18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-or-later */ 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * NetLabel CALIPSO Support 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * This file defines the CALIPSO functions for the NetLabel system. The 68c2ecf20Sopenharmony_ci * NetLabel system manages static and dynamic label mappings for network 78c2ecf20Sopenharmony_ci * protocols such as CIPSO and RIPSO. 88c2ecf20Sopenharmony_ci * 98c2ecf20Sopenharmony_ci * Authors: Paul Moore <paul@paul-moore.com> 108c2ecf20Sopenharmony_ci * Huw Davies <huw@codeweavers.com> 118c2ecf20Sopenharmony_ci */ 128c2ecf20Sopenharmony_ci 138c2ecf20Sopenharmony_ci/* (c) Copyright Hewlett-Packard Development Company, L.P., 2006 148c2ecf20Sopenharmony_ci * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015 158c2ecf20Sopenharmony_ci */ 168c2ecf20Sopenharmony_ci 178c2ecf20Sopenharmony_ci#ifndef _NETLABEL_CALIPSO 188c2ecf20Sopenharmony_ci#define _NETLABEL_CALIPSO 198c2ecf20Sopenharmony_ci 208c2ecf20Sopenharmony_ci#include <net/netlabel.h> 218c2ecf20Sopenharmony_ci#include <net/calipso.h> 228c2ecf20Sopenharmony_ci 238c2ecf20Sopenharmony_ci/* The following NetLabel payloads are supported by the CALIPSO subsystem. 248c2ecf20Sopenharmony_ci * 258c2ecf20Sopenharmony_ci * o ADD: 268c2ecf20Sopenharmony_ci * Sent by an application to add a new DOI mapping table. 278c2ecf20Sopenharmony_ci * 288c2ecf20Sopenharmony_ci * Required attributes: 298c2ecf20Sopenharmony_ci * 308c2ecf20Sopenharmony_ci * NLBL_CALIPSO_A_DOI 318c2ecf20Sopenharmony_ci * NLBL_CALIPSO_A_MTYPE 328c2ecf20Sopenharmony_ci * 338c2ecf20Sopenharmony_ci * If using CALIPSO_MAP_PASS no additional attributes are required. 348c2ecf20Sopenharmony_ci * 358c2ecf20Sopenharmony_ci * o REMOVE: 368c2ecf20Sopenharmony_ci * Sent by an application to remove a specific DOI mapping table from the 378c2ecf20Sopenharmony_ci * CALIPSO system. 388c2ecf20Sopenharmony_ci * 398c2ecf20Sopenharmony_ci * Required attributes: 408c2ecf20Sopenharmony_ci * 418c2ecf20Sopenharmony_ci * NLBL_CALIPSO_A_DOI 428c2ecf20Sopenharmony_ci * 438c2ecf20Sopenharmony_ci * o LIST: 448c2ecf20Sopenharmony_ci * Sent by an application to list the details of a DOI definition. On 458c2ecf20Sopenharmony_ci * success the kernel should send a response using the following format. 468c2ecf20Sopenharmony_ci * 478c2ecf20Sopenharmony_ci * Required attributes: 488c2ecf20Sopenharmony_ci * 498c2ecf20Sopenharmony_ci * NLBL_CALIPSO_A_DOI 508c2ecf20Sopenharmony_ci * 518c2ecf20Sopenharmony_ci * The valid response message format depends on the type of the DOI mapping, 528c2ecf20Sopenharmony_ci * the defined formats are shown below. 538c2ecf20Sopenharmony_ci * 548c2ecf20Sopenharmony_ci * Required attributes: 558c2ecf20Sopenharmony_ci * 568c2ecf20Sopenharmony_ci * NLBL_CALIPSO_A_MTYPE 578c2ecf20Sopenharmony_ci * 588c2ecf20Sopenharmony_ci * If using CALIPSO_MAP_PASS no additional attributes are required. 598c2ecf20Sopenharmony_ci * 608c2ecf20Sopenharmony_ci * o LISTALL: 618c2ecf20Sopenharmony_ci * This message is sent by an application to list the valid DOIs on the 628c2ecf20Sopenharmony_ci * system. When sent by an application there is no payload and the 638c2ecf20Sopenharmony_ci * NLM_F_DUMP flag should be set. The kernel should respond with a series of 648c2ecf20Sopenharmony_ci * the following messages. 658c2ecf20Sopenharmony_ci * 668c2ecf20Sopenharmony_ci * Required attributes: 678c2ecf20Sopenharmony_ci * 688c2ecf20Sopenharmony_ci * NLBL_CALIPSO_A_DOI 698c2ecf20Sopenharmony_ci * NLBL_CALIPSO_A_MTYPE 708c2ecf20Sopenharmony_ci * 718c2ecf20Sopenharmony_ci */ 728c2ecf20Sopenharmony_ci 738c2ecf20Sopenharmony_ci/* NetLabel CALIPSO commands */ 748c2ecf20Sopenharmony_cienum { 758c2ecf20Sopenharmony_ci NLBL_CALIPSO_C_UNSPEC, 768c2ecf20Sopenharmony_ci NLBL_CALIPSO_C_ADD, 778c2ecf20Sopenharmony_ci NLBL_CALIPSO_C_REMOVE, 788c2ecf20Sopenharmony_ci NLBL_CALIPSO_C_LIST, 798c2ecf20Sopenharmony_ci NLBL_CALIPSO_C_LISTALL, 808c2ecf20Sopenharmony_ci __NLBL_CALIPSO_C_MAX, 818c2ecf20Sopenharmony_ci}; 828c2ecf20Sopenharmony_ci 838c2ecf20Sopenharmony_ci/* NetLabel CALIPSO attributes */ 848c2ecf20Sopenharmony_cienum { 858c2ecf20Sopenharmony_ci NLBL_CALIPSO_A_UNSPEC, 868c2ecf20Sopenharmony_ci NLBL_CALIPSO_A_DOI, 878c2ecf20Sopenharmony_ci /* (NLA_U32) 888c2ecf20Sopenharmony_ci * the DOI value */ 898c2ecf20Sopenharmony_ci NLBL_CALIPSO_A_MTYPE, 908c2ecf20Sopenharmony_ci /* (NLA_U32) 918c2ecf20Sopenharmony_ci * the mapping table type (defined in the calipso.h header as 928c2ecf20Sopenharmony_ci * CALIPSO_MAP_*) */ 938c2ecf20Sopenharmony_ci __NLBL_CALIPSO_A_MAX, 948c2ecf20Sopenharmony_ci}; 958c2ecf20Sopenharmony_ci 968c2ecf20Sopenharmony_ci#define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1) 978c2ecf20Sopenharmony_ci 988c2ecf20Sopenharmony_ci/* NetLabel protocol functions */ 998c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 1008c2ecf20Sopenharmony_ciint netlbl_calipso_genl_init(void); 1018c2ecf20Sopenharmony_ci#else 1028c2ecf20Sopenharmony_cistatic inline int netlbl_calipso_genl_init(void) 1038c2ecf20Sopenharmony_ci{ 1048c2ecf20Sopenharmony_ci return 0; 1058c2ecf20Sopenharmony_ci} 1068c2ecf20Sopenharmony_ci#endif 1078c2ecf20Sopenharmony_ci 1088c2ecf20Sopenharmony_ciint calipso_doi_add(struct calipso_doi *doi_def, 1098c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info); 1108c2ecf20Sopenharmony_civoid calipso_doi_free(struct calipso_doi *doi_def); 1118c2ecf20Sopenharmony_ciint calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info); 1128c2ecf20Sopenharmony_cistruct calipso_doi *calipso_doi_getdef(u32 doi); 1138c2ecf20Sopenharmony_civoid calipso_doi_putdef(struct calipso_doi *doi_def); 1148c2ecf20Sopenharmony_ciint calipso_doi_walk(u32 *skip_cnt, 1158c2ecf20Sopenharmony_ci int (*callback)(struct calipso_doi *doi_def, void *arg), 1168c2ecf20Sopenharmony_ci void *cb_arg); 1178c2ecf20Sopenharmony_ciint calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr); 1188c2ecf20Sopenharmony_ciint calipso_sock_setattr(struct sock *sk, 1198c2ecf20Sopenharmony_ci const struct calipso_doi *doi_def, 1208c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 1218c2ecf20Sopenharmony_civoid calipso_sock_delattr(struct sock *sk); 1228c2ecf20Sopenharmony_ciint calipso_req_setattr(struct request_sock *req, 1238c2ecf20Sopenharmony_ci const struct calipso_doi *doi_def, 1248c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 1258c2ecf20Sopenharmony_civoid calipso_req_delattr(struct request_sock *req); 1268c2ecf20Sopenharmony_ciunsigned char *calipso_optptr(const struct sk_buff *skb); 1278c2ecf20Sopenharmony_ciint calipso_getattr(const unsigned char *calipso, 1288c2ecf20Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 1298c2ecf20Sopenharmony_ciint calipso_skbuff_setattr(struct sk_buff *skb, 1308c2ecf20Sopenharmony_ci const struct calipso_doi *doi_def, 1318c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 1328c2ecf20Sopenharmony_ciint calipso_skbuff_delattr(struct sk_buff *skb); 1338c2ecf20Sopenharmony_civoid calipso_cache_invalidate(void); 1348c2ecf20Sopenharmony_ciint calipso_cache_add(const unsigned char *calipso_ptr, 1358c2ecf20Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 1368c2ecf20Sopenharmony_ci 1378c2ecf20Sopenharmony_ci#endif 138