Loading include/net/calipso.h 0 → 100644 +91 −0 Original line number Original line Diff line number Diff line /* * CALIPSO - Common Architecture Label IPv6 Security Option * * This is an implementation of the CALIPSO protocol as specified in * RFC 5570. * * Authors: Paul Moore <paul@paul-moore.com> * Huw Davies <huw@codeweavers.com> * */ /* * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See * the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. * */ #ifndef _CALIPSO_H #define _CALIPSO_H #include <linux/types.h> #include <linux/rcupdate.h> #include <linux/list.h> #include <linux/net.h> #include <linux/skbuff.h> #include <net/netlabel.h> #include <net/request_sock.h> #include <linux/atomic.h> #include <asm/unaligned.h> /* known doi values */ #define CALIPSO_DOI_UNKNOWN 0x00000000 /* doi mapping types */ #define CALIPSO_MAP_UNKNOWN 0 #define CALIPSO_MAP_PASS 2 /* * CALIPSO DOI definitions */ /* DOI definition struct */ struct calipso_doi { u32 doi; u32 type; atomic_t refcount; struct list_head list; struct rcu_head rcu; }; /* * Sysctl Variables */ extern int calipso_cache_enabled; extern int calipso_cache_bucketsize; #ifdef CONFIG_NETLABEL int __init calipso_init(void); void calipso_exit(void); bool calipso_validate(const struct sk_buff *skb, const unsigned char *option); #else static inline int __init calipso_init(void) { return 0; } static inline void calipso_exit(void) { } static inline bool calipso_validate(const struct sk_buff *skb, const unsigned char *option) { return true; } #endif /* CONFIG_NETLABEL */ #endif /* _CALIPSO_H */ include/net/inet_sock.h +6 −1 Original line number Original line Diff line number Diff line Loading @@ -97,8 +97,13 @@ struct inet_request_sock { u32 ir_mark; u32 ir_mark; union { union { struct ip_options_rcu *opt; struct ip_options_rcu *opt; #if IS_ENABLED(CONFIG_IPV6) struct { struct ipv6_txoptions *ipv6_opt; struct sk_buff *pktopts; struct sk_buff *pktopts; }; }; #endif }; }; }; static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) Loading include/net/ipv6.h +9 −1 Original line number Original line Diff line number Diff line Loading @@ -313,11 +313,19 @@ struct ipv6_txoptions *ipv6_renew_options(struct sock *sk, int newtype, int newtype, struct ipv6_opt_hdr __user *newopt, struct ipv6_opt_hdr __user *newopt, int newoptlen); int newoptlen); struct ipv6_txoptions * ipv6_renew_options_kern(struct sock *sk, struct ipv6_txoptions *opt, int newtype, struct ipv6_opt_hdr *newopt, int newoptlen); struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, struct ipv6_txoptions *opt); struct ipv6_txoptions *opt); bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, const struct inet6_skb_parm *opt); const struct inet6_skb_parm *opt); struct ipv6_txoptions *ipv6_update_options(struct sock *sk, struct ipv6_txoptions *opt); static inline bool ipv6_accept_ra(struct inet6_dev *idev) static inline bool ipv6_accept_ra(struct inet6_dev *idev) { { Loading Loading @@ -943,7 +951,7 @@ enum { int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, int target, int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, int target, unsigned short *fragoff, int *fragflg); unsigned short *fragoff, int *fragflg); int ipv6_find_tlv(struct sk_buff *skb, int offset, int type); int ipv6_find_tlv(const struct sk_buff *skb, int offset, int type); struct in6_addr *fl6_update_dst(struct flowi6 *fl6, struct in6_addr *fl6_update_dst(struct flowi6 *fl6, const struct ipv6_txoptions *opt, const struct ipv6_txoptions *opt, Loading include/net/netlabel.h +98 −3 Original line number Original line Diff line number Diff line Loading @@ -40,6 +40,7 @@ #include <linux/atomic.h> #include <linux/atomic.h> struct cipso_v4_doi; struct cipso_v4_doi; struct calipso_doi; /* /* * NetLabel - A management interface for maintaining network packet label * NetLabel - A management interface for maintaining network packet label Loading Loading @@ -94,6 +95,8 @@ struct cipso_v4_doi; #define NETLBL_NLTYPE_UNLABELED_NAME "NLBL_UNLBL" #define NETLBL_NLTYPE_UNLABELED_NAME "NLBL_UNLBL" #define NETLBL_NLTYPE_ADDRSELECT 6 #define NETLBL_NLTYPE_ADDRSELECT 6 #define NETLBL_NLTYPE_ADDRSELECT_NAME "NLBL_ADRSEL" #define NETLBL_NLTYPE_ADDRSELECT_NAME "NLBL_ADRSEL" #define NETLBL_NLTYPE_CALIPSO 7 #define NETLBL_NLTYPE_CALIPSO_NAME "NLBL_CALIPSO" /* /* * NetLabel - Kernel API for accessing the network packet label mappings. * NetLabel - Kernel API for accessing the network packet label mappings. Loading Loading @@ -216,6 +219,63 @@ struct netlbl_lsm_secattr { } attr; } attr; }; }; /** * struct netlbl_calipso_ops - NetLabel CALIPSO operations * @doi_add: add a CALIPSO DOI * @doi_free: free a CALIPSO DOI * @doi_getdef: returns a reference to a DOI * @doi_putdef: releases a reference of a DOI * @doi_walk: enumerate the DOI list * @sock_getattr: retrieve the socket's attr * @sock_setattr: set the socket's attr * @sock_delattr: remove the socket's attr * @req_setattr: set the req socket's attr * @req_delattr: remove the req socket's attr * @opt_getattr: retrieve attr from memory block * @skbuff_optptr: find option in packet * @skbuff_setattr: set the skbuff's attr * @skbuff_delattr: remove the skbuff's attr * @cache_invalidate: invalidate cache * @cache_add: add cache entry * * Description: * This structure is filled out by the CALIPSO engine and passed * to the NetLabel core via a call to netlbl_calipso_ops_register(). * It enables the CALIPSO engine (and hence IPv6) to be compiled * as a module. */ struct netlbl_calipso_ops { int (*doi_add)(struct calipso_doi *doi_def, struct netlbl_audit *audit_info); void (*doi_free)(struct calipso_doi *doi_def); int (*doi_remove)(u32 doi, struct netlbl_audit *audit_info); struct calipso_doi *(*doi_getdef)(u32 doi); void (*doi_putdef)(struct calipso_doi *doi_def); int (*doi_walk)(u32 *skip_cnt, int (*callback)(struct calipso_doi *doi_def, void *arg), void *cb_arg); int (*sock_getattr)(struct sock *sk, struct netlbl_lsm_secattr *secattr); int (*sock_setattr)(struct sock *sk, const struct calipso_doi *doi_def, const struct netlbl_lsm_secattr *secattr); void (*sock_delattr)(struct sock *sk); int (*req_setattr)(struct request_sock *req, const struct calipso_doi *doi_def, const struct netlbl_lsm_secattr *secattr); void (*req_delattr)(struct request_sock *req); int (*opt_getattr)(const unsigned char *calipso, struct netlbl_lsm_secattr *secattr); unsigned char *(*skbuff_optptr)(const struct sk_buff *skb); int (*skbuff_setattr)(struct sk_buff *skb, const struct calipso_doi *doi_def, const struct netlbl_lsm_secattr *secattr); int (*skbuff_delattr)(struct sk_buff *skb); void (*cache_invalidate)(void); int (*cache_add)(const unsigned char *calipso_ptr, const struct netlbl_lsm_secattr *secattr); }; /* /* * LSM security attribute operations (inline) * LSM security attribute operations (inline) */ */ Loading Loading @@ -385,6 +445,14 @@ int netlbl_cfg_cipsov4_map_add(u32 doi, const struct in_addr *addr, const struct in_addr *addr, const struct in_addr *mask, const struct in_addr *mask, struct netlbl_audit *audit_info); struct netlbl_audit *audit_info); int netlbl_cfg_calipso_add(struct calipso_doi *doi_def, struct netlbl_audit *audit_info); void netlbl_cfg_calipso_del(u32 doi, struct netlbl_audit *audit_info); int netlbl_cfg_calipso_map_add(u32 doi, const char *domain, const struct in6_addr *addr, const struct in6_addr *mask, struct netlbl_audit *audit_info); /* /* * LSM security attribute operations * LSM security attribute operations */ */ Loading @@ -405,6 +473,12 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap, unsigned long bitmap, unsigned long bitmap, gfp_t flags); gfp_t flags); /* Bitmap functions */ int netlbl_bitmap_walk(const unsigned char *bitmap, u32 bitmap_len, u32 offset, u8 state); void netlbl_bitmap_setbit(unsigned char *bitmap, u32 bit, u8 state); /* /* * LSM protocol operations (NetLabel LSM/kernel API) * LSM protocol operations (NetLabel LSM/kernel API) */ */ Loading @@ -427,13 +501,13 @@ int netlbl_skbuff_setattr(struct sk_buff *skb, int netlbl_skbuff_getattr(const struct sk_buff *skb, int netlbl_skbuff_getattr(const struct sk_buff *skb, u16 family, u16 family, struct netlbl_lsm_secattr *secattr); struct netlbl_lsm_secattr *secattr); void netlbl_skbuff_err(struct sk_buff *skb, int error, int gateway); void netlbl_skbuff_err(struct sk_buff *skb, u16 family, int error, int gateway); /* /* * LSM label mapping cache operations * LSM label mapping cache operations */ */ void netlbl_cache_invalidate(void); void netlbl_cache_invalidate(void); int netlbl_cache_add(const struct sk_buff *skb, int netlbl_cache_add(const struct sk_buff *skb, u16 family, const struct netlbl_lsm_secattr *secattr); const struct netlbl_lsm_secattr *secattr); /* /* Loading Loading @@ -495,6 +569,24 @@ static inline int netlbl_cfg_cipsov4_map_add(u32 doi, { { return -ENOSYS; return -ENOSYS; } } static inline int netlbl_cfg_calipso_add(struct calipso_doi *doi_def, struct netlbl_audit *audit_info) { return -ENOSYS; } static inline void netlbl_cfg_calipso_del(u32 doi, struct netlbl_audit *audit_info) { return; } static inline int netlbl_cfg_calipso_map_add(u32 doi, const char *domain, const struct in6_addr *addr, const struct in6_addr *mask, struct netlbl_audit *audit_info) { return -ENOSYS; } static inline int netlbl_catmap_walk(struct netlbl_lsm_catmap *catmap, static inline int netlbl_catmap_walk(struct netlbl_lsm_catmap *catmap, u32 offset) u32 offset) { { Loading Loading @@ -586,7 +678,7 @@ static inline void netlbl_cache_invalidate(void) { { return; return; } } static inline int netlbl_cache_add(const struct sk_buff *skb, static inline int netlbl_cache_add(const struct sk_buff *skb, u16 family, const struct netlbl_lsm_secattr *secattr) const struct netlbl_lsm_secattr *secattr) { { return 0; return 0; Loading @@ -598,4 +690,7 @@ static inline struct audit_buffer *netlbl_audit_start(int type, } } #endif /* CONFIG_NETLABEL */ #endif /* CONFIG_NETLABEL */ const struct netlbl_calipso_ops * netlbl_calipso_ops_register(const struct netlbl_calipso_ops *ops); #endif /* _NETLABEL_H */ #endif /* _NETLABEL_H */ include/uapi/linux/audit.h +2 −0 Original line number Original line Diff line number Diff line Loading @@ -130,6 +130,8 @@ #define AUDIT_MAC_IPSEC_EVENT 1415 /* Audit an IPSec event */ #define AUDIT_MAC_IPSEC_EVENT 1415 /* Audit an IPSec event */ #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 #define AUDIT_LAST_KERN_ANOM_MSG 1799 Loading Loading
include/net/calipso.h 0 → 100644 +91 −0 Original line number Original line Diff line number Diff line /* * CALIPSO - Common Architecture Label IPv6 Security Option * * This is an implementation of the CALIPSO protocol as specified in * RFC 5570. * * Authors: Paul Moore <paul@paul-moore.com> * Huw Davies <huw@codeweavers.com> * */ /* * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See * the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. * */ #ifndef _CALIPSO_H #define _CALIPSO_H #include <linux/types.h> #include <linux/rcupdate.h> #include <linux/list.h> #include <linux/net.h> #include <linux/skbuff.h> #include <net/netlabel.h> #include <net/request_sock.h> #include <linux/atomic.h> #include <asm/unaligned.h> /* known doi values */ #define CALIPSO_DOI_UNKNOWN 0x00000000 /* doi mapping types */ #define CALIPSO_MAP_UNKNOWN 0 #define CALIPSO_MAP_PASS 2 /* * CALIPSO DOI definitions */ /* DOI definition struct */ struct calipso_doi { u32 doi; u32 type; atomic_t refcount; struct list_head list; struct rcu_head rcu; }; /* * Sysctl Variables */ extern int calipso_cache_enabled; extern int calipso_cache_bucketsize; #ifdef CONFIG_NETLABEL int __init calipso_init(void); void calipso_exit(void); bool calipso_validate(const struct sk_buff *skb, const unsigned char *option); #else static inline int __init calipso_init(void) { return 0; } static inline void calipso_exit(void) { } static inline bool calipso_validate(const struct sk_buff *skb, const unsigned char *option) { return true; } #endif /* CONFIG_NETLABEL */ #endif /* _CALIPSO_H */
include/net/inet_sock.h +6 −1 Original line number Original line Diff line number Diff line Loading @@ -97,8 +97,13 @@ struct inet_request_sock { u32 ir_mark; u32 ir_mark; union { union { struct ip_options_rcu *opt; struct ip_options_rcu *opt; #if IS_ENABLED(CONFIG_IPV6) struct { struct ipv6_txoptions *ipv6_opt; struct sk_buff *pktopts; struct sk_buff *pktopts; }; }; #endif }; }; }; static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) Loading
include/net/ipv6.h +9 −1 Original line number Original line Diff line number Diff line Loading @@ -313,11 +313,19 @@ struct ipv6_txoptions *ipv6_renew_options(struct sock *sk, int newtype, int newtype, struct ipv6_opt_hdr __user *newopt, struct ipv6_opt_hdr __user *newopt, int newoptlen); int newoptlen); struct ipv6_txoptions * ipv6_renew_options_kern(struct sock *sk, struct ipv6_txoptions *opt, int newtype, struct ipv6_opt_hdr *newopt, int newoptlen); struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, struct ipv6_txoptions *opt); struct ipv6_txoptions *opt); bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, const struct inet6_skb_parm *opt); const struct inet6_skb_parm *opt); struct ipv6_txoptions *ipv6_update_options(struct sock *sk, struct ipv6_txoptions *opt); static inline bool ipv6_accept_ra(struct inet6_dev *idev) static inline bool ipv6_accept_ra(struct inet6_dev *idev) { { Loading Loading @@ -943,7 +951,7 @@ enum { int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, int target, int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, int target, unsigned short *fragoff, int *fragflg); unsigned short *fragoff, int *fragflg); int ipv6_find_tlv(struct sk_buff *skb, int offset, int type); int ipv6_find_tlv(const struct sk_buff *skb, int offset, int type); struct in6_addr *fl6_update_dst(struct flowi6 *fl6, struct in6_addr *fl6_update_dst(struct flowi6 *fl6, const struct ipv6_txoptions *opt, const struct ipv6_txoptions *opt, Loading
include/net/netlabel.h +98 −3 Original line number Original line Diff line number Diff line Loading @@ -40,6 +40,7 @@ #include <linux/atomic.h> #include <linux/atomic.h> struct cipso_v4_doi; struct cipso_v4_doi; struct calipso_doi; /* /* * NetLabel - A management interface for maintaining network packet label * NetLabel - A management interface for maintaining network packet label Loading Loading @@ -94,6 +95,8 @@ struct cipso_v4_doi; #define NETLBL_NLTYPE_UNLABELED_NAME "NLBL_UNLBL" #define NETLBL_NLTYPE_UNLABELED_NAME "NLBL_UNLBL" #define NETLBL_NLTYPE_ADDRSELECT 6 #define NETLBL_NLTYPE_ADDRSELECT 6 #define NETLBL_NLTYPE_ADDRSELECT_NAME "NLBL_ADRSEL" #define NETLBL_NLTYPE_ADDRSELECT_NAME "NLBL_ADRSEL" #define NETLBL_NLTYPE_CALIPSO 7 #define NETLBL_NLTYPE_CALIPSO_NAME "NLBL_CALIPSO" /* /* * NetLabel - Kernel API for accessing the network packet label mappings. * NetLabel - Kernel API for accessing the network packet label mappings. Loading Loading @@ -216,6 +219,63 @@ struct netlbl_lsm_secattr { } attr; } attr; }; }; /** * struct netlbl_calipso_ops - NetLabel CALIPSO operations * @doi_add: add a CALIPSO DOI * @doi_free: free a CALIPSO DOI * @doi_getdef: returns a reference to a DOI * @doi_putdef: releases a reference of a DOI * @doi_walk: enumerate the DOI list * @sock_getattr: retrieve the socket's attr * @sock_setattr: set the socket's attr * @sock_delattr: remove the socket's attr * @req_setattr: set the req socket's attr * @req_delattr: remove the req socket's attr * @opt_getattr: retrieve attr from memory block * @skbuff_optptr: find option in packet * @skbuff_setattr: set the skbuff's attr * @skbuff_delattr: remove the skbuff's attr * @cache_invalidate: invalidate cache * @cache_add: add cache entry * * Description: * This structure is filled out by the CALIPSO engine and passed * to the NetLabel core via a call to netlbl_calipso_ops_register(). * It enables the CALIPSO engine (and hence IPv6) to be compiled * as a module. */ struct netlbl_calipso_ops { int (*doi_add)(struct calipso_doi *doi_def, struct netlbl_audit *audit_info); void (*doi_free)(struct calipso_doi *doi_def); int (*doi_remove)(u32 doi, struct netlbl_audit *audit_info); struct calipso_doi *(*doi_getdef)(u32 doi); void (*doi_putdef)(struct calipso_doi *doi_def); int (*doi_walk)(u32 *skip_cnt, int (*callback)(struct calipso_doi *doi_def, void *arg), void *cb_arg); int (*sock_getattr)(struct sock *sk, struct netlbl_lsm_secattr *secattr); int (*sock_setattr)(struct sock *sk, const struct calipso_doi *doi_def, const struct netlbl_lsm_secattr *secattr); void (*sock_delattr)(struct sock *sk); int (*req_setattr)(struct request_sock *req, const struct calipso_doi *doi_def, const struct netlbl_lsm_secattr *secattr); void (*req_delattr)(struct request_sock *req); int (*opt_getattr)(const unsigned char *calipso, struct netlbl_lsm_secattr *secattr); unsigned char *(*skbuff_optptr)(const struct sk_buff *skb); int (*skbuff_setattr)(struct sk_buff *skb, const struct calipso_doi *doi_def, const struct netlbl_lsm_secattr *secattr); int (*skbuff_delattr)(struct sk_buff *skb); void (*cache_invalidate)(void); int (*cache_add)(const unsigned char *calipso_ptr, const struct netlbl_lsm_secattr *secattr); }; /* /* * LSM security attribute operations (inline) * LSM security attribute operations (inline) */ */ Loading Loading @@ -385,6 +445,14 @@ int netlbl_cfg_cipsov4_map_add(u32 doi, const struct in_addr *addr, const struct in_addr *addr, const struct in_addr *mask, const struct in_addr *mask, struct netlbl_audit *audit_info); struct netlbl_audit *audit_info); int netlbl_cfg_calipso_add(struct calipso_doi *doi_def, struct netlbl_audit *audit_info); void netlbl_cfg_calipso_del(u32 doi, struct netlbl_audit *audit_info); int netlbl_cfg_calipso_map_add(u32 doi, const char *domain, const struct in6_addr *addr, const struct in6_addr *mask, struct netlbl_audit *audit_info); /* /* * LSM security attribute operations * LSM security attribute operations */ */ Loading @@ -405,6 +473,12 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap, unsigned long bitmap, unsigned long bitmap, gfp_t flags); gfp_t flags); /* Bitmap functions */ int netlbl_bitmap_walk(const unsigned char *bitmap, u32 bitmap_len, u32 offset, u8 state); void netlbl_bitmap_setbit(unsigned char *bitmap, u32 bit, u8 state); /* /* * LSM protocol operations (NetLabel LSM/kernel API) * LSM protocol operations (NetLabel LSM/kernel API) */ */ Loading @@ -427,13 +501,13 @@ int netlbl_skbuff_setattr(struct sk_buff *skb, int netlbl_skbuff_getattr(const struct sk_buff *skb, int netlbl_skbuff_getattr(const struct sk_buff *skb, u16 family, u16 family, struct netlbl_lsm_secattr *secattr); struct netlbl_lsm_secattr *secattr); void netlbl_skbuff_err(struct sk_buff *skb, int error, int gateway); void netlbl_skbuff_err(struct sk_buff *skb, u16 family, int error, int gateway); /* /* * LSM label mapping cache operations * LSM label mapping cache operations */ */ void netlbl_cache_invalidate(void); void netlbl_cache_invalidate(void); int netlbl_cache_add(const struct sk_buff *skb, int netlbl_cache_add(const struct sk_buff *skb, u16 family, const struct netlbl_lsm_secattr *secattr); const struct netlbl_lsm_secattr *secattr); /* /* Loading Loading @@ -495,6 +569,24 @@ static inline int netlbl_cfg_cipsov4_map_add(u32 doi, { { return -ENOSYS; return -ENOSYS; } } static inline int netlbl_cfg_calipso_add(struct calipso_doi *doi_def, struct netlbl_audit *audit_info) { return -ENOSYS; } static inline void netlbl_cfg_calipso_del(u32 doi, struct netlbl_audit *audit_info) { return; } static inline int netlbl_cfg_calipso_map_add(u32 doi, const char *domain, const struct in6_addr *addr, const struct in6_addr *mask, struct netlbl_audit *audit_info) { return -ENOSYS; } static inline int netlbl_catmap_walk(struct netlbl_lsm_catmap *catmap, static inline int netlbl_catmap_walk(struct netlbl_lsm_catmap *catmap, u32 offset) u32 offset) { { Loading Loading @@ -586,7 +678,7 @@ static inline void netlbl_cache_invalidate(void) { { return; return; } } static inline int netlbl_cache_add(const struct sk_buff *skb, static inline int netlbl_cache_add(const struct sk_buff *skb, u16 family, const struct netlbl_lsm_secattr *secattr) const struct netlbl_lsm_secattr *secattr) { { return 0; return 0; Loading @@ -598,4 +690,7 @@ static inline struct audit_buffer *netlbl_audit_start(int type, } } #endif /* CONFIG_NETLABEL */ #endif /* CONFIG_NETLABEL */ const struct netlbl_calipso_ops * netlbl_calipso_ops_register(const struct netlbl_calipso_ops *ops); #endif /* _NETLABEL_H */ #endif /* _NETLABEL_H */
include/uapi/linux/audit.h +2 −0 Original line number Original line Diff line number Diff line Loading @@ -130,6 +130,8 @@ #define AUDIT_MAC_IPSEC_EVENT 1415 /* Audit an IPSec event */ #define AUDIT_MAC_IPSEC_EVENT 1415 /* Audit an IPSec event */ #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 #define AUDIT_LAST_KERN_ANOM_MSG 1799 Loading
