvl_rem)] =

				nla_get_u32(lvl_loc);

		}



	if (info->attrs[NLBL_CIPSOV4_A_MLSCATLST]) {

		if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_MLSCATLST],

					NLBL_CIPSOV4_A_MAX,

					netlbl_cipsov4_genl_policy) != 0)

			goto add_std_failure;



	num_cats = netlbl_getinc_u32(&msg, &msg_len);

	doi_def->map.std->cat.local_size = netlbl_getinc_u32(&msg, &msg_len);

	if (doi_def->map.std->cat.local_size > CIPSO_V4_MAX_LOC_CATS)

		nla_for_each_nested(nla_a,

				    info->attrs[NLBL_CIPSOV4_A_MLSCATLST],

				    nla_a_rem)

			if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSCAT) {

				if (nla_validate_nested(nla_a,

					      NLBL_CIPSOV4_A_MAX,

					      netlbl_cipsov4_genl_policy) != 0)

					goto add_std_failure;

	doi_def->map.std->cat.local = kcalloc(doi_def->map.std->cat.local_size,

				nla_for_each_nested(nla_b, nla_a, nla_b_rem)

					switch (nla_b->nla_type) {

					case NLBL_CIPSOV4_A_MLSCATLOC:

						if (nla_get_u32(nla_b) >=

					      doi_def->map.std->cat.local_size)

					     doi_def->map.std->cat.local_size =

						     nla_get_u32(nla_b) + 1;

						break;

					case NLBL_CIPSOV4_A_MLSCATREM:

						if (nla_get_u32(nla_b) >=

					      doi_def->map.std->cat.cipso_size)

					     doi_def->map.std->cat.cipso_size =

						     nla_get_u32(nla_b) + 1;

						break;

					}

			}

		if (doi_def->map.std->cat.local_size > CIPSO_V4_MAX_LOC_CATS ||

		    doi_def->map.std->cat.cipso_size > CIPSO_V4_MAX_REM_CATS)

			goto add_std_failure;

		doi_def->map.std->cat.local = kcalloc(

			                      doi_def->map.std->cat.local_size,

					      sizeof(u32),

					      GFP_KERNEL);

		if (doi_def->map.std->cat.local == NULL) {

			ret_val = -ENOMEM;

			goto add_std_failure;

		}

	doi_def->map.std->cat.cipso_size = netlbl_getinc_u16(&msg, &msg_len);

	if (doi_def->map.std->cat.cipso_size > CIPSO_V4_MAX_REM_CATS)

		goto add_std_failure;

	doi_def->map.std->cat.cipso = kcalloc(doi_def->map.std->cat.cipso_size,

		doi_def->map.std->cat.cipso = kcalloc(

			                      doi_def->map.std->cat.cipso_size,

					      sizeof(u32),

					      GFP_KERNEL);

		if (doi_def->map.std->cat.cipso == NULL) {

			ret_val = -ENOMEM;

			goto add_std_failure;

		}



	if (msg_len <

	    num_lvls * (NETLBL_LEN_U32 + NETLBL_LEN_U8) +

	    num_cats * (NETLBL_LEN_U32 + NETLBL_LEN_U16))

		goto add_std_failure;



	for (iter = 0; iter < doi_def->map.std->lvl.cipso_size; iter++)

		doi_def->map.std->lvl.cipso[iter] = CIPSO_V4_INV_LVL;

	for (iter = 0; iter < doi_def->map.std->lvl.local_size; iter++)

		doi_def->map.std->lvl.local[iter] = CIPSO_V4_INV_LVL;

	for (iter = 0; iter < doi_def->map.std->cat.cipso_size; iter++)

		doi_def->map.std->cat.cipso[iter] = CIPSO_V4_INV_CAT;

	for (iter = 0; iter < doi_def->map.std->cat.local_size; iter++)

		doi_def->map.std->cat.local[iter] = CIPSO_V4_INV_CAT;



	for (iter = 0; iter < num_lvls; iter++) {

		tmp_val_a = netlbl_getinc_u32(&msg, &msg_len);

		tmp_val_b = netlbl_getinc_u8(&msg, &msg_len);



		if (tmp_val_a >= doi_def->map.std->lvl.local_size ||

		    tmp_val_b >= doi_def->map.std->lvl.cipso_size)

		nla_for_each_nested(nla_a,

				    info->attrs[NLBL_CIPSOV4_A_MLSCATLST],

				    nla_a_rem)

			if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSCAT) {

				struct nlattr *cat_loc;

				struct nlattr *cat_rem;



				cat_loc = nla_find_nested(nla_a,

						     NLBL_CIPSOV4_A_MLSCATLOC);

				cat_rem = nla_find_nested(nla_a,

						     NLBL_CIPSOV4_A_MLSCATREM);

				if (cat_loc == NULL || cat_rem == NULL)

					goto add_std_failure;



		doi_def->map.std->lvl.cipso[tmp_val_b] = tmp_val_a;

		doi_def->map.std->lvl.local[tmp_val_a] = tmp_val_b;

				doi_def->map.std->cat.local[

				                        nla_get_u32(cat_loc)] =

					nla_get_u32(cat_rem);

				doi_def->map.std->cat.cipso[

					                nla_get_u32(cat_rem)] =

					nla_get_u32(cat_loc);

			}



	for (iter = 0; iter < num_cats; iter++) {

		tmp_val_a = netlbl_getinc_u32(&msg, &msg_len);

		tmp_val_b = netlbl_getinc_u16(&msg, &msg_len);



		if (tmp_val_a >= doi_def->map.std->cat.local_size ||

		    tmp_val_b >= doi_def->map.std->cat.cipso_size)

			goto add_std_failure;



		doi_def->map.std->cat.cipso[tmp_val_b] = tmp_val_a;

		doi_def->map.std->cat.local[tmp_val_a] = tmp_val_b;

	}



	doi_def->doi = doi;

	ret_val = cipso_v4_doi_add(doi_def);

	if (ret_val != 0)

		goto add_std_failure;
@@ -243,9 +331,7 @@ static int netlbl_cipsov4_add_std(u32 doi, struct nlattr *msg, size_t msg_size) 


/**

 * netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition

 * @doi: the DOI value

 * @msg: the ADD message data

 * @msg_size: the size of the ADD message buffer

 * @info: the Generic NETLINK info block

 *

 * Description:

 * Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message
@@ -253,51 +339,30 @@ static int netlbl_cipsov4_add_std(u32 doi, struct nlattr *msg, size_t msg_size) 
 * error.

 *

 */

static int netlbl_cipsov4_add_pass(u32 doi,

				   struct nlattr *msg,

				   size_t msg_size)

static int netlbl_cipsov4_add_pass(struct genl_info *info)

{

	int ret_val = -EINVAL;

	int msg_len = msg_size;

	u32 num_tags;

	int ret_val;

	struct cipso_v4_doi *doi_def = NULL;

	u32 iter;



	if (msg_len < NETLBL_LEN_U32)

		goto add_pass_failure;

	num_tags = netlbl_getinc_u32(&msg, &msg_len);

	if (num_tags == 0 || num_tags > CIPSO_V4_TAG_MAXCNT)

		goto add_pass_failure;

	if (!info->attrs[NLBL_CIPSOV4_A_DOI] ||

	    !info->attrs[NLBL_CIPSOV4_A_TAGLST])

		return -EINVAL;



	doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);

	if (doi_def == NULL) {

		ret_val = -ENOMEM;

		goto add_pass_failure;

	}

	if (doi_def == NULL)

		return -ENOMEM;

	doi_def->type = CIPSO_V4_MAP_PASS;



	for (iter = 0; iter < num_tags; iter++) {

		if (msg_len < NETLBL_LEN_U8)

			goto add_pass_failure;

		doi_def->tags[iter] = netlbl_getinc_u8(&msg, &msg_len);

		switch (doi_def->tags[iter]) {

		case CIPSO_V4_TAG_RBITMAP:

			break;

		default:

	ret_val = netlbl_cipsov4_add_common(info, doi_def);

	if (ret_val != 0)

		goto add_pass_failure;

		}

	}

	if (iter < CIPSO_V4_TAG_MAXCNT)

		doi_def->tags[iter] = CIPSO_V4_TAG_INVALID;



	doi_def->doi = doi;

	ret_val = cipso_v4_doi_add(doi_def);

	if (ret_val != 0)

		goto add_pass_failure;

	return 0;



add_pass_failure:

	if (doi_def)

	netlbl_cipsov4_doi_free(&doi_def->rcu);

	return ret_val;

}
@@ -316,34 +381,21 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) 


{

	int ret_val = -EINVAL;

	u32 doi;

	u32 map_type;

	int msg_len = netlbl_netlink_payload_len(skb);

	struct nlattr *msg = netlbl_netlink_payload_data(skb);



	ret_val = netlbl_netlink_cap_check(skb, CAP_NET_ADMIN);

	if (ret_val != 0)

		goto add_return;

	if (!info->attrs[NLBL_CIPSOV4_A_MTYPE])

		return -EINVAL;



	if (msg_len < 2 * NETLBL_LEN_U32)

		goto add_return;



	doi = netlbl_getinc_u32(&msg, &msg_len);

	map_type = netlbl_getinc_u32(&msg, &msg_len);

	map_type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);

	switch (map_type) {

	case CIPSO_V4_MAP_STD:

		ret_val = netlbl_cipsov4_add_std(doi, msg, msg_len);

		ret_val = netlbl_cipsov4_add_std(info);

		break;

	case CIPSO_V4_MAP_PASS:

		ret_val = netlbl_cipsov4_add_pass(doi, msg, msg_len);

		ret_val = netlbl_cipsov4_add_pass(info);

		break;

	}



add_return:

	netlbl_netlink_send_ack(info,

				netlbl_cipsov4_gnl_family.id,

				NLBL_CIPSOV4_C_ACK,

				-ret_val);

	return ret_val;

}
@@ -353,86 +405,241 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) 
 * @info: the Generic NETLINK info block

 *

 * Description:

 * Process a user generated LIST message and respond accordingly.  Returns

 * zero on success and negative values on error.

 * Process a user generated LIST message and respond accordingly.  While the

 * response message generated by the kernel is straightforward, determining

 * before hand the size of the buffer to allocate is not (we have to generate

 * the message to know the size).  In order to keep this function sane what we

 * do is allocate a buffer of NLMSG_GOODSIZE and try to fit the response in

 * that size, if we fail then we restart with a larger buffer and try again.

 * We continue in this manner until we hit a limit of failed attempts then we

 * give up and just send an error message.  Returns zero on success and

 * negative values on error.

 *

 */

static int netlbl_cipsov4_list(struct sk_buff *skb, struct genl_info *info)

{

	int ret_val = -EINVAL;

	int ret_val;

	struct sk_buff *ans_skb = NULL;

	u32 nlsze_mult = 1;

	void *data;

	u32 doi;

	struct nlattr *msg = netlbl_netlink_payload_data(skb);

	struct sk_buff *ans_skb;

	struct nlattr *nla_a;

	struct nlattr *nla_b;

	struct cipso_v4_doi *doi_def;

	u32 iter;



	if (netlbl_netlink_payload_len(skb) != NETLBL_LEN_U32)

	if (!info->attrs[NLBL_CIPSOV4_A_DOI]) {

		ret_val = -EINVAL;

		goto list_failure;

	}



	doi = nla_get_u32(msg);

	ans_skb = cipso_v4_doi_dump(doi, NLMSG_SPACE(GENL_HDRLEN));

list_start:

	ans_skb = nlmsg_new(NLMSG_GOODSIZE * nlsze_mult, GFP_KERNEL);

	if (ans_skb == NULL) {

		ret_val = -ENOMEM;

		goto list_failure;

	}

	netlbl_netlink_hdr_push(ans_skb,

	data = netlbl_netlink_hdr_put(ans_skb,

				      info->snd_pid,

				0,

				      info->snd_seq,

				      netlbl_cipsov4_gnl_family.id,

				      0,

				      NLBL_CIPSOV4_C_LIST);

	if (data == NULL) {

		ret_val = -ENOMEM;

		goto list_failure;

	}



	doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);



	rcu_read_lock();

	doi_def = cipso_v4_doi_getdef(doi);

	if (doi_def == NULL) {

		ret_val = -EINVAL;

		goto list_failure;

	}



	ret_val = nla_put_u32(ans_skb, NLBL_CIPSOV4_A_MTYPE, doi_def->type);

	if (ret_val != 0)

		goto list_failure_lock;



	nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_TAGLST);

	if (nla_a == NULL) {

		ret_val = -ENOMEM;

		goto list_failure_lock;

	}

	for (iter = 0;

	     iter < CIPSO_V4_TAG_MAXCNT &&

	       doi_def->tags[iter] != CIPSO_V4_TAG_INVALID;

	     iter++) {

		ret_val = nla_put_u8(ans_skb,

				     NLBL_CIPSOV4_A_TAG,

				     doi_def->tags[iter]);

		if (ret_val != 0)

			goto list_failure_lock;

	}

	nla_nest_end(ans_skb, nla_a);



	switch (doi_def->type) {

	case CIPSO_V4_MAP_STD:

		nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSLVLLST);

		if (nla_a == NULL) {

			ret_val = -ENOMEM;

			goto list_failure_lock;

		}

		for (iter = 0;

		     iter < doi_def->map.std->lvl.local_size;

		     iter++) {

			if (doi_def->map.std->lvl.local[iter] ==

			    CIPSO_V4_INV_LVL)

				continue;



			nla_b = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSLVL);

			if (nla_b == NULL) {

				ret_val = -ENOMEM;

				goto list_retry;

			}

			ret_val = nla_put_u32(ans_skb,

					      NLBL_CIPSOV4_A_MLSLVLLOC,

					      iter);

			if (ret_val != 0)

				goto list_retry;

			ret_val = nla_put_u32(ans_skb,

					    NLBL_CIPSOV4_A_MLSLVLREM,

					    doi_def->map.std->lvl.local[iter]);

			if (ret_val != 0)

				goto list_retry;

			nla_nest_end(ans_skb, nla_b);

		}

		nla_nest_end(ans_skb, nla_a);



	ret_val = netlbl_netlink_snd(ans_skb, info->snd_pid);

		nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSCATLST);

		if (nla_a == NULL) {

			ret_val = -ENOMEM;

			goto list_retry;

		}

		for (iter = 0;

		     iter < doi_def->map.std->cat.local_size;

		     iter++) {

			if (doi_def->map.std->cat.local[iter] ==

			    CIPSO_V4_INV_CAT)

				continue;



			nla_b = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSCAT);

			if (nla_b == NULL) {

				ret_val = -ENOMEM;

				goto list_retry;

			}

			ret_val = nla_put_u32(ans_skb,

					      NLBL_CIPSOV4_A_MLSCATLOC,

					      iter);

			if (ret_val != 0)

				goto list_retry;

			ret_val = nla_put_u32(ans_skb,

					    NLBL_CIPSOV4_A_MLSCATREM,

					    doi_def->map.std->cat.local[iter]);

			if (ret_val != 0)

				goto list_retry;

			nla_nest_end(ans_skb, nla_b);

		}

		nla_nest_end(ans_skb, nla_a);



		break;

	}

	rcu_read_unlock();



	genlmsg_end(ans_skb, data);



	ret_val = genlmsg_unicast(ans_skb, info->snd_pid);

	if (ret_val != 0)

		goto list_failure;



	return 0;



list_retry:

	/* XXX - this limit is a guesstimate */

	if (nlsze_mult < 4) {

		rcu_read_unlock();

		kfree_skb(ans_skb);

		nlsze_mult++;

		goto list_start;

	}

list_failure_lock:

	rcu_read_unlock();

list_failure:

	netlbl_netlink_send_ack(info,

				netlbl_cipsov4_gnl_family.id,

				NLBL_CIPSOV4_C_ACK,

				-ret_val);

	kfree_skb(ans_skb);

	return ret_val;

}



/**

 * netlbl_cipsov4_listall - Handle a LISTALL message

 * @skb: the NETLINK buffer

 * @info: the Generic NETLINK info block

 * netlbl_cipsov4_listall_cb - cipso_v4_doi_walk() callback for LISTALL

 * @doi_def: the CIPSOv4 DOI definition

 * @arg: the netlbl_cipsov4_doiwalk_arg structure

 *

 * Description:

 * Process a user generated LISTALL message and respond accordingly.  Returns

 * zero on success and negative values on error.

 * This function is designed to be used as a callback to the

 * cipso_v4_doi_walk() function for use in generating a response for a LISTALL

 * message.  Returns the size of the message on success, negative values on

 * failure.

 *

 */

static int netlbl_cipsov4_listall(struct sk_buff *skb, struct genl_info *info)

static int netlbl_cipsov4_listall_cb(struct cipso_v4_doi *doi_def, void *arg)

{

	int ret_val = -EINVAL;

	struct sk_buff *ans_skb;

	int ret_val = -ENOMEM;

	struct netlbl_cipsov4_doiwalk_arg *cb_arg = arg;

	void *data;



	ans_skb = cipso_v4_doi_dump_all(NLMSG_SPACE(GENL_HDRLEN));

	if (ans_skb == NULL) {

		ret_val = -ENOMEM;

		goto listall_failure;

	}

	netlbl_netlink_hdr_push(ans_skb,

				info->snd_pid,

				0,

	data = netlbl_netlink_hdr_put(cb_arg->skb,

				      NETLINK_CB(cb_arg->nl_cb->skb).pid,

				      cb_arg->seq,

				      netlbl_cipsov4_gnl_family.id,

				      NLM_F_MULTI,

				      NLBL_CIPSOV4_C_LISTALL);

	if (data == NULL)

		goto listall_cb_failure;



	ret_val = netlbl_netlink_snd(ans_skb, info->snd_pid);

	ret_val = nla_put_u32(cb_arg->skb, NLBL_CIPSOV4_A_DOI, doi_def->doi);

	if (ret_val != 0)

		goto listall_failure;

		goto listall_cb_failure;

	ret_val = nla_put_u32(cb_arg->skb,

			      NLBL_CIPSOV4_A_MTYPE,

			      doi_def->type);

	if (ret_val != 0)

		goto listall_cb_failure;



	return 0;

	return genlmsg_end(cb_arg->skb, data);



listall_failure:

	netlbl_netlink_send_ack(info,

				netlbl_cipsov4_gnl_family.id,

				NLBL_CIPSOV4_C_ACK,

				-ret_val);

listall_cb_failure:

	genlmsg_cancel(cb_arg->skb, data);

	return ret_val;

}



/**

 * netlbl_cipsov4_listall - Handle a LISTALL message

 * @skb: the NETLINK buffer

 * @cb: the NETLINK callback

 *

 * Description:

 * Process a user generated LISTALL message and respond accordingly.  Returns

 * zero on success and negative values on error.

 *

 */

static int netlbl_cipsov4_listall(struct sk_buff *skb,

				  struct netlink_callback *cb)

{

	struct netlbl_cipsov4_doiwalk_arg cb_arg;

	int doi_skip = cb->args[0];



	cb_arg.nl_cb = cb;

	cb_arg.skb = skb;

	cb_arg.seq = cb->nlh->nlmsg_seq;



	cipso_v4_doi_walk(&doi_skip, netlbl_cipsov4_listall_cb, &cb_arg);



	cb->args[0] = doi_skip;

	return skb->len;

}



/**

 * netlbl_cipsov4_remove - Handle a REMOVE message

 * @skb: the NETLINK buffer
@@ -445,27 +652,14 @@ static int netlbl_cipsov4_listall(struct sk_buff *skb, struct genl_info *info) 
 */

static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)

{

	int ret_val;

	int ret_val = -EINVAL;

	u32 doi;

	struct nlattr *msg = netlbl_netlink_payload_data(skb);



	ret_val = netlbl_netlink_cap_check(skb, CAP_NET_ADMIN);

	if (ret_val != 0)

		goto remove_return;



	if (netlbl_netlink_payload_len(skb) != NETLBL_LEN_U32) {

		ret_val = -EINVAL;

		goto remove_return;

	}



	doi = nla_get_u32(msg);

	if (info->attrs[NLBL_CIPSOV4_A_DOI]) {

		doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);

		ret_val = cipso_v4_doi_remove(doi, netlbl_cipsov4_doi_free);

	}



remove_return:

	netlbl_netlink_send_ack(info,

				netlbl_cipsov4_gnl_family.id,

				NLBL_CIPSOV4_C_ACK,

				-ret_val);

	return ret_val;

}
@@ -475,14 +669,16 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) 


static struct genl_ops netlbl_cipsov4_genl_c_add = {

	.cmd = NLBL_CIPSOV4_C_ADD,

	.flags = 0,

	.flags = GENL_ADMIN_PERM,

	.policy = netlbl_cipsov4_genl_policy,

	.doit = netlbl_cipsov4_add,

	.dumpit = NULL,

};



static struct genl_ops netlbl_cipsov4_genl_c_remove = {

	.cmd = NLBL_CIPSOV4_C_REMOVE,

	.flags = 0,

	.flags = GENL_ADMIN_PERM,

	.policy = netlbl_cipsov4_genl_policy,

	.doit = netlbl_cipsov4_remove,

	.dumpit = NULL,

};
@@ -490,6 +686,7 @@ static struct genl_ops netlbl_cipsov4_genl_c_remove = { 
static struct genl_ops netlbl_cipsov4_genl_c_list = {

	.cmd = NLBL_CIPSOV4_C_LIST,

	.flags = 0,

	.policy = netlbl_cipsov4_genl_policy,

	.doit = netlbl_cipsov4_list,

	.dumpit = NULL,

};
@@ -497,8 +694,9 @@ static struct genl_ops netlbl_cipsov4_genl_c_list = { 
static struct genl_ops netlbl_cipsov4_genl_c_listall = {

	.cmd = NLBL_CIPSOV4_C_LISTALL,

	.flags = 0,

	.doit = netlbl_cipsov4_listall,

	.dumpit = NULL,

	.policy = netlbl_cipsov4_genl_policy,

	.doit = NULL,

	.dumpit = netlbl_cipsov4_listall,

};



/*

net/netlabel/netlabel_cipso_v4.h

+87 −138

File changed.

Preview size limit exceeded, changes collapsed.

net/netlabel/netlabel_mgmt.c

+276 −265

File changed.

Preview size limit exceeded, changes collapsed.

net/netlabel/netlabel_mgmt.h

+68 −143

File changed.

Preview size limit exceeded, changes collapsed.

net/netlabel/netlabel_unlabeled.c

+35 −44
Original line number Diff line number Diff line
@@ -55,9 +55,13 @@ static struct genl_family netlbl_unlabel_gnl_family = { 
	.hdrsize = 0,

	.name = NETLBL_NLTYPE_UNLABELED_NAME,

	.version = NETLBL_PROTO_VERSION,

	.maxattr = 0,

	.maxattr = NLBL_UNLABEL_A_MAX,

};



/* NetLabel Netlink attribute policy */

static struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1] = {

	[NLBL_UNLABEL_A_ACPTFLG] = { .type = NLA_U8 },

};



/*

 * NetLabel Command Handlers
@@ -75,31 +79,18 @@ static struct genl_family netlbl_unlabel_gnl_family = { 
 */

static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info)

{

	int ret_val;

	struct nlattr *data = netlbl_netlink_payload_data(skb);

	u32 value;



	ret_val = netlbl_netlink_cap_check(skb, CAP_NET_ADMIN);

	if (ret_val != 0)

		return ret_val;

	int ret_val = -EINVAL;

	u8 value;



	if (netlbl_netlink_payload_len(skb) == NETLBL_LEN_U32) {

		value = nla_get_u32(data);

	if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) {

		value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]);

		if (value == 1 || value == 0) {

			atomic_set(&netlabel_unlabel_accept_flg, value);

			netlbl_netlink_send_ack(info,

						netlbl_unlabel_gnl_family.id,

						NLBL_UNLABEL_C_ACK,

						NETLBL_E_OK);

			return 0;

			ret_val = 0;

		}

	}



	netlbl_netlink_send_ack(info,

				netlbl_unlabel_gnl_family.id,

				NLBL_UNLABEL_C_ACK,

				EINVAL);

	return -EINVAL;

	return ret_val;

}



/**
@@ -114,39 +105,39 @@ static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info) 
 */

static int netlbl_unlabel_list(struct sk_buff *skb, struct genl_info *info)

{

	int ret_val = -ENOMEM;

	int ret_val = -EINVAL;

	struct sk_buff *ans_skb;

	void *data;



	ans_skb = netlbl_netlink_alloc_skb(0,

					   GENL_HDRLEN + NETLBL_LEN_U32,

					   GFP_KERNEL);

	ans_skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);

	if (ans_skb == NULL)

		goto list_failure;



	if (netlbl_netlink_hdr_put(ans_skb,

	data = netlbl_netlink_hdr_put(ans_skb,

				      info->snd_pid,

				   0,

				      info->snd_seq,

				      netlbl_unlabel_gnl_family.id,

				   NLBL_UNLABEL_C_LIST) == NULL)

				      0,

				      NLBL_UNLABEL_C_LIST);

	if (data == NULL) {

		ret_val = -ENOMEM;

		goto list_failure;

	}



	ret_val = nla_put_u32(ans_skb,

			      NLA_U32,

	ret_val = nla_put_u8(ans_skb,

			     NLBL_UNLABEL_A_ACPTFLG,

			     atomic_read(&netlabel_unlabel_accept_flg));

	if (ret_val != 0)

		goto list_failure;



	ret_val = netlbl_netlink_snd(ans_skb, info->snd_pid);

	genlmsg_end(ans_skb, data);



	ret_val = genlmsg_unicast(ans_skb, info->snd_pid);

	if (ret_val != 0)

		goto list_failure;



	return 0;



list_failure:

	netlbl_netlink_send_ack(info,

				netlbl_unlabel_gnl_family.id,

				NLBL_UNLABEL_C_ACK,

				-ret_val);

	kfree(ans_skb);

	return ret_val;

}
@@ -157,7 +148,8 @@ static int netlbl_unlabel_list(struct sk_buff *skb, struct genl_info *info) 


static struct genl_ops netlbl_unlabel_genl_c_accept = {

	.cmd = NLBL_UNLABEL_C_ACCEPT,

	.flags = 0,

	.flags = GENL_ADMIN_PERM,

	.policy = netlbl_unlabel_genl_policy,

	.doit = netlbl_unlabel_accept,

	.dumpit = NULL,

};
@@ -165,6 +157,7 @@ static struct genl_ops netlbl_unlabel_genl_c_accept = { 
static struct genl_ops netlbl_unlabel_genl_c_list = {

	.cmd = NLBL_UNLABEL_C_LIST,

	.flags = 0,

	.policy = netlbl_unlabel_genl_policy,

	.doit = netlbl_unlabel_list,

	.dumpit = NULL,

};
@@ -218,10 +211,8 @@ int netlbl_unlabel_genl_init(void) 
 */

int netlbl_unlabel_getattr(struct netlbl_lsm_secattr *secattr)

{

	if (atomic_read(&netlabel_unlabel_accept_flg) == 1) {

		memset(secattr, 0, sizeof(*secattr));

		return 0;

	}

	if (atomic_read(&netlabel_unlabel_accept_flg) == 1)

		return netlbl_secattr_init(secattr);



	return -ENOMSG;

}