NetLabel: Add IP address family information to the netlbl_skbuff_getattr() function

int netlbl_sock_getattr(struct sock *sk,

			struct netlbl_lsm_secattr *secattr);

int netlbl_skbuff_getattr(const struct sk_buff *skb,

			  u16 family,

			  struct netlbl_lsm_secattr *secattr);

void netlbl_skbuff_err(struct sk_buff *skb, int error);

	return -ENOSYS;

}

static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,

					u16 family,

					struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

/**

 * netlbl_skbuff_getattr - Determine the security attributes of a packet

 * @skb: the packet

 * @family: protocol family

 * @secattr: the security attributes

 *

 * Description:

 *

 */

int netlbl_skbuff_getattr(const struct sk_buff *skb,

			  u16 family,

			  struct netlbl_lsm_secattr *secattr)

{

	if (CIPSO_V4_OPTEXIST(skb) &&

/**

 * selinux_skb_extlbl_sid - Determine the external label of a packet

 * @skb: the packet

 * @family: protocol family

 * @sid: the packet's SID

 *

 * Description:

 * selinux_netlbl_skbuff_getsid().

 *

 */

static void selinux_skb_extlbl_sid(struct sk_buff *skb, u32 *sid)

static void selinux_skb_extlbl_sid(struct sk_buff *skb,

				   u16 family,

				   u32 *sid)

{

	u32 xfrm_sid;

	u32 nlbl_sid;

	selinux_skb_xfrm_sid(skb, &xfrm_sid);

	if (selinux_netlbl_skbuff_getsid(skb,

					 family,

					 (xfrm_sid == SECSID_NULL ?

					  SECINITSID_NETMSG : xfrm_sid),

					 &nlbl_sid) != 0)

	if (err)

		goto out;

	err = selinux_netlbl_sock_rcv_skb(sksec, skb, &ad);

	err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);

	if (err)

		goto out;

static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)

{

	u32 peer_secid = SECSID_NULL;

	int err = 0;

	u16 family;

	if (sock)

		family = sock->sk->sk_family;

	else if (skb && skb->sk)

		family = skb->sk->sk_family;

	else

		goto out;

	if (sock && sock->sk->sk_family == PF_UNIX)

	if (sock && family == PF_UNIX)

		selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);

	else if (skb)

		selinux_skb_extlbl_sid(skb, &peer_secid);

		selinux_skb_extlbl_sid(skb, family, &peer_secid);

	if (peer_secid == SECSID_NULL)

		err = -EINVAL;

out:

	*secid = peer_secid;

	return err;

	if (peer_secid == SECSID_NULL)

		return -EINVAL;

	return 0;

}

static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)

	u32 newsid;

	u32 peersid;

	selinux_skb_extlbl_sid(skb, &peersid);

	selinux_skb_extlbl_sid(skb, sk->sk_family, &peersid);

	if (peersid == SECSID_NULL) {

		req->secid = sksec->sid;

		req->peer_secid = SECSID_NULL;

{

	struct sk_security_struct *sksec = sk->sk_security;

	selinux_skb_extlbl_sid(skb, &sksec->peer_sid);

	selinux_skb_extlbl_sid(skb, sk->sk_family, &sksec->peer_sid);

}

static void selinux_req_classify_flow(const struct request_sock *req,

void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec,

				      struct sk_security_struct *newssec);

int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid);

int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,

				 u16 family,

				 u32 base_sid,

				 u32 *sid);

void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock);

int selinux_netlbl_socket_post_create(struct socket *sock);

int selinux_netlbl_inode_permission(struct inode *inode, int mask);

int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,

				struct sk_buff *skb,

				u16 family,

				struct avc_audit_data *ad);

int selinux_netlbl_socket_setsockopt(struct socket *sock,

				     int level,

}

static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,

					       u16 family,

					       u32 base_sid,

					       u32 *sid)

{

}

static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,

					      struct sk_buff *skb,

					      u16 family,

					      struct avc_audit_data *ad)

{

	return 0;

/**

 * selinux_netlbl_skbuff_getsid - Get the sid of a packet using NetLabel

 * @skb: the packet

 * @family: protocol family

 * @base_sid: the SELinux SID to use as a context for MLS only attributes

 * @sid: the SID

 *

 * assign to the packet.  Returns zero on success, negative values on failure.

 *

 */

int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid)

int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,

				 u16 family,

				 u32 base_sid,

				 u32 *sid)

{

	int rc;

	struct netlbl_lsm_secattr secattr;

	}

	netlbl_secattr_init(&secattr);

	rc = netlbl_skbuff_getattr(skb, &secattr);

	rc = netlbl_skbuff_getattr(skb, family, &secattr);

	if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {

		rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid);

		if (rc == 0 &&

 * selinux_netlbl_sock_rcv_skb - Do an inbound access check using NetLabel

 * @sksec: the sock's sk_security_struct

 * @skb: the packet

 * @family: protocol family

 * @ad: the audit data

 *

 * Description:

 */

int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,

				struct sk_buff *skb,

				u16 family,

				struct avc_audit_data *ad)

{

	int rc;

		return 0;

	netlbl_secattr_init(&secattr);

	rc = netlbl_skbuff_getattr(skb, &secattr);

	rc = netlbl_skbuff_getattr(skb, family, &secattr);

	if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {

		rc = security_netlbl_secattr_to_sid(&secattr,

						    SECINITSID_NETMSG,