18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-or-later */ 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * NetLabel System 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * The NetLabel system manages static and dynamic label mappings for network 68c2ecf20Sopenharmony_ci * protocols such as CIPSO and RIPSO. 78c2ecf20Sopenharmony_ci * 88c2ecf20Sopenharmony_ci * Author: Paul Moore <paul@paul-moore.com> 98c2ecf20Sopenharmony_ci */ 108c2ecf20Sopenharmony_ci 118c2ecf20Sopenharmony_ci/* 128c2ecf20Sopenharmony_ci * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008 138c2ecf20Sopenharmony_ci */ 148c2ecf20Sopenharmony_ci 158c2ecf20Sopenharmony_ci#ifndef _NETLABEL_H 168c2ecf20Sopenharmony_ci#define _NETLABEL_H 178c2ecf20Sopenharmony_ci 188c2ecf20Sopenharmony_ci#include <linux/types.h> 198c2ecf20Sopenharmony_ci#include <linux/slab.h> 208c2ecf20Sopenharmony_ci#include <linux/net.h> 218c2ecf20Sopenharmony_ci#include <linux/skbuff.h> 228c2ecf20Sopenharmony_ci#include <linux/in.h> 238c2ecf20Sopenharmony_ci#include <linux/in6.h> 248c2ecf20Sopenharmony_ci#include <net/netlink.h> 258c2ecf20Sopenharmony_ci#include <net/request_sock.h> 268c2ecf20Sopenharmony_ci#include <linux/refcount.h> 278c2ecf20Sopenharmony_ci 288c2ecf20Sopenharmony_cistruct cipso_v4_doi; 298c2ecf20Sopenharmony_cistruct calipso_doi; 308c2ecf20Sopenharmony_ci 318c2ecf20Sopenharmony_ci/* 328c2ecf20Sopenharmony_ci * NetLabel - A management interface for maintaining network packet label 338c2ecf20Sopenharmony_ci * mapping tables for explicit packet labling protocols. 348c2ecf20Sopenharmony_ci * 358c2ecf20Sopenharmony_ci * Network protocols such as CIPSO and RIPSO require a label translation layer 368c2ecf20Sopenharmony_ci * to convert the label on the packet into something meaningful on the host 378c2ecf20Sopenharmony_ci * machine. In the current Linux implementation these mapping tables live 388c2ecf20Sopenharmony_ci * inside the kernel; NetLabel provides a mechanism for user space applications 398c2ecf20Sopenharmony_ci * to manage these mapping tables. 408c2ecf20Sopenharmony_ci * 418c2ecf20Sopenharmony_ci * NetLabel makes use of the Generic NETLINK mechanism as a transport layer to 428c2ecf20Sopenharmony_ci * send messages between kernel and user space. The general format of a 438c2ecf20Sopenharmony_ci * NetLabel message is shown below: 448c2ecf20Sopenharmony_ci * 458c2ecf20Sopenharmony_ci * +-----------------+-------------------+--------- --- -- - 468c2ecf20Sopenharmony_ci * | struct nlmsghdr | struct genlmsghdr | payload 478c2ecf20Sopenharmony_ci * +-----------------+-------------------+--------- --- -- - 488c2ecf20Sopenharmony_ci * 498c2ecf20Sopenharmony_ci * The 'nlmsghdr' and 'genlmsghdr' structs should be dealt with like normal. 508c2ecf20Sopenharmony_ci * The payload is dependent on the subsystem specified in the 518c2ecf20Sopenharmony_ci * 'nlmsghdr->nlmsg_type' and should be defined below, supporting functions 528c2ecf20Sopenharmony_ci * should be defined in the corresponding net/netlabel/netlabel_<subsys>.h|c 538c2ecf20Sopenharmony_ci * file. All of the fields in the NetLabel payload are NETLINK attributes, see 548c2ecf20Sopenharmony_ci * the include/net/netlink.h file for more information on NETLINK attributes. 558c2ecf20Sopenharmony_ci * 568c2ecf20Sopenharmony_ci */ 578c2ecf20Sopenharmony_ci 588c2ecf20Sopenharmony_ci/* 598c2ecf20Sopenharmony_ci * NetLabel NETLINK protocol 608c2ecf20Sopenharmony_ci */ 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_ci/* NetLabel NETLINK protocol version 638c2ecf20Sopenharmony_ci * 1: initial version 648c2ecf20Sopenharmony_ci * 2: added static labels for unlabeled connections 658c2ecf20Sopenharmony_ci * 3: network selectors added to the NetLabel/LSM domain mapping and the 668c2ecf20Sopenharmony_ci * CIPSO_V4_MAP_LOCAL CIPSO mapping was added 678c2ecf20Sopenharmony_ci */ 688c2ecf20Sopenharmony_ci#define NETLBL_PROTO_VERSION 3 698c2ecf20Sopenharmony_ci 708c2ecf20Sopenharmony_ci/* NetLabel NETLINK types/families */ 718c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_NONE 0 728c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_MGMT 1 738c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_MGMT_NAME "NLBL_MGMT" 748c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_RIPSO 2 758c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_RIPSO_NAME "NLBL_RIPSO" 768c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_CIPSOV4 3 778c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_CIPSOV4_NAME "NLBL_CIPSOv4" 788c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_CIPSOV6 4 798c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_CIPSOV6_NAME "NLBL_CIPSOv6" 808c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_UNLABELED 5 818c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_UNLABELED_NAME "NLBL_UNLBL" 828c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_ADDRSELECT 6 838c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_ADDRSELECT_NAME "NLBL_ADRSEL" 848c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_CALIPSO 7 858c2ecf20Sopenharmony_ci#define NETLBL_NLTYPE_CALIPSO_NAME "NLBL_CALIPSO" 868c2ecf20Sopenharmony_ci 878c2ecf20Sopenharmony_ci/* 888c2ecf20Sopenharmony_ci * NetLabel - Kernel API for accessing the network packet label mappings. 898c2ecf20Sopenharmony_ci * 908c2ecf20Sopenharmony_ci * The following functions are provided for use by other kernel modules, 918c2ecf20Sopenharmony_ci * specifically kernel LSM modules, to provide a consistent, transparent API 928c2ecf20Sopenharmony_ci * for dealing with explicit packet labeling protocols such as CIPSO and 938c2ecf20Sopenharmony_ci * RIPSO. The functions defined here are implemented in the 948c2ecf20Sopenharmony_ci * net/netlabel/netlabel_kapi.c file. 958c2ecf20Sopenharmony_ci * 968c2ecf20Sopenharmony_ci */ 978c2ecf20Sopenharmony_ci 988c2ecf20Sopenharmony_ci/* NetLabel audit information */ 998c2ecf20Sopenharmony_cistruct netlbl_audit { 1008c2ecf20Sopenharmony_ci u32 secid; 1018c2ecf20Sopenharmony_ci kuid_t loginuid; 1028c2ecf20Sopenharmony_ci unsigned int sessionid; 1038c2ecf20Sopenharmony_ci}; 1048c2ecf20Sopenharmony_ci 1058c2ecf20Sopenharmony_ci/* 1068c2ecf20Sopenharmony_ci * LSM security attributes 1078c2ecf20Sopenharmony_ci */ 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ci/** 1108c2ecf20Sopenharmony_ci * struct netlbl_lsm_cache - NetLabel LSM security attribute cache 1118c2ecf20Sopenharmony_ci * @refcount: atomic reference counter 1128c2ecf20Sopenharmony_ci * @free: LSM supplied function to free the cache data 1138c2ecf20Sopenharmony_ci * @data: LSM supplied cache data 1148c2ecf20Sopenharmony_ci * 1158c2ecf20Sopenharmony_ci * Description: 1168c2ecf20Sopenharmony_ci * This structure is provided for LSMs which wish to make use of the NetLabel 1178c2ecf20Sopenharmony_ci * caching mechanism to store LSM specific data/attributes in the NetLabel 1188c2ecf20Sopenharmony_ci * cache. If the LSM has to perform a lot of translation from the NetLabel 1198c2ecf20Sopenharmony_ci * security attributes into it's own internal representation then the cache 1208c2ecf20Sopenharmony_ci * mechanism can provide a way to eliminate some or all of that translation 1218c2ecf20Sopenharmony_ci * overhead on a cache hit. 1228c2ecf20Sopenharmony_ci * 1238c2ecf20Sopenharmony_ci */ 1248c2ecf20Sopenharmony_cistruct netlbl_lsm_cache { 1258c2ecf20Sopenharmony_ci refcount_t refcount; 1268c2ecf20Sopenharmony_ci void (*free) (const void *data); 1278c2ecf20Sopenharmony_ci void *data; 1288c2ecf20Sopenharmony_ci}; 1298c2ecf20Sopenharmony_ci 1308c2ecf20Sopenharmony_ci/** 1318c2ecf20Sopenharmony_ci * struct netlbl_lsm_catmap - NetLabel LSM secattr category bitmap 1328c2ecf20Sopenharmony_ci * @startbit: the value of the lowest order bit in the bitmap 1338c2ecf20Sopenharmony_ci * @bitmap: the category bitmap 1348c2ecf20Sopenharmony_ci * @next: pointer to the next bitmap "node" or NULL 1358c2ecf20Sopenharmony_ci * 1368c2ecf20Sopenharmony_ci * Description: 1378c2ecf20Sopenharmony_ci * This structure is used to represent category bitmaps. Due to the large 1388c2ecf20Sopenharmony_ci * number of categories supported by most labeling protocols it is not 1398c2ecf20Sopenharmony_ci * practical to transfer a full bitmap internally so NetLabel adopts a sparse 1408c2ecf20Sopenharmony_ci * bitmap structure modeled after SELinux's ebitmap structure. 1418c2ecf20Sopenharmony_ci * The catmap bitmap field MUST be a power of two in length and large 1428c2ecf20Sopenharmony_ci * enough to hold at least 240 bits. Special care (i.e. check the code!) 1438c2ecf20Sopenharmony_ci * should be used when changing these values as the LSM implementation 1448c2ecf20Sopenharmony_ci * probably has functions which rely on the sizes of these types to speed 1458c2ecf20Sopenharmony_ci * processing. 1468c2ecf20Sopenharmony_ci * 1478c2ecf20Sopenharmony_ci */ 1488c2ecf20Sopenharmony_ci#define NETLBL_CATMAP_MAPTYPE u64 1498c2ecf20Sopenharmony_ci#define NETLBL_CATMAP_MAPCNT 4 1508c2ecf20Sopenharmony_ci#define NETLBL_CATMAP_MAPSIZE (sizeof(NETLBL_CATMAP_MAPTYPE) * 8) 1518c2ecf20Sopenharmony_ci#define NETLBL_CATMAP_SIZE (NETLBL_CATMAP_MAPSIZE * \ 1528c2ecf20Sopenharmony_ci NETLBL_CATMAP_MAPCNT) 1538c2ecf20Sopenharmony_ci#define NETLBL_CATMAP_BIT (NETLBL_CATMAP_MAPTYPE)0x01 1548c2ecf20Sopenharmony_cistruct netlbl_lsm_catmap { 1558c2ecf20Sopenharmony_ci u32 startbit; 1568c2ecf20Sopenharmony_ci NETLBL_CATMAP_MAPTYPE bitmap[NETLBL_CATMAP_MAPCNT]; 1578c2ecf20Sopenharmony_ci struct netlbl_lsm_catmap *next; 1588c2ecf20Sopenharmony_ci}; 1598c2ecf20Sopenharmony_ci 1608c2ecf20Sopenharmony_ci/** 1618c2ecf20Sopenharmony_ci * struct netlbl_lsm_secattr - NetLabel LSM security attributes 1628c2ecf20Sopenharmony_ci * @flags: indicate structure attributes, see NETLBL_SECATTR_* 1638c2ecf20Sopenharmony_ci * @type: indicate the NLTYPE of the attributes 1648c2ecf20Sopenharmony_ci * @domain: the NetLabel LSM domain 1658c2ecf20Sopenharmony_ci * @cache: NetLabel LSM specific cache 1668c2ecf20Sopenharmony_ci * @attr.mls: MLS sensitivity label 1678c2ecf20Sopenharmony_ci * @attr.mls.cat: MLS category bitmap 1688c2ecf20Sopenharmony_ci * @attr.mls.lvl: MLS sensitivity level 1698c2ecf20Sopenharmony_ci * @attr.secid: LSM specific secid token 1708c2ecf20Sopenharmony_ci * 1718c2ecf20Sopenharmony_ci * Description: 1728c2ecf20Sopenharmony_ci * This structure is used to pass security attributes between NetLabel and the 1738c2ecf20Sopenharmony_ci * LSM modules. The flags field is used to specify which fields within the 1748c2ecf20Sopenharmony_ci * struct are valid and valid values can be created by bitwise OR'ing the 1758c2ecf20Sopenharmony_ci * NETLBL_SECATTR_* defines. The domain field is typically set by the LSM to 1768c2ecf20Sopenharmony_ci * specify domain specific configuration settings and is not usually used by 1778c2ecf20Sopenharmony_ci * NetLabel itself when returning security attributes to the LSM. 1788c2ecf20Sopenharmony_ci * 1798c2ecf20Sopenharmony_ci */ 1808c2ecf20Sopenharmony_cistruct netlbl_lsm_secattr { 1818c2ecf20Sopenharmony_ci u32 flags; 1828c2ecf20Sopenharmony_ci /* bitmap values for 'flags' */ 1838c2ecf20Sopenharmony_ci#define NETLBL_SECATTR_NONE 0x00000000 1848c2ecf20Sopenharmony_ci#define NETLBL_SECATTR_DOMAIN 0x00000001 1858c2ecf20Sopenharmony_ci#define NETLBL_SECATTR_DOMAIN_CPY (NETLBL_SECATTR_DOMAIN | \ 1868c2ecf20Sopenharmony_ci NETLBL_SECATTR_FREE_DOMAIN) 1878c2ecf20Sopenharmony_ci#define NETLBL_SECATTR_CACHE 0x00000002 1888c2ecf20Sopenharmony_ci#define NETLBL_SECATTR_MLS_LVL 0x00000004 1898c2ecf20Sopenharmony_ci#define NETLBL_SECATTR_MLS_CAT 0x00000008 1908c2ecf20Sopenharmony_ci#define NETLBL_SECATTR_SECID 0x00000010 1918c2ecf20Sopenharmony_ci /* bitmap meta-values for 'flags' */ 1928c2ecf20Sopenharmony_ci#define NETLBL_SECATTR_FREE_DOMAIN 0x01000000 1938c2ecf20Sopenharmony_ci#define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \ 1948c2ecf20Sopenharmony_ci NETLBL_SECATTR_MLS_CAT | \ 1958c2ecf20Sopenharmony_ci NETLBL_SECATTR_SECID) 1968c2ecf20Sopenharmony_ci u32 type; 1978c2ecf20Sopenharmony_ci char *domain; 1988c2ecf20Sopenharmony_ci struct netlbl_lsm_cache *cache; 1998c2ecf20Sopenharmony_ci struct { 2008c2ecf20Sopenharmony_ci struct { 2018c2ecf20Sopenharmony_ci struct netlbl_lsm_catmap *cat; 2028c2ecf20Sopenharmony_ci u32 lvl; 2038c2ecf20Sopenharmony_ci } mls; 2048c2ecf20Sopenharmony_ci u32 secid; 2058c2ecf20Sopenharmony_ci } attr; 2068c2ecf20Sopenharmony_ci}; 2078c2ecf20Sopenharmony_ci 2088c2ecf20Sopenharmony_ci/** 2098c2ecf20Sopenharmony_ci * struct netlbl_calipso_ops - NetLabel CALIPSO operations 2108c2ecf20Sopenharmony_ci * @doi_add: add a CALIPSO DOI 2118c2ecf20Sopenharmony_ci * @doi_free: free a CALIPSO DOI 2128c2ecf20Sopenharmony_ci * @doi_getdef: returns a reference to a DOI 2138c2ecf20Sopenharmony_ci * @doi_putdef: releases a reference of a DOI 2148c2ecf20Sopenharmony_ci * @doi_walk: enumerate the DOI list 2158c2ecf20Sopenharmony_ci * @sock_getattr: retrieve the socket's attr 2168c2ecf20Sopenharmony_ci * @sock_setattr: set the socket's attr 2178c2ecf20Sopenharmony_ci * @sock_delattr: remove the socket's attr 2188c2ecf20Sopenharmony_ci * @req_setattr: set the req socket's attr 2198c2ecf20Sopenharmony_ci * @req_delattr: remove the req socket's attr 2208c2ecf20Sopenharmony_ci * @opt_getattr: retrieve attr from memory block 2218c2ecf20Sopenharmony_ci * @skbuff_optptr: find option in packet 2228c2ecf20Sopenharmony_ci * @skbuff_setattr: set the skbuff's attr 2238c2ecf20Sopenharmony_ci * @skbuff_delattr: remove the skbuff's attr 2248c2ecf20Sopenharmony_ci * @cache_invalidate: invalidate cache 2258c2ecf20Sopenharmony_ci * @cache_add: add cache entry 2268c2ecf20Sopenharmony_ci * 2278c2ecf20Sopenharmony_ci * Description: 2288c2ecf20Sopenharmony_ci * This structure is filled out by the CALIPSO engine and passed 2298c2ecf20Sopenharmony_ci * to the NetLabel core via a call to netlbl_calipso_ops_register(). 2308c2ecf20Sopenharmony_ci * It enables the CALIPSO engine (and hence IPv6) to be compiled 2318c2ecf20Sopenharmony_ci * as a module. 2328c2ecf20Sopenharmony_ci */ 2338c2ecf20Sopenharmony_cistruct netlbl_calipso_ops { 2348c2ecf20Sopenharmony_ci int (*doi_add)(struct calipso_doi *doi_def, 2358c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 2368c2ecf20Sopenharmony_ci void (*doi_free)(struct calipso_doi *doi_def); 2378c2ecf20Sopenharmony_ci int (*doi_remove)(u32 doi, struct netlbl_audit *audit_info); 2388c2ecf20Sopenharmony_ci struct calipso_doi *(*doi_getdef)(u32 doi); 2398c2ecf20Sopenharmony_ci void (*doi_putdef)(struct calipso_doi *doi_def); 2408c2ecf20Sopenharmony_ci int (*doi_walk)(u32 *skip_cnt, 2418c2ecf20Sopenharmony_ci int (*callback)(struct calipso_doi *doi_def, void *arg), 2428c2ecf20Sopenharmony_ci void *cb_arg); 2438c2ecf20Sopenharmony_ci int (*sock_getattr)(struct sock *sk, 2448c2ecf20Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 2458c2ecf20Sopenharmony_ci int (*sock_setattr)(struct sock *sk, 2468c2ecf20Sopenharmony_ci const struct calipso_doi *doi_def, 2478c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 2488c2ecf20Sopenharmony_ci void (*sock_delattr)(struct sock *sk); 2498c2ecf20Sopenharmony_ci int (*req_setattr)(struct request_sock *req, 2508c2ecf20Sopenharmony_ci const struct calipso_doi *doi_def, 2518c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 2528c2ecf20Sopenharmony_ci void (*req_delattr)(struct request_sock *req); 2538c2ecf20Sopenharmony_ci int (*opt_getattr)(const unsigned char *calipso, 2548c2ecf20Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 2558c2ecf20Sopenharmony_ci unsigned char *(*skbuff_optptr)(const struct sk_buff *skb); 2568c2ecf20Sopenharmony_ci int (*skbuff_setattr)(struct sk_buff *skb, 2578c2ecf20Sopenharmony_ci const struct calipso_doi *doi_def, 2588c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 2598c2ecf20Sopenharmony_ci int (*skbuff_delattr)(struct sk_buff *skb); 2608c2ecf20Sopenharmony_ci void (*cache_invalidate)(void); 2618c2ecf20Sopenharmony_ci int (*cache_add)(const unsigned char *calipso_ptr, 2628c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 2638c2ecf20Sopenharmony_ci}; 2648c2ecf20Sopenharmony_ci 2658c2ecf20Sopenharmony_ci/* 2668c2ecf20Sopenharmony_ci * LSM security attribute operations (inline) 2678c2ecf20Sopenharmony_ci */ 2688c2ecf20Sopenharmony_ci 2698c2ecf20Sopenharmony_ci/** 2708c2ecf20Sopenharmony_ci * netlbl_secattr_cache_alloc - Allocate and initialize a secattr cache 2718c2ecf20Sopenharmony_ci * @flags: the memory allocation flags 2728c2ecf20Sopenharmony_ci * 2738c2ecf20Sopenharmony_ci * Description: 2748c2ecf20Sopenharmony_ci * Allocate and initialize a netlbl_lsm_cache structure. Returns a pointer 2758c2ecf20Sopenharmony_ci * on success, NULL on failure. 2768c2ecf20Sopenharmony_ci * 2778c2ecf20Sopenharmony_ci */ 2788c2ecf20Sopenharmony_cistatic inline struct netlbl_lsm_cache *netlbl_secattr_cache_alloc(gfp_t flags) 2798c2ecf20Sopenharmony_ci{ 2808c2ecf20Sopenharmony_ci struct netlbl_lsm_cache *cache; 2818c2ecf20Sopenharmony_ci 2828c2ecf20Sopenharmony_ci cache = kzalloc(sizeof(*cache), flags); 2838c2ecf20Sopenharmony_ci if (cache) 2848c2ecf20Sopenharmony_ci refcount_set(&cache->refcount, 1); 2858c2ecf20Sopenharmony_ci return cache; 2868c2ecf20Sopenharmony_ci} 2878c2ecf20Sopenharmony_ci 2888c2ecf20Sopenharmony_ci/** 2898c2ecf20Sopenharmony_ci * netlbl_secattr_cache_free - Frees a netlbl_lsm_cache struct 2908c2ecf20Sopenharmony_ci * @cache: the struct to free 2918c2ecf20Sopenharmony_ci * 2928c2ecf20Sopenharmony_ci * Description: 2938c2ecf20Sopenharmony_ci * Frees @secattr including all of the internal buffers. 2948c2ecf20Sopenharmony_ci * 2958c2ecf20Sopenharmony_ci */ 2968c2ecf20Sopenharmony_cistatic inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache) 2978c2ecf20Sopenharmony_ci{ 2988c2ecf20Sopenharmony_ci if (!refcount_dec_and_test(&cache->refcount)) 2998c2ecf20Sopenharmony_ci return; 3008c2ecf20Sopenharmony_ci 3018c2ecf20Sopenharmony_ci if (cache->free) 3028c2ecf20Sopenharmony_ci cache->free(cache->data); 3038c2ecf20Sopenharmony_ci kfree(cache); 3048c2ecf20Sopenharmony_ci} 3058c2ecf20Sopenharmony_ci 3068c2ecf20Sopenharmony_ci/** 3078c2ecf20Sopenharmony_ci * netlbl_catmap_alloc - Allocate a LSM secattr catmap 3088c2ecf20Sopenharmony_ci * @flags: memory allocation flags 3098c2ecf20Sopenharmony_ci * 3108c2ecf20Sopenharmony_ci * Description: 3118c2ecf20Sopenharmony_ci * Allocate memory for a LSM secattr catmap, returns a pointer on success, NULL 3128c2ecf20Sopenharmony_ci * on failure. 3138c2ecf20Sopenharmony_ci * 3148c2ecf20Sopenharmony_ci */ 3158c2ecf20Sopenharmony_cistatic inline struct netlbl_lsm_catmap *netlbl_catmap_alloc(gfp_t flags) 3168c2ecf20Sopenharmony_ci{ 3178c2ecf20Sopenharmony_ci return kzalloc(sizeof(struct netlbl_lsm_catmap), flags); 3188c2ecf20Sopenharmony_ci} 3198c2ecf20Sopenharmony_ci 3208c2ecf20Sopenharmony_ci/** 3218c2ecf20Sopenharmony_ci * netlbl_catmap_free - Free a LSM secattr catmap 3228c2ecf20Sopenharmony_ci * @catmap: the category bitmap 3238c2ecf20Sopenharmony_ci * 3248c2ecf20Sopenharmony_ci * Description: 3258c2ecf20Sopenharmony_ci * Free a LSM secattr catmap. 3268c2ecf20Sopenharmony_ci * 3278c2ecf20Sopenharmony_ci */ 3288c2ecf20Sopenharmony_cistatic inline void netlbl_catmap_free(struct netlbl_lsm_catmap *catmap) 3298c2ecf20Sopenharmony_ci{ 3308c2ecf20Sopenharmony_ci struct netlbl_lsm_catmap *iter; 3318c2ecf20Sopenharmony_ci 3328c2ecf20Sopenharmony_ci while (catmap) { 3338c2ecf20Sopenharmony_ci iter = catmap; 3348c2ecf20Sopenharmony_ci catmap = catmap->next; 3358c2ecf20Sopenharmony_ci kfree(iter); 3368c2ecf20Sopenharmony_ci } 3378c2ecf20Sopenharmony_ci} 3388c2ecf20Sopenharmony_ci 3398c2ecf20Sopenharmony_ci/** 3408c2ecf20Sopenharmony_ci * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct 3418c2ecf20Sopenharmony_ci * @secattr: the struct to initialize 3428c2ecf20Sopenharmony_ci * 3438c2ecf20Sopenharmony_ci * Description: 3448c2ecf20Sopenharmony_ci * Initialize an already allocated netlbl_lsm_secattr struct. 3458c2ecf20Sopenharmony_ci * 3468c2ecf20Sopenharmony_ci */ 3478c2ecf20Sopenharmony_cistatic inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr) 3488c2ecf20Sopenharmony_ci{ 3498c2ecf20Sopenharmony_ci memset(secattr, 0, sizeof(*secattr)); 3508c2ecf20Sopenharmony_ci} 3518c2ecf20Sopenharmony_ci 3528c2ecf20Sopenharmony_ci/** 3538c2ecf20Sopenharmony_ci * netlbl_secattr_destroy - Clears a netlbl_lsm_secattr struct 3548c2ecf20Sopenharmony_ci * @secattr: the struct to clear 3558c2ecf20Sopenharmony_ci * 3568c2ecf20Sopenharmony_ci * Description: 3578c2ecf20Sopenharmony_ci * Destroys the @secattr struct, including freeing all of the internal buffers. 3588c2ecf20Sopenharmony_ci * The struct must be reset with a call to netlbl_secattr_init() before reuse. 3598c2ecf20Sopenharmony_ci * 3608c2ecf20Sopenharmony_ci */ 3618c2ecf20Sopenharmony_cistatic inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr) 3628c2ecf20Sopenharmony_ci{ 3638c2ecf20Sopenharmony_ci if (secattr->flags & NETLBL_SECATTR_FREE_DOMAIN) 3648c2ecf20Sopenharmony_ci kfree(secattr->domain); 3658c2ecf20Sopenharmony_ci if (secattr->flags & NETLBL_SECATTR_CACHE) 3668c2ecf20Sopenharmony_ci netlbl_secattr_cache_free(secattr->cache); 3678c2ecf20Sopenharmony_ci if (secattr->flags & NETLBL_SECATTR_MLS_CAT) 3688c2ecf20Sopenharmony_ci netlbl_catmap_free(secattr->attr.mls.cat); 3698c2ecf20Sopenharmony_ci} 3708c2ecf20Sopenharmony_ci 3718c2ecf20Sopenharmony_ci/** 3728c2ecf20Sopenharmony_ci * netlbl_secattr_alloc - Allocate and initialize a netlbl_lsm_secattr struct 3738c2ecf20Sopenharmony_ci * @flags: the memory allocation flags 3748c2ecf20Sopenharmony_ci * 3758c2ecf20Sopenharmony_ci * Description: 3768c2ecf20Sopenharmony_ci * Allocate and initialize a netlbl_lsm_secattr struct. Returns a valid 3778c2ecf20Sopenharmony_ci * pointer on success, or NULL on failure. 3788c2ecf20Sopenharmony_ci * 3798c2ecf20Sopenharmony_ci */ 3808c2ecf20Sopenharmony_cistatic inline struct netlbl_lsm_secattr *netlbl_secattr_alloc(gfp_t flags) 3818c2ecf20Sopenharmony_ci{ 3828c2ecf20Sopenharmony_ci return kzalloc(sizeof(struct netlbl_lsm_secattr), flags); 3838c2ecf20Sopenharmony_ci} 3848c2ecf20Sopenharmony_ci 3858c2ecf20Sopenharmony_ci/** 3868c2ecf20Sopenharmony_ci * netlbl_secattr_free - Frees a netlbl_lsm_secattr struct 3878c2ecf20Sopenharmony_ci * @secattr: the struct to free 3888c2ecf20Sopenharmony_ci * 3898c2ecf20Sopenharmony_ci * Description: 3908c2ecf20Sopenharmony_ci * Frees @secattr including all of the internal buffers. 3918c2ecf20Sopenharmony_ci * 3928c2ecf20Sopenharmony_ci */ 3938c2ecf20Sopenharmony_cistatic inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr) 3948c2ecf20Sopenharmony_ci{ 3958c2ecf20Sopenharmony_ci netlbl_secattr_destroy(secattr); 3968c2ecf20Sopenharmony_ci kfree(secattr); 3978c2ecf20Sopenharmony_ci} 3988c2ecf20Sopenharmony_ci 3998c2ecf20Sopenharmony_ci#ifdef CONFIG_NETLABEL 4008c2ecf20Sopenharmony_ci/* 4018c2ecf20Sopenharmony_ci * LSM configuration operations 4028c2ecf20Sopenharmony_ci */ 4038c2ecf20Sopenharmony_ciint netlbl_cfg_map_del(const char *domain, 4048c2ecf20Sopenharmony_ci u16 family, 4058c2ecf20Sopenharmony_ci const void *addr, 4068c2ecf20Sopenharmony_ci const void *mask, 4078c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 4088c2ecf20Sopenharmony_ciint netlbl_cfg_unlbl_map_add(const char *domain, 4098c2ecf20Sopenharmony_ci u16 family, 4108c2ecf20Sopenharmony_ci const void *addr, 4118c2ecf20Sopenharmony_ci const void *mask, 4128c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 4138c2ecf20Sopenharmony_ciint netlbl_cfg_unlbl_static_add(struct net *net, 4148c2ecf20Sopenharmony_ci const char *dev_name, 4158c2ecf20Sopenharmony_ci const void *addr, 4168c2ecf20Sopenharmony_ci const void *mask, 4178c2ecf20Sopenharmony_ci u16 family, 4188c2ecf20Sopenharmony_ci u32 secid, 4198c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 4208c2ecf20Sopenharmony_ciint netlbl_cfg_unlbl_static_del(struct net *net, 4218c2ecf20Sopenharmony_ci const char *dev_name, 4228c2ecf20Sopenharmony_ci const void *addr, 4238c2ecf20Sopenharmony_ci const void *mask, 4248c2ecf20Sopenharmony_ci u16 family, 4258c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 4268c2ecf20Sopenharmony_ciint netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def, 4278c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 4288c2ecf20Sopenharmony_civoid netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info); 4298c2ecf20Sopenharmony_ciint netlbl_cfg_cipsov4_map_add(u32 doi, 4308c2ecf20Sopenharmony_ci const char *domain, 4318c2ecf20Sopenharmony_ci const struct in_addr *addr, 4328c2ecf20Sopenharmony_ci const struct in_addr *mask, 4338c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 4348c2ecf20Sopenharmony_ciint netlbl_cfg_calipso_add(struct calipso_doi *doi_def, 4358c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 4368c2ecf20Sopenharmony_civoid netlbl_cfg_calipso_del(u32 doi, struct netlbl_audit *audit_info); 4378c2ecf20Sopenharmony_ciint netlbl_cfg_calipso_map_add(u32 doi, 4388c2ecf20Sopenharmony_ci const char *domain, 4398c2ecf20Sopenharmony_ci const struct in6_addr *addr, 4408c2ecf20Sopenharmony_ci const struct in6_addr *mask, 4418c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 4428c2ecf20Sopenharmony_ci/* 4438c2ecf20Sopenharmony_ci * LSM security attribute operations 4448c2ecf20Sopenharmony_ci */ 4458c2ecf20Sopenharmony_ciint netlbl_catmap_walk(struct netlbl_lsm_catmap *catmap, u32 offset); 4468c2ecf20Sopenharmony_ciint netlbl_catmap_walkrng(struct netlbl_lsm_catmap *catmap, u32 offset); 4478c2ecf20Sopenharmony_ciint netlbl_catmap_getlong(struct netlbl_lsm_catmap *catmap, 4488c2ecf20Sopenharmony_ci u32 *offset, 4498c2ecf20Sopenharmony_ci unsigned long *bitmap); 4508c2ecf20Sopenharmony_ciint netlbl_catmap_setbit(struct netlbl_lsm_catmap **catmap, 4518c2ecf20Sopenharmony_ci u32 bit, 4528c2ecf20Sopenharmony_ci gfp_t flags); 4538c2ecf20Sopenharmony_ciint netlbl_catmap_setrng(struct netlbl_lsm_catmap **catmap, 4548c2ecf20Sopenharmony_ci u32 start, 4558c2ecf20Sopenharmony_ci u32 end, 4568c2ecf20Sopenharmony_ci gfp_t flags); 4578c2ecf20Sopenharmony_ciint netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap, 4588c2ecf20Sopenharmony_ci u32 offset, 4598c2ecf20Sopenharmony_ci unsigned long bitmap, 4608c2ecf20Sopenharmony_ci gfp_t flags); 4618c2ecf20Sopenharmony_ci 4628c2ecf20Sopenharmony_ci/* Bitmap functions 4638c2ecf20Sopenharmony_ci */ 4648c2ecf20Sopenharmony_ciint netlbl_bitmap_walk(const unsigned char *bitmap, u32 bitmap_len, 4658c2ecf20Sopenharmony_ci u32 offset, u8 state); 4668c2ecf20Sopenharmony_civoid netlbl_bitmap_setbit(unsigned char *bitmap, u32 bit, u8 state); 4678c2ecf20Sopenharmony_ci 4688c2ecf20Sopenharmony_ci/* 4698c2ecf20Sopenharmony_ci * LSM protocol operations (NetLabel LSM/kernel API) 4708c2ecf20Sopenharmony_ci */ 4718c2ecf20Sopenharmony_ciint netlbl_enabled(void); 4728c2ecf20Sopenharmony_ciint netlbl_sock_setattr(struct sock *sk, 4738c2ecf20Sopenharmony_ci u16 family, 4748c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 4758c2ecf20Sopenharmony_civoid netlbl_sock_delattr(struct sock *sk); 4768c2ecf20Sopenharmony_ciint netlbl_sock_getattr(struct sock *sk, 4778c2ecf20Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 4788c2ecf20Sopenharmony_ciint netlbl_conn_setattr(struct sock *sk, 4798c2ecf20Sopenharmony_ci struct sockaddr *addr, 4808c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 4818c2ecf20Sopenharmony_ciint netlbl_req_setattr(struct request_sock *req, 4828c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 4838c2ecf20Sopenharmony_civoid netlbl_req_delattr(struct request_sock *req); 4848c2ecf20Sopenharmony_ciint netlbl_skbuff_setattr(struct sk_buff *skb, 4858c2ecf20Sopenharmony_ci u16 family, 4868c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 4878c2ecf20Sopenharmony_ciint netlbl_skbuff_getattr(const struct sk_buff *skb, 4888c2ecf20Sopenharmony_ci u16 family, 4898c2ecf20Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 4908c2ecf20Sopenharmony_civoid netlbl_skbuff_err(struct sk_buff *skb, u16 family, int error, int gateway); 4918c2ecf20Sopenharmony_ci 4928c2ecf20Sopenharmony_ci/* 4938c2ecf20Sopenharmony_ci * LSM label mapping cache operations 4948c2ecf20Sopenharmony_ci */ 4958c2ecf20Sopenharmony_civoid netlbl_cache_invalidate(void); 4968c2ecf20Sopenharmony_ciint netlbl_cache_add(const struct sk_buff *skb, u16 family, 4978c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 4988c2ecf20Sopenharmony_ci 4998c2ecf20Sopenharmony_ci/* 5008c2ecf20Sopenharmony_ci * Protocol engine operations 5018c2ecf20Sopenharmony_ci */ 5028c2ecf20Sopenharmony_cistruct audit_buffer *netlbl_audit_start(int type, 5038c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 5048c2ecf20Sopenharmony_ci#else 5058c2ecf20Sopenharmony_cistatic inline int netlbl_cfg_map_del(const char *domain, 5068c2ecf20Sopenharmony_ci u16 family, 5078c2ecf20Sopenharmony_ci const void *addr, 5088c2ecf20Sopenharmony_ci const void *mask, 5098c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5108c2ecf20Sopenharmony_ci{ 5118c2ecf20Sopenharmony_ci return -ENOSYS; 5128c2ecf20Sopenharmony_ci} 5138c2ecf20Sopenharmony_cistatic inline int netlbl_cfg_unlbl_map_add(const char *domain, 5148c2ecf20Sopenharmony_ci u16 family, 5158c2ecf20Sopenharmony_ci void *addr, 5168c2ecf20Sopenharmony_ci void *mask, 5178c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5188c2ecf20Sopenharmony_ci{ 5198c2ecf20Sopenharmony_ci return -ENOSYS; 5208c2ecf20Sopenharmony_ci} 5218c2ecf20Sopenharmony_cistatic inline int netlbl_cfg_unlbl_static_add(struct net *net, 5228c2ecf20Sopenharmony_ci const char *dev_name, 5238c2ecf20Sopenharmony_ci const void *addr, 5248c2ecf20Sopenharmony_ci const void *mask, 5258c2ecf20Sopenharmony_ci u16 family, 5268c2ecf20Sopenharmony_ci u32 secid, 5278c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5288c2ecf20Sopenharmony_ci{ 5298c2ecf20Sopenharmony_ci return -ENOSYS; 5308c2ecf20Sopenharmony_ci} 5318c2ecf20Sopenharmony_cistatic inline int netlbl_cfg_unlbl_static_del(struct net *net, 5328c2ecf20Sopenharmony_ci const char *dev_name, 5338c2ecf20Sopenharmony_ci const void *addr, 5348c2ecf20Sopenharmony_ci const void *mask, 5358c2ecf20Sopenharmony_ci u16 family, 5368c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5378c2ecf20Sopenharmony_ci{ 5388c2ecf20Sopenharmony_ci return -ENOSYS; 5398c2ecf20Sopenharmony_ci} 5408c2ecf20Sopenharmony_cistatic inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def, 5418c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5428c2ecf20Sopenharmony_ci{ 5438c2ecf20Sopenharmony_ci return -ENOSYS; 5448c2ecf20Sopenharmony_ci} 5458c2ecf20Sopenharmony_cistatic inline void netlbl_cfg_cipsov4_del(u32 doi, 5468c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5478c2ecf20Sopenharmony_ci{ 5488c2ecf20Sopenharmony_ci return; 5498c2ecf20Sopenharmony_ci} 5508c2ecf20Sopenharmony_cistatic inline int netlbl_cfg_cipsov4_map_add(u32 doi, 5518c2ecf20Sopenharmony_ci const char *domain, 5528c2ecf20Sopenharmony_ci const struct in_addr *addr, 5538c2ecf20Sopenharmony_ci const struct in_addr *mask, 5548c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5558c2ecf20Sopenharmony_ci{ 5568c2ecf20Sopenharmony_ci return -ENOSYS; 5578c2ecf20Sopenharmony_ci} 5588c2ecf20Sopenharmony_cistatic inline int netlbl_cfg_calipso_add(struct calipso_doi *doi_def, 5598c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5608c2ecf20Sopenharmony_ci{ 5618c2ecf20Sopenharmony_ci return -ENOSYS; 5628c2ecf20Sopenharmony_ci} 5638c2ecf20Sopenharmony_cistatic inline void netlbl_cfg_calipso_del(u32 doi, 5648c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5658c2ecf20Sopenharmony_ci{ 5668c2ecf20Sopenharmony_ci return; 5678c2ecf20Sopenharmony_ci} 5688c2ecf20Sopenharmony_cistatic inline int netlbl_cfg_calipso_map_add(u32 doi, 5698c2ecf20Sopenharmony_ci const char *domain, 5708c2ecf20Sopenharmony_ci const struct in6_addr *addr, 5718c2ecf20Sopenharmony_ci const struct in6_addr *mask, 5728c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5738c2ecf20Sopenharmony_ci{ 5748c2ecf20Sopenharmony_ci return -ENOSYS; 5758c2ecf20Sopenharmony_ci} 5768c2ecf20Sopenharmony_cistatic inline int netlbl_catmap_walk(struct netlbl_lsm_catmap *catmap, 5778c2ecf20Sopenharmony_ci u32 offset) 5788c2ecf20Sopenharmony_ci{ 5798c2ecf20Sopenharmony_ci return -ENOENT; 5808c2ecf20Sopenharmony_ci} 5818c2ecf20Sopenharmony_cistatic inline int netlbl_catmap_walkrng(struct netlbl_lsm_catmap *catmap, 5828c2ecf20Sopenharmony_ci u32 offset) 5838c2ecf20Sopenharmony_ci{ 5848c2ecf20Sopenharmony_ci return -ENOENT; 5858c2ecf20Sopenharmony_ci} 5868c2ecf20Sopenharmony_cistatic inline int netlbl_catmap_getlong(struct netlbl_lsm_catmap *catmap, 5878c2ecf20Sopenharmony_ci u32 *offset, 5888c2ecf20Sopenharmony_ci unsigned long *bitmap) 5898c2ecf20Sopenharmony_ci{ 5908c2ecf20Sopenharmony_ci return 0; 5918c2ecf20Sopenharmony_ci} 5928c2ecf20Sopenharmony_cistatic inline int netlbl_catmap_setbit(struct netlbl_lsm_catmap **catmap, 5938c2ecf20Sopenharmony_ci u32 bit, 5948c2ecf20Sopenharmony_ci gfp_t flags) 5958c2ecf20Sopenharmony_ci{ 5968c2ecf20Sopenharmony_ci return 0; 5978c2ecf20Sopenharmony_ci} 5988c2ecf20Sopenharmony_cistatic inline int netlbl_catmap_setrng(struct netlbl_lsm_catmap **catmap, 5998c2ecf20Sopenharmony_ci u32 start, 6008c2ecf20Sopenharmony_ci u32 end, 6018c2ecf20Sopenharmony_ci gfp_t flags) 6028c2ecf20Sopenharmony_ci{ 6038c2ecf20Sopenharmony_ci return 0; 6048c2ecf20Sopenharmony_ci} 6058c2ecf20Sopenharmony_cistatic inline int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap, 6068c2ecf20Sopenharmony_ci u32 offset, 6078c2ecf20Sopenharmony_ci unsigned long bitmap, 6088c2ecf20Sopenharmony_ci gfp_t flags) 6098c2ecf20Sopenharmony_ci{ 6108c2ecf20Sopenharmony_ci return 0; 6118c2ecf20Sopenharmony_ci} 6128c2ecf20Sopenharmony_cistatic inline int netlbl_enabled(void) 6138c2ecf20Sopenharmony_ci{ 6148c2ecf20Sopenharmony_ci return 0; 6158c2ecf20Sopenharmony_ci} 6168c2ecf20Sopenharmony_cistatic inline int netlbl_sock_setattr(struct sock *sk, 6178c2ecf20Sopenharmony_ci u16 family, 6188c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr) 6198c2ecf20Sopenharmony_ci{ 6208c2ecf20Sopenharmony_ci return -ENOSYS; 6218c2ecf20Sopenharmony_ci} 6228c2ecf20Sopenharmony_cistatic inline void netlbl_sock_delattr(struct sock *sk) 6238c2ecf20Sopenharmony_ci{ 6248c2ecf20Sopenharmony_ci} 6258c2ecf20Sopenharmony_cistatic inline int netlbl_sock_getattr(struct sock *sk, 6268c2ecf20Sopenharmony_ci struct netlbl_lsm_secattr *secattr) 6278c2ecf20Sopenharmony_ci{ 6288c2ecf20Sopenharmony_ci return -ENOSYS; 6298c2ecf20Sopenharmony_ci} 6308c2ecf20Sopenharmony_cistatic inline int netlbl_conn_setattr(struct sock *sk, 6318c2ecf20Sopenharmony_ci struct sockaddr *addr, 6328c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr) 6338c2ecf20Sopenharmony_ci{ 6348c2ecf20Sopenharmony_ci return -ENOSYS; 6358c2ecf20Sopenharmony_ci} 6368c2ecf20Sopenharmony_cistatic inline int netlbl_req_setattr(struct request_sock *req, 6378c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr) 6388c2ecf20Sopenharmony_ci{ 6398c2ecf20Sopenharmony_ci return -ENOSYS; 6408c2ecf20Sopenharmony_ci} 6418c2ecf20Sopenharmony_cistatic inline void netlbl_req_delattr(struct request_sock *req) 6428c2ecf20Sopenharmony_ci{ 6438c2ecf20Sopenharmony_ci return; 6448c2ecf20Sopenharmony_ci} 6458c2ecf20Sopenharmony_cistatic inline int netlbl_skbuff_setattr(struct sk_buff *skb, 6468c2ecf20Sopenharmony_ci u16 family, 6478c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr) 6488c2ecf20Sopenharmony_ci{ 6498c2ecf20Sopenharmony_ci return -ENOSYS; 6508c2ecf20Sopenharmony_ci} 6518c2ecf20Sopenharmony_cistatic inline int netlbl_skbuff_getattr(const struct sk_buff *skb, 6528c2ecf20Sopenharmony_ci u16 family, 6538c2ecf20Sopenharmony_ci struct netlbl_lsm_secattr *secattr) 6548c2ecf20Sopenharmony_ci{ 6558c2ecf20Sopenharmony_ci return -ENOSYS; 6568c2ecf20Sopenharmony_ci} 6578c2ecf20Sopenharmony_cistatic inline void netlbl_skbuff_err(struct sk_buff *skb, 6588c2ecf20Sopenharmony_ci int error, 6598c2ecf20Sopenharmony_ci int gateway) 6608c2ecf20Sopenharmony_ci{ 6618c2ecf20Sopenharmony_ci return; 6628c2ecf20Sopenharmony_ci} 6638c2ecf20Sopenharmony_cistatic inline void netlbl_cache_invalidate(void) 6648c2ecf20Sopenharmony_ci{ 6658c2ecf20Sopenharmony_ci return; 6668c2ecf20Sopenharmony_ci} 6678c2ecf20Sopenharmony_cistatic inline int netlbl_cache_add(const struct sk_buff *skb, u16 family, 6688c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr) 6698c2ecf20Sopenharmony_ci{ 6708c2ecf20Sopenharmony_ci return 0; 6718c2ecf20Sopenharmony_ci} 6728c2ecf20Sopenharmony_cistatic inline struct audit_buffer *netlbl_audit_start(int type, 6738c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 6748c2ecf20Sopenharmony_ci{ 6758c2ecf20Sopenharmony_ci return NULL; 6768c2ecf20Sopenharmony_ci} 6778c2ecf20Sopenharmony_ci#endif /* CONFIG_NETLABEL */ 6788c2ecf20Sopenharmony_ci 6798c2ecf20Sopenharmony_ciconst struct netlbl_calipso_ops * 6808c2ecf20Sopenharmony_cinetlbl_calipso_ops_register(const struct netlbl_calipso_ops *ops); 6818c2ecf20Sopenharmony_ci 6828c2ecf20Sopenharmony_ci#endif /* _NETLABEL_H */ 683