18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * NetLabel Management Support 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * This file defines the management functions for the NetLabel system. The 68c2ecf20Sopenharmony_ci * NetLabel system manages static and dynamic label mappings for network 78c2ecf20Sopenharmony_ci * protocols such as CIPSO and RIPSO. 88c2ecf20Sopenharmony_ci * 98c2ecf20Sopenharmony_ci * Author: Paul Moore <paul@paul-moore.com> 108c2ecf20Sopenharmony_ci */ 118c2ecf20Sopenharmony_ci 128c2ecf20Sopenharmony_ci/* 138c2ecf20Sopenharmony_ci * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008 148c2ecf20Sopenharmony_ci */ 158c2ecf20Sopenharmony_ci 168c2ecf20Sopenharmony_ci#include <linux/types.h> 178c2ecf20Sopenharmony_ci#include <linux/socket.h> 188c2ecf20Sopenharmony_ci#include <linux/string.h> 198c2ecf20Sopenharmony_ci#include <linux/skbuff.h> 208c2ecf20Sopenharmony_ci#include <linux/in.h> 218c2ecf20Sopenharmony_ci#include <linux/in6.h> 228c2ecf20Sopenharmony_ci#include <linux/slab.h> 238c2ecf20Sopenharmony_ci#include <net/sock.h> 248c2ecf20Sopenharmony_ci#include <net/netlink.h> 258c2ecf20Sopenharmony_ci#include <net/genetlink.h> 268c2ecf20Sopenharmony_ci#include <net/ip.h> 278c2ecf20Sopenharmony_ci#include <net/ipv6.h> 288c2ecf20Sopenharmony_ci#include <net/netlabel.h> 298c2ecf20Sopenharmony_ci#include <net/cipso_ipv4.h> 308c2ecf20Sopenharmony_ci#include <net/calipso.h> 318c2ecf20Sopenharmony_ci#include <linux/atomic.h> 328c2ecf20Sopenharmony_ci 338c2ecf20Sopenharmony_ci#include "netlabel_calipso.h" 348c2ecf20Sopenharmony_ci#include "netlabel_domainhash.h" 358c2ecf20Sopenharmony_ci#include "netlabel_user.h" 368c2ecf20Sopenharmony_ci#include "netlabel_mgmt.h" 378c2ecf20Sopenharmony_ci 388c2ecf20Sopenharmony_ci/* NetLabel configured protocol counter */ 398c2ecf20Sopenharmony_ciatomic_t netlabel_mgmt_protocount = ATOMIC_INIT(0); 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_ci/* Argument struct for netlbl_domhsh_walk() */ 428c2ecf20Sopenharmony_cistruct netlbl_domhsh_walk_arg { 438c2ecf20Sopenharmony_ci struct netlink_callback *nl_cb; 448c2ecf20Sopenharmony_ci struct sk_buff *skb; 458c2ecf20Sopenharmony_ci u32 seq; 468c2ecf20Sopenharmony_ci}; 478c2ecf20Sopenharmony_ci 488c2ecf20Sopenharmony_ci/* NetLabel Generic NETLINK CIPSOv4 family */ 498c2ecf20Sopenharmony_cistatic struct genl_family netlbl_mgmt_gnl_family; 508c2ecf20Sopenharmony_ci 518c2ecf20Sopenharmony_ci/* NetLabel Netlink attribute policy */ 528c2ecf20Sopenharmony_cistatic const struct nla_policy netlbl_mgmt_genl_policy[NLBL_MGMT_A_MAX + 1] = { 538c2ecf20Sopenharmony_ci [NLBL_MGMT_A_DOMAIN] = { .type = NLA_NUL_STRING }, 548c2ecf20Sopenharmony_ci [NLBL_MGMT_A_PROTOCOL] = { .type = NLA_U32 }, 558c2ecf20Sopenharmony_ci [NLBL_MGMT_A_VERSION] = { .type = NLA_U32 }, 568c2ecf20Sopenharmony_ci [NLBL_MGMT_A_CV4DOI] = { .type = NLA_U32 }, 578c2ecf20Sopenharmony_ci [NLBL_MGMT_A_FAMILY] = { .type = NLA_U16 }, 588c2ecf20Sopenharmony_ci [NLBL_MGMT_A_CLPDOI] = { .type = NLA_U32 }, 598c2ecf20Sopenharmony_ci}; 608c2ecf20Sopenharmony_ci 618c2ecf20Sopenharmony_ci/* 628c2ecf20Sopenharmony_ci * Helper Functions 638c2ecf20Sopenharmony_ci */ 648c2ecf20Sopenharmony_ci 658c2ecf20Sopenharmony_ci/** 668c2ecf20Sopenharmony_ci * netlbl_mgmt_add - Handle an ADD message 678c2ecf20Sopenharmony_ci * @info: the Generic NETLINK info block 688c2ecf20Sopenharmony_ci * @audit_info: NetLabel audit information 698c2ecf20Sopenharmony_ci * 708c2ecf20Sopenharmony_ci * Description: 718c2ecf20Sopenharmony_ci * Helper function for the ADD and ADDDEF messages to add the domain mappings 728c2ecf20Sopenharmony_ci * from the message to the hash table. See netlabel.h for a description of the 738c2ecf20Sopenharmony_ci * message format. Returns zero on success, negative values on failure. 748c2ecf20Sopenharmony_ci * 758c2ecf20Sopenharmony_ci */ 768c2ecf20Sopenharmony_cistatic int netlbl_mgmt_add_common(struct genl_info *info, 778c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 788c2ecf20Sopenharmony_ci{ 798c2ecf20Sopenharmony_ci void *pmap = NULL; 808c2ecf20Sopenharmony_ci int ret_val = -EINVAL; 818c2ecf20Sopenharmony_ci struct netlbl_domaddr_map *addrmap = NULL; 828c2ecf20Sopenharmony_ci struct cipso_v4_doi *cipsov4 = NULL; 838c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 848c2ecf20Sopenharmony_ci struct calipso_doi *calipso = NULL; 858c2ecf20Sopenharmony_ci#endif 868c2ecf20Sopenharmony_ci u32 tmp_val; 878c2ecf20Sopenharmony_ci struct netlbl_dom_map *entry = kzalloc(sizeof(*entry), GFP_KERNEL); 888c2ecf20Sopenharmony_ci 898c2ecf20Sopenharmony_ci if (!entry) 908c2ecf20Sopenharmony_ci return -ENOMEM; 918c2ecf20Sopenharmony_ci entry->def.type = nla_get_u32(info->attrs[NLBL_MGMT_A_PROTOCOL]); 928c2ecf20Sopenharmony_ci if (info->attrs[NLBL_MGMT_A_DOMAIN]) { 938c2ecf20Sopenharmony_ci size_t tmp_size = nla_len(info->attrs[NLBL_MGMT_A_DOMAIN]); 948c2ecf20Sopenharmony_ci entry->domain = kmalloc(tmp_size, GFP_KERNEL); 958c2ecf20Sopenharmony_ci if (entry->domain == NULL) { 968c2ecf20Sopenharmony_ci ret_val = -ENOMEM; 978c2ecf20Sopenharmony_ci goto add_free_entry; 988c2ecf20Sopenharmony_ci } 998c2ecf20Sopenharmony_ci nla_strlcpy(entry->domain, 1008c2ecf20Sopenharmony_ci info->attrs[NLBL_MGMT_A_DOMAIN], tmp_size); 1018c2ecf20Sopenharmony_ci } 1028c2ecf20Sopenharmony_ci 1038c2ecf20Sopenharmony_ci /* NOTE: internally we allow/use a entry->def.type value of 1048c2ecf20Sopenharmony_ci * NETLBL_NLTYPE_ADDRSELECT but we don't currently allow users 1058c2ecf20Sopenharmony_ci * to pass that as a protocol value because we need to know the 1068c2ecf20Sopenharmony_ci * "real" protocol */ 1078c2ecf20Sopenharmony_ci 1088c2ecf20Sopenharmony_ci switch (entry->def.type) { 1098c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_UNLABELED: 1108c2ecf20Sopenharmony_ci if (info->attrs[NLBL_MGMT_A_FAMILY]) 1118c2ecf20Sopenharmony_ci entry->family = 1128c2ecf20Sopenharmony_ci nla_get_u16(info->attrs[NLBL_MGMT_A_FAMILY]); 1138c2ecf20Sopenharmony_ci else 1148c2ecf20Sopenharmony_ci entry->family = AF_UNSPEC; 1158c2ecf20Sopenharmony_ci break; 1168c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CIPSOV4: 1178c2ecf20Sopenharmony_ci if (!info->attrs[NLBL_MGMT_A_CV4DOI]) 1188c2ecf20Sopenharmony_ci goto add_free_domain; 1198c2ecf20Sopenharmony_ci 1208c2ecf20Sopenharmony_ci tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]); 1218c2ecf20Sopenharmony_ci cipsov4 = cipso_v4_doi_getdef(tmp_val); 1228c2ecf20Sopenharmony_ci if (cipsov4 == NULL) 1238c2ecf20Sopenharmony_ci goto add_free_domain; 1248c2ecf20Sopenharmony_ci entry->family = AF_INET; 1258c2ecf20Sopenharmony_ci entry->def.cipso = cipsov4; 1268c2ecf20Sopenharmony_ci break; 1278c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 1288c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CALIPSO: 1298c2ecf20Sopenharmony_ci if (!info->attrs[NLBL_MGMT_A_CLPDOI]) 1308c2ecf20Sopenharmony_ci goto add_free_domain; 1318c2ecf20Sopenharmony_ci 1328c2ecf20Sopenharmony_ci tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CLPDOI]); 1338c2ecf20Sopenharmony_ci calipso = calipso_doi_getdef(tmp_val); 1348c2ecf20Sopenharmony_ci if (calipso == NULL) 1358c2ecf20Sopenharmony_ci goto add_free_domain; 1368c2ecf20Sopenharmony_ci entry->family = AF_INET6; 1378c2ecf20Sopenharmony_ci entry->def.calipso = calipso; 1388c2ecf20Sopenharmony_ci break; 1398c2ecf20Sopenharmony_ci#endif /* IPv6 */ 1408c2ecf20Sopenharmony_ci default: 1418c2ecf20Sopenharmony_ci goto add_free_domain; 1428c2ecf20Sopenharmony_ci } 1438c2ecf20Sopenharmony_ci 1448c2ecf20Sopenharmony_ci if ((entry->family == AF_INET && info->attrs[NLBL_MGMT_A_IPV6ADDR]) || 1458c2ecf20Sopenharmony_ci (entry->family == AF_INET6 && info->attrs[NLBL_MGMT_A_IPV4ADDR])) 1468c2ecf20Sopenharmony_ci goto add_doi_put_def; 1478c2ecf20Sopenharmony_ci 1488c2ecf20Sopenharmony_ci if (info->attrs[NLBL_MGMT_A_IPV4ADDR]) { 1498c2ecf20Sopenharmony_ci struct in_addr *addr; 1508c2ecf20Sopenharmony_ci struct in_addr *mask; 1518c2ecf20Sopenharmony_ci struct netlbl_domaddr4_map *map; 1528c2ecf20Sopenharmony_ci 1538c2ecf20Sopenharmony_ci addrmap = kzalloc(sizeof(*addrmap), GFP_KERNEL); 1548c2ecf20Sopenharmony_ci if (addrmap == NULL) { 1558c2ecf20Sopenharmony_ci ret_val = -ENOMEM; 1568c2ecf20Sopenharmony_ci goto add_doi_put_def; 1578c2ecf20Sopenharmony_ci } 1588c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&addrmap->list4); 1598c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&addrmap->list6); 1608c2ecf20Sopenharmony_ci 1618c2ecf20Sopenharmony_ci if (nla_len(info->attrs[NLBL_MGMT_A_IPV4ADDR]) != 1628c2ecf20Sopenharmony_ci sizeof(struct in_addr)) { 1638c2ecf20Sopenharmony_ci ret_val = -EINVAL; 1648c2ecf20Sopenharmony_ci goto add_free_addrmap; 1658c2ecf20Sopenharmony_ci } 1668c2ecf20Sopenharmony_ci if (nla_len(info->attrs[NLBL_MGMT_A_IPV4MASK]) != 1678c2ecf20Sopenharmony_ci sizeof(struct in_addr)) { 1688c2ecf20Sopenharmony_ci ret_val = -EINVAL; 1698c2ecf20Sopenharmony_ci goto add_free_addrmap; 1708c2ecf20Sopenharmony_ci } 1718c2ecf20Sopenharmony_ci addr = nla_data(info->attrs[NLBL_MGMT_A_IPV4ADDR]); 1728c2ecf20Sopenharmony_ci mask = nla_data(info->attrs[NLBL_MGMT_A_IPV4MASK]); 1738c2ecf20Sopenharmony_ci 1748c2ecf20Sopenharmony_ci map = kzalloc(sizeof(*map), GFP_KERNEL); 1758c2ecf20Sopenharmony_ci if (map == NULL) { 1768c2ecf20Sopenharmony_ci ret_val = -ENOMEM; 1778c2ecf20Sopenharmony_ci goto add_free_addrmap; 1788c2ecf20Sopenharmony_ci } 1798c2ecf20Sopenharmony_ci pmap = map; 1808c2ecf20Sopenharmony_ci map->list.addr = addr->s_addr & mask->s_addr; 1818c2ecf20Sopenharmony_ci map->list.mask = mask->s_addr; 1828c2ecf20Sopenharmony_ci map->list.valid = 1; 1838c2ecf20Sopenharmony_ci map->def.type = entry->def.type; 1848c2ecf20Sopenharmony_ci if (cipsov4) 1858c2ecf20Sopenharmony_ci map->def.cipso = cipsov4; 1868c2ecf20Sopenharmony_ci 1878c2ecf20Sopenharmony_ci ret_val = netlbl_af4list_add(&map->list, &addrmap->list4); 1888c2ecf20Sopenharmony_ci if (ret_val != 0) 1898c2ecf20Sopenharmony_ci goto add_free_map; 1908c2ecf20Sopenharmony_ci 1918c2ecf20Sopenharmony_ci entry->family = AF_INET; 1928c2ecf20Sopenharmony_ci entry->def.type = NETLBL_NLTYPE_ADDRSELECT; 1938c2ecf20Sopenharmony_ci entry->def.addrsel = addrmap; 1948c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 1958c2ecf20Sopenharmony_ci } else if (info->attrs[NLBL_MGMT_A_IPV6ADDR]) { 1968c2ecf20Sopenharmony_ci struct in6_addr *addr; 1978c2ecf20Sopenharmony_ci struct in6_addr *mask; 1988c2ecf20Sopenharmony_ci struct netlbl_domaddr6_map *map; 1998c2ecf20Sopenharmony_ci 2008c2ecf20Sopenharmony_ci addrmap = kzalloc(sizeof(*addrmap), GFP_KERNEL); 2018c2ecf20Sopenharmony_ci if (addrmap == NULL) { 2028c2ecf20Sopenharmony_ci ret_val = -ENOMEM; 2038c2ecf20Sopenharmony_ci goto add_doi_put_def; 2048c2ecf20Sopenharmony_ci } 2058c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&addrmap->list4); 2068c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&addrmap->list6); 2078c2ecf20Sopenharmony_ci 2088c2ecf20Sopenharmony_ci if (nla_len(info->attrs[NLBL_MGMT_A_IPV6ADDR]) != 2098c2ecf20Sopenharmony_ci sizeof(struct in6_addr)) { 2108c2ecf20Sopenharmony_ci ret_val = -EINVAL; 2118c2ecf20Sopenharmony_ci goto add_free_addrmap; 2128c2ecf20Sopenharmony_ci } 2138c2ecf20Sopenharmony_ci if (nla_len(info->attrs[NLBL_MGMT_A_IPV6MASK]) != 2148c2ecf20Sopenharmony_ci sizeof(struct in6_addr)) { 2158c2ecf20Sopenharmony_ci ret_val = -EINVAL; 2168c2ecf20Sopenharmony_ci goto add_free_addrmap; 2178c2ecf20Sopenharmony_ci } 2188c2ecf20Sopenharmony_ci addr = nla_data(info->attrs[NLBL_MGMT_A_IPV6ADDR]); 2198c2ecf20Sopenharmony_ci mask = nla_data(info->attrs[NLBL_MGMT_A_IPV6MASK]); 2208c2ecf20Sopenharmony_ci 2218c2ecf20Sopenharmony_ci map = kzalloc(sizeof(*map), GFP_KERNEL); 2228c2ecf20Sopenharmony_ci if (map == NULL) { 2238c2ecf20Sopenharmony_ci ret_val = -ENOMEM; 2248c2ecf20Sopenharmony_ci goto add_free_addrmap; 2258c2ecf20Sopenharmony_ci } 2268c2ecf20Sopenharmony_ci pmap = map; 2278c2ecf20Sopenharmony_ci map->list.addr = *addr; 2288c2ecf20Sopenharmony_ci map->list.addr.s6_addr32[0] &= mask->s6_addr32[0]; 2298c2ecf20Sopenharmony_ci map->list.addr.s6_addr32[1] &= mask->s6_addr32[1]; 2308c2ecf20Sopenharmony_ci map->list.addr.s6_addr32[2] &= mask->s6_addr32[2]; 2318c2ecf20Sopenharmony_ci map->list.addr.s6_addr32[3] &= mask->s6_addr32[3]; 2328c2ecf20Sopenharmony_ci map->list.mask = *mask; 2338c2ecf20Sopenharmony_ci map->list.valid = 1; 2348c2ecf20Sopenharmony_ci map->def.type = entry->def.type; 2358c2ecf20Sopenharmony_ci if (calipso) 2368c2ecf20Sopenharmony_ci map->def.calipso = calipso; 2378c2ecf20Sopenharmony_ci 2388c2ecf20Sopenharmony_ci ret_val = netlbl_af6list_add(&map->list, &addrmap->list6); 2398c2ecf20Sopenharmony_ci if (ret_val != 0) 2408c2ecf20Sopenharmony_ci goto add_free_map; 2418c2ecf20Sopenharmony_ci 2428c2ecf20Sopenharmony_ci entry->family = AF_INET6; 2438c2ecf20Sopenharmony_ci entry->def.type = NETLBL_NLTYPE_ADDRSELECT; 2448c2ecf20Sopenharmony_ci entry->def.addrsel = addrmap; 2458c2ecf20Sopenharmony_ci#endif /* IPv6 */ 2468c2ecf20Sopenharmony_ci } 2478c2ecf20Sopenharmony_ci 2488c2ecf20Sopenharmony_ci ret_val = netlbl_domhsh_add(entry, audit_info); 2498c2ecf20Sopenharmony_ci if (ret_val != 0) 2508c2ecf20Sopenharmony_ci goto add_free_map; 2518c2ecf20Sopenharmony_ci 2528c2ecf20Sopenharmony_ci return 0; 2538c2ecf20Sopenharmony_ci 2548c2ecf20Sopenharmony_ciadd_free_map: 2558c2ecf20Sopenharmony_ci kfree(pmap); 2568c2ecf20Sopenharmony_ciadd_free_addrmap: 2578c2ecf20Sopenharmony_ci kfree(addrmap); 2588c2ecf20Sopenharmony_ciadd_doi_put_def: 2598c2ecf20Sopenharmony_ci cipso_v4_doi_putdef(cipsov4); 2608c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 2618c2ecf20Sopenharmony_ci calipso_doi_putdef(calipso); 2628c2ecf20Sopenharmony_ci#endif 2638c2ecf20Sopenharmony_ciadd_free_domain: 2648c2ecf20Sopenharmony_ci kfree(entry->domain); 2658c2ecf20Sopenharmony_ciadd_free_entry: 2668c2ecf20Sopenharmony_ci kfree(entry); 2678c2ecf20Sopenharmony_ci return ret_val; 2688c2ecf20Sopenharmony_ci} 2698c2ecf20Sopenharmony_ci 2708c2ecf20Sopenharmony_ci/** 2718c2ecf20Sopenharmony_ci * netlbl_mgmt_listentry - List a NetLabel/LSM domain map entry 2728c2ecf20Sopenharmony_ci * @skb: the NETLINK buffer 2738c2ecf20Sopenharmony_ci * @entry: the map entry 2748c2ecf20Sopenharmony_ci * 2758c2ecf20Sopenharmony_ci * Description: 2768c2ecf20Sopenharmony_ci * This function is a helper function used by the LISTALL and LISTDEF command 2778c2ecf20Sopenharmony_ci * handlers. The caller is responsible for ensuring that the RCU read lock 2788c2ecf20Sopenharmony_ci * is held. Returns zero on success, negative values on failure. 2798c2ecf20Sopenharmony_ci * 2808c2ecf20Sopenharmony_ci */ 2818c2ecf20Sopenharmony_cistatic int netlbl_mgmt_listentry(struct sk_buff *skb, 2828c2ecf20Sopenharmony_ci struct netlbl_dom_map *entry) 2838c2ecf20Sopenharmony_ci{ 2848c2ecf20Sopenharmony_ci int ret_val = 0; 2858c2ecf20Sopenharmony_ci struct nlattr *nla_a; 2868c2ecf20Sopenharmony_ci struct nlattr *nla_b; 2878c2ecf20Sopenharmony_ci struct netlbl_af4list *iter4; 2888c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 2898c2ecf20Sopenharmony_ci struct netlbl_af6list *iter6; 2908c2ecf20Sopenharmony_ci#endif 2918c2ecf20Sopenharmony_ci 2928c2ecf20Sopenharmony_ci if (entry->domain != NULL) { 2938c2ecf20Sopenharmony_ci ret_val = nla_put_string(skb, 2948c2ecf20Sopenharmony_ci NLBL_MGMT_A_DOMAIN, entry->domain); 2958c2ecf20Sopenharmony_ci if (ret_val != 0) 2968c2ecf20Sopenharmony_ci return ret_val; 2978c2ecf20Sopenharmony_ci } 2988c2ecf20Sopenharmony_ci 2998c2ecf20Sopenharmony_ci ret_val = nla_put_u16(skb, NLBL_MGMT_A_FAMILY, entry->family); 3008c2ecf20Sopenharmony_ci if (ret_val != 0) 3018c2ecf20Sopenharmony_ci return ret_val; 3028c2ecf20Sopenharmony_ci 3038c2ecf20Sopenharmony_ci switch (entry->def.type) { 3048c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_ADDRSELECT: 3058c2ecf20Sopenharmony_ci nla_a = nla_nest_start_noflag(skb, NLBL_MGMT_A_SELECTORLIST); 3068c2ecf20Sopenharmony_ci if (nla_a == NULL) 3078c2ecf20Sopenharmony_ci return -ENOMEM; 3088c2ecf20Sopenharmony_ci 3098c2ecf20Sopenharmony_ci netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4) { 3108c2ecf20Sopenharmony_ci struct netlbl_domaddr4_map *map4; 3118c2ecf20Sopenharmony_ci struct in_addr addr_struct; 3128c2ecf20Sopenharmony_ci 3138c2ecf20Sopenharmony_ci nla_b = nla_nest_start_noflag(skb, 3148c2ecf20Sopenharmony_ci NLBL_MGMT_A_ADDRSELECTOR); 3158c2ecf20Sopenharmony_ci if (nla_b == NULL) 3168c2ecf20Sopenharmony_ci return -ENOMEM; 3178c2ecf20Sopenharmony_ci 3188c2ecf20Sopenharmony_ci addr_struct.s_addr = iter4->addr; 3198c2ecf20Sopenharmony_ci ret_val = nla_put_in_addr(skb, NLBL_MGMT_A_IPV4ADDR, 3208c2ecf20Sopenharmony_ci addr_struct.s_addr); 3218c2ecf20Sopenharmony_ci if (ret_val != 0) 3228c2ecf20Sopenharmony_ci return ret_val; 3238c2ecf20Sopenharmony_ci addr_struct.s_addr = iter4->mask; 3248c2ecf20Sopenharmony_ci ret_val = nla_put_in_addr(skb, NLBL_MGMT_A_IPV4MASK, 3258c2ecf20Sopenharmony_ci addr_struct.s_addr); 3268c2ecf20Sopenharmony_ci if (ret_val != 0) 3278c2ecf20Sopenharmony_ci return ret_val; 3288c2ecf20Sopenharmony_ci map4 = netlbl_domhsh_addr4_entry(iter4); 3298c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, 3308c2ecf20Sopenharmony_ci map4->def.type); 3318c2ecf20Sopenharmony_ci if (ret_val != 0) 3328c2ecf20Sopenharmony_ci return ret_val; 3338c2ecf20Sopenharmony_ci switch (map4->def.type) { 3348c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CIPSOV4: 3358c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI, 3368c2ecf20Sopenharmony_ci map4->def.cipso->doi); 3378c2ecf20Sopenharmony_ci if (ret_val != 0) 3388c2ecf20Sopenharmony_ci return ret_val; 3398c2ecf20Sopenharmony_ci break; 3408c2ecf20Sopenharmony_ci } 3418c2ecf20Sopenharmony_ci 3428c2ecf20Sopenharmony_ci nla_nest_end(skb, nla_b); 3438c2ecf20Sopenharmony_ci } 3448c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 3458c2ecf20Sopenharmony_ci netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6) { 3468c2ecf20Sopenharmony_ci struct netlbl_domaddr6_map *map6; 3478c2ecf20Sopenharmony_ci 3488c2ecf20Sopenharmony_ci nla_b = nla_nest_start_noflag(skb, 3498c2ecf20Sopenharmony_ci NLBL_MGMT_A_ADDRSELECTOR); 3508c2ecf20Sopenharmony_ci if (nla_b == NULL) 3518c2ecf20Sopenharmony_ci return -ENOMEM; 3528c2ecf20Sopenharmony_ci 3538c2ecf20Sopenharmony_ci ret_val = nla_put_in6_addr(skb, NLBL_MGMT_A_IPV6ADDR, 3548c2ecf20Sopenharmony_ci &iter6->addr); 3558c2ecf20Sopenharmony_ci if (ret_val != 0) 3568c2ecf20Sopenharmony_ci return ret_val; 3578c2ecf20Sopenharmony_ci ret_val = nla_put_in6_addr(skb, NLBL_MGMT_A_IPV6MASK, 3588c2ecf20Sopenharmony_ci &iter6->mask); 3598c2ecf20Sopenharmony_ci if (ret_val != 0) 3608c2ecf20Sopenharmony_ci return ret_val; 3618c2ecf20Sopenharmony_ci map6 = netlbl_domhsh_addr6_entry(iter6); 3628c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, 3638c2ecf20Sopenharmony_ci map6->def.type); 3648c2ecf20Sopenharmony_ci if (ret_val != 0) 3658c2ecf20Sopenharmony_ci return ret_val; 3668c2ecf20Sopenharmony_ci 3678c2ecf20Sopenharmony_ci switch (map6->def.type) { 3688c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CALIPSO: 3698c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_CLPDOI, 3708c2ecf20Sopenharmony_ci map6->def.calipso->doi); 3718c2ecf20Sopenharmony_ci if (ret_val != 0) 3728c2ecf20Sopenharmony_ci return ret_val; 3738c2ecf20Sopenharmony_ci break; 3748c2ecf20Sopenharmony_ci } 3758c2ecf20Sopenharmony_ci 3768c2ecf20Sopenharmony_ci nla_nest_end(skb, nla_b); 3778c2ecf20Sopenharmony_ci } 3788c2ecf20Sopenharmony_ci#endif /* IPv6 */ 3798c2ecf20Sopenharmony_ci 3808c2ecf20Sopenharmony_ci nla_nest_end(skb, nla_a); 3818c2ecf20Sopenharmony_ci break; 3828c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_UNLABELED: 3838c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, 3848c2ecf20Sopenharmony_ci entry->def.type); 3858c2ecf20Sopenharmony_ci break; 3868c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CIPSOV4: 3878c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, 3888c2ecf20Sopenharmony_ci entry->def.type); 3898c2ecf20Sopenharmony_ci if (ret_val != 0) 3908c2ecf20Sopenharmony_ci return ret_val; 3918c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI, 3928c2ecf20Sopenharmony_ci entry->def.cipso->doi); 3938c2ecf20Sopenharmony_ci break; 3948c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CALIPSO: 3958c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, 3968c2ecf20Sopenharmony_ci entry->def.type); 3978c2ecf20Sopenharmony_ci if (ret_val != 0) 3988c2ecf20Sopenharmony_ci return ret_val; 3998c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_CLPDOI, 4008c2ecf20Sopenharmony_ci entry->def.calipso->doi); 4018c2ecf20Sopenharmony_ci break; 4028c2ecf20Sopenharmony_ci } 4038c2ecf20Sopenharmony_ci 4048c2ecf20Sopenharmony_ci return ret_val; 4058c2ecf20Sopenharmony_ci} 4068c2ecf20Sopenharmony_ci 4078c2ecf20Sopenharmony_ci/* 4088c2ecf20Sopenharmony_ci * NetLabel Command Handlers 4098c2ecf20Sopenharmony_ci */ 4108c2ecf20Sopenharmony_ci 4118c2ecf20Sopenharmony_ci/** 4128c2ecf20Sopenharmony_ci * netlbl_mgmt_add - Handle an ADD message 4138c2ecf20Sopenharmony_ci * @skb: the NETLINK buffer 4148c2ecf20Sopenharmony_ci * @info: the Generic NETLINK info block 4158c2ecf20Sopenharmony_ci * 4168c2ecf20Sopenharmony_ci * Description: 4178c2ecf20Sopenharmony_ci * Process a user generated ADD message and add the domains from the message 4188c2ecf20Sopenharmony_ci * to the hash table. See netlabel.h for a description of the message format. 4198c2ecf20Sopenharmony_ci * Returns zero on success, negative values on failure. 4208c2ecf20Sopenharmony_ci * 4218c2ecf20Sopenharmony_ci */ 4228c2ecf20Sopenharmony_cistatic int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info) 4238c2ecf20Sopenharmony_ci{ 4248c2ecf20Sopenharmony_ci struct netlbl_audit audit_info; 4258c2ecf20Sopenharmony_ci 4268c2ecf20Sopenharmony_ci if ((!info->attrs[NLBL_MGMT_A_DOMAIN]) || 4278c2ecf20Sopenharmony_ci (!info->attrs[NLBL_MGMT_A_PROTOCOL]) || 4288c2ecf20Sopenharmony_ci (info->attrs[NLBL_MGMT_A_IPV4ADDR] && 4298c2ecf20Sopenharmony_ci info->attrs[NLBL_MGMT_A_IPV6ADDR]) || 4308c2ecf20Sopenharmony_ci (info->attrs[NLBL_MGMT_A_IPV4MASK] && 4318c2ecf20Sopenharmony_ci info->attrs[NLBL_MGMT_A_IPV6MASK]) || 4328c2ecf20Sopenharmony_ci ((info->attrs[NLBL_MGMT_A_IPV4ADDR] != NULL) ^ 4338c2ecf20Sopenharmony_ci (info->attrs[NLBL_MGMT_A_IPV4MASK] != NULL)) || 4348c2ecf20Sopenharmony_ci ((info->attrs[NLBL_MGMT_A_IPV6ADDR] != NULL) ^ 4358c2ecf20Sopenharmony_ci (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL))) 4368c2ecf20Sopenharmony_ci return -EINVAL; 4378c2ecf20Sopenharmony_ci 4388c2ecf20Sopenharmony_ci netlbl_netlink_auditinfo(&audit_info); 4398c2ecf20Sopenharmony_ci 4408c2ecf20Sopenharmony_ci return netlbl_mgmt_add_common(info, &audit_info); 4418c2ecf20Sopenharmony_ci} 4428c2ecf20Sopenharmony_ci 4438c2ecf20Sopenharmony_ci/** 4448c2ecf20Sopenharmony_ci * netlbl_mgmt_remove - Handle a REMOVE message 4458c2ecf20Sopenharmony_ci * @skb: the NETLINK buffer 4468c2ecf20Sopenharmony_ci * @info: the Generic NETLINK info block 4478c2ecf20Sopenharmony_ci * 4488c2ecf20Sopenharmony_ci * Description: 4498c2ecf20Sopenharmony_ci * Process a user generated REMOVE message and remove the specified domain 4508c2ecf20Sopenharmony_ci * mappings. Returns zero on success, negative values on failure. 4518c2ecf20Sopenharmony_ci * 4528c2ecf20Sopenharmony_ci */ 4538c2ecf20Sopenharmony_cistatic int netlbl_mgmt_remove(struct sk_buff *skb, struct genl_info *info) 4548c2ecf20Sopenharmony_ci{ 4558c2ecf20Sopenharmony_ci char *domain; 4568c2ecf20Sopenharmony_ci struct netlbl_audit audit_info; 4578c2ecf20Sopenharmony_ci 4588c2ecf20Sopenharmony_ci if (!info->attrs[NLBL_MGMT_A_DOMAIN]) 4598c2ecf20Sopenharmony_ci return -EINVAL; 4608c2ecf20Sopenharmony_ci 4618c2ecf20Sopenharmony_ci netlbl_netlink_auditinfo(&audit_info); 4628c2ecf20Sopenharmony_ci 4638c2ecf20Sopenharmony_ci domain = nla_data(info->attrs[NLBL_MGMT_A_DOMAIN]); 4648c2ecf20Sopenharmony_ci return netlbl_domhsh_remove(domain, AF_UNSPEC, &audit_info); 4658c2ecf20Sopenharmony_ci} 4668c2ecf20Sopenharmony_ci 4678c2ecf20Sopenharmony_ci/** 4688c2ecf20Sopenharmony_ci * netlbl_mgmt_listall_cb - netlbl_domhsh_walk() callback for LISTALL 4698c2ecf20Sopenharmony_ci * @entry: the domain mapping hash table entry 4708c2ecf20Sopenharmony_ci * @arg: the netlbl_domhsh_walk_arg structure 4718c2ecf20Sopenharmony_ci * 4728c2ecf20Sopenharmony_ci * Description: 4738c2ecf20Sopenharmony_ci * This function is designed to be used as a callback to the 4748c2ecf20Sopenharmony_ci * netlbl_domhsh_walk() function for use in generating a response for a LISTALL 4758c2ecf20Sopenharmony_ci * message. Returns the size of the message on success, negative values on 4768c2ecf20Sopenharmony_ci * failure. 4778c2ecf20Sopenharmony_ci * 4788c2ecf20Sopenharmony_ci */ 4798c2ecf20Sopenharmony_cistatic int netlbl_mgmt_listall_cb(struct netlbl_dom_map *entry, void *arg) 4808c2ecf20Sopenharmony_ci{ 4818c2ecf20Sopenharmony_ci int ret_val = -ENOMEM; 4828c2ecf20Sopenharmony_ci struct netlbl_domhsh_walk_arg *cb_arg = arg; 4838c2ecf20Sopenharmony_ci void *data; 4848c2ecf20Sopenharmony_ci 4858c2ecf20Sopenharmony_ci data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, 4868c2ecf20Sopenharmony_ci cb_arg->seq, &netlbl_mgmt_gnl_family, 4878c2ecf20Sopenharmony_ci NLM_F_MULTI, NLBL_MGMT_C_LISTALL); 4888c2ecf20Sopenharmony_ci if (data == NULL) 4898c2ecf20Sopenharmony_ci goto listall_cb_failure; 4908c2ecf20Sopenharmony_ci 4918c2ecf20Sopenharmony_ci ret_val = netlbl_mgmt_listentry(cb_arg->skb, entry); 4928c2ecf20Sopenharmony_ci if (ret_val != 0) 4938c2ecf20Sopenharmony_ci goto listall_cb_failure; 4948c2ecf20Sopenharmony_ci 4958c2ecf20Sopenharmony_ci cb_arg->seq++; 4968c2ecf20Sopenharmony_ci genlmsg_end(cb_arg->skb, data); 4978c2ecf20Sopenharmony_ci return 0; 4988c2ecf20Sopenharmony_ci 4998c2ecf20Sopenharmony_cilistall_cb_failure: 5008c2ecf20Sopenharmony_ci genlmsg_cancel(cb_arg->skb, data); 5018c2ecf20Sopenharmony_ci return ret_val; 5028c2ecf20Sopenharmony_ci} 5038c2ecf20Sopenharmony_ci 5048c2ecf20Sopenharmony_ci/** 5058c2ecf20Sopenharmony_ci * netlbl_mgmt_listall - Handle a LISTALL message 5068c2ecf20Sopenharmony_ci * @skb: the NETLINK buffer 5078c2ecf20Sopenharmony_ci * @cb: the NETLINK callback 5088c2ecf20Sopenharmony_ci * 5098c2ecf20Sopenharmony_ci * Description: 5108c2ecf20Sopenharmony_ci * Process a user generated LISTALL message and dumps the domain hash table in 5118c2ecf20Sopenharmony_ci * a form suitable for use in a kernel generated LISTALL message. Returns zero 5128c2ecf20Sopenharmony_ci * on success, negative values on failure. 5138c2ecf20Sopenharmony_ci * 5148c2ecf20Sopenharmony_ci */ 5158c2ecf20Sopenharmony_cistatic int netlbl_mgmt_listall(struct sk_buff *skb, 5168c2ecf20Sopenharmony_ci struct netlink_callback *cb) 5178c2ecf20Sopenharmony_ci{ 5188c2ecf20Sopenharmony_ci struct netlbl_domhsh_walk_arg cb_arg; 5198c2ecf20Sopenharmony_ci u32 skip_bkt = cb->args[0]; 5208c2ecf20Sopenharmony_ci u32 skip_chain = cb->args[1]; 5218c2ecf20Sopenharmony_ci 5228c2ecf20Sopenharmony_ci cb_arg.nl_cb = cb; 5238c2ecf20Sopenharmony_ci cb_arg.skb = skb; 5248c2ecf20Sopenharmony_ci cb_arg.seq = cb->nlh->nlmsg_seq; 5258c2ecf20Sopenharmony_ci 5268c2ecf20Sopenharmony_ci netlbl_domhsh_walk(&skip_bkt, 5278c2ecf20Sopenharmony_ci &skip_chain, 5288c2ecf20Sopenharmony_ci netlbl_mgmt_listall_cb, 5298c2ecf20Sopenharmony_ci &cb_arg); 5308c2ecf20Sopenharmony_ci 5318c2ecf20Sopenharmony_ci cb->args[0] = skip_bkt; 5328c2ecf20Sopenharmony_ci cb->args[1] = skip_chain; 5338c2ecf20Sopenharmony_ci return skb->len; 5348c2ecf20Sopenharmony_ci} 5358c2ecf20Sopenharmony_ci 5368c2ecf20Sopenharmony_ci/** 5378c2ecf20Sopenharmony_ci * netlbl_mgmt_adddef - Handle an ADDDEF message 5388c2ecf20Sopenharmony_ci * @skb: the NETLINK buffer 5398c2ecf20Sopenharmony_ci * @info: the Generic NETLINK info block 5408c2ecf20Sopenharmony_ci * 5418c2ecf20Sopenharmony_ci * Description: 5428c2ecf20Sopenharmony_ci * Process a user generated ADDDEF message and respond accordingly. Returns 5438c2ecf20Sopenharmony_ci * zero on success, negative values on failure. 5448c2ecf20Sopenharmony_ci * 5458c2ecf20Sopenharmony_ci */ 5468c2ecf20Sopenharmony_cistatic int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info) 5478c2ecf20Sopenharmony_ci{ 5488c2ecf20Sopenharmony_ci struct netlbl_audit audit_info; 5498c2ecf20Sopenharmony_ci 5508c2ecf20Sopenharmony_ci if ((!info->attrs[NLBL_MGMT_A_PROTOCOL]) || 5518c2ecf20Sopenharmony_ci (info->attrs[NLBL_MGMT_A_IPV4ADDR] && 5528c2ecf20Sopenharmony_ci info->attrs[NLBL_MGMT_A_IPV6ADDR]) || 5538c2ecf20Sopenharmony_ci (info->attrs[NLBL_MGMT_A_IPV4MASK] && 5548c2ecf20Sopenharmony_ci info->attrs[NLBL_MGMT_A_IPV6MASK]) || 5558c2ecf20Sopenharmony_ci ((info->attrs[NLBL_MGMT_A_IPV4ADDR] != NULL) ^ 5568c2ecf20Sopenharmony_ci (info->attrs[NLBL_MGMT_A_IPV4MASK] != NULL)) || 5578c2ecf20Sopenharmony_ci ((info->attrs[NLBL_MGMT_A_IPV6ADDR] != NULL) ^ 5588c2ecf20Sopenharmony_ci (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL))) 5598c2ecf20Sopenharmony_ci return -EINVAL; 5608c2ecf20Sopenharmony_ci 5618c2ecf20Sopenharmony_ci netlbl_netlink_auditinfo(&audit_info); 5628c2ecf20Sopenharmony_ci 5638c2ecf20Sopenharmony_ci return netlbl_mgmt_add_common(info, &audit_info); 5648c2ecf20Sopenharmony_ci} 5658c2ecf20Sopenharmony_ci 5668c2ecf20Sopenharmony_ci/** 5678c2ecf20Sopenharmony_ci * netlbl_mgmt_removedef - Handle a REMOVEDEF message 5688c2ecf20Sopenharmony_ci * @skb: the NETLINK buffer 5698c2ecf20Sopenharmony_ci * @info: the Generic NETLINK info block 5708c2ecf20Sopenharmony_ci * 5718c2ecf20Sopenharmony_ci * Description: 5728c2ecf20Sopenharmony_ci * Process a user generated REMOVEDEF message and remove the default domain 5738c2ecf20Sopenharmony_ci * mapping. Returns zero on success, negative values on failure. 5748c2ecf20Sopenharmony_ci * 5758c2ecf20Sopenharmony_ci */ 5768c2ecf20Sopenharmony_cistatic int netlbl_mgmt_removedef(struct sk_buff *skb, struct genl_info *info) 5778c2ecf20Sopenharmony_ci{ 5788c2ecf20Sopenharmony_ci struct netlbl_audit audit_info; 5798c2ecf20Sopenharmony_ci 5808c2ecf20Sopenharmony_ci netlbl_netlink_auditinfo(&audit_info); 5818c2ecf20Sopenharmony_ci 5828c2ecf20Sopenharmony_ci return netlbl_domhsh_remove_default(AF_UNSPEC, &audit_info); 5838c2ecf20Sopenharmony_ci} 5848c2ecf20Sopenharmony_ci 5858c2ecf20Sopenharmony_ci/** 5868c2ecf20Sopenharmony_ci * netlbl_mgmt_listdef - Handle a LISTDEF message 5878c2ecf20Sopenharmony_ci * @skb: the NETLINK buffer 5888c2ecf20Sopenharmony_ci * @info: the Generic NETLINK info block 5898c2ecf20Sopenharmony_ci * 5908c2ecf20Sopenharmony_ci * Description: 5918c2ecf20Sopenharmony_ci * Process a user generated LISTDEF message and dumps the default domain 5928c2ecf20Sopenharmony_ci * mapping in a form suitable for use in a kernel generated LISTDEF message. 5938c2ecf20Sopenharmony_ci * Returns zero on success, negative values on failure. 5948c2ecf20Sopenharmony_ci * 5958c2ecf20Sopenharmony_ci */ 5968c2ecf20Sopenharmony_cistatic int netlbl_mgmt_listdef(struct sk_buff *skb, struct genl_info *info) 5978c2ecf20Sopenharmony_ci{ 5988c2ecf20Sopenharmony_ci int ret_val = -ENOMEM; 5998c2ecf20Sopenharmony_ci struct sk_buff *ans_skb = NULL; 6008c2ecf20Sopenharmony_ci void *data; 6018c2ecf20Sopenharmony_ci struct netlbl_dom_map *entry; 6028c2ecf20Sopenharmony_ci u16 family; 6038c2ecf20Sopenharmony_ci 6048c2ecf20Sopenharmony_ci if (info->attrs[NLBL_MGMT_A_FAMILY]) 6058c2ecf20Sopenharmony_ci family = nla_get_u16(info->attrs[NLBL_MGMT_A_FAMILY]); 6068c2ecf20Sopenharmony_ci else 6078c2ecf20Sopenharmony_ci family = AF_INET; 6088c2ecf20Sopenharmony_ci 6098c2ecf20Sopenharmony_ci ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6108c2ecf20Sopenharmony_ci if (ans_skb == NULL) 6118c2ecf20Sopenharmony_ci return -ENOMEM; 6128c2ecf20Sopenharmony_ci data = genlmsg_put_reply(ans_skb, info, &netlbl_mgmt_gnl_family, 6138c2ecf20Sopenharmony_ci 0, NLBL_MGMT_C_LISTDEF); 6148c2ecf20Sopenharmony_ci if (data == NULL) 6158c2ecf20Sopenharmony_ci goto listdef_failure; 6168c2ecf20Sopenharmony_ci 6178c2ecf20Sopenharmony_ci rcu_read_lock(); 6188c2ecf20Sopenharmony_ci entry = netlbl_domhsh_getentry(NULL, family); 6198c2ecf20Sopenharmony_ci if (entry == NULL) { 6208c2ecf20Sopenharmony_ci ret_val = -ENOENT; 6218c2ecf20Sopenharmony_ci goto listdef_failure_lock; 6228c2ecf20Sopenharmony_ci } 6238c2ecf20Sopenharmony_ci ret_val = netlbl_mgmt_listentry(ans_skb, entry); 6248c2ecf20Sopenharmony_ci rcu_read_unlock(); 6258c2ecf20Sopenharmony_ci if (ret_val != 0) 6268c2ecf20Sopenharmony_ci goto listdef_failure; 6278c2ecf20Sopenharmony_ci 6288c2ecf20Sopenharmony_ci genlmsg_end(ans_skb, data); 6298c2ecf20Sopenharmony_ci return genlmsg_reply(ans_skb, info); 6308c2ecf20Sopenharmony_ci 6318c2ecf20Sopenharmony_cilistdef_failure_lock: 6328c2ecf20Sopenharmony_ci rcu_read_unlock(); 6338c2ecf20Sopenharmony_cilistdef_failure: 6348c2ecf20Sopenharmony_ci kfree_skb(ans_skb); 6358c2ecf20Sopenharmony_ci return ret_val; 6368c2ecf20Sopenharmony_ci} 6378c2ecf20Sopenharmony_ci 6388c2ecf20Sopenharmony_ci/** 6398c2ecf20Sopenharmony_ci * netlbl_mgmt_protocols_cb - Write an individual PROTOCOL message response 6408c2ecf20Sopenharmony_ci * @skb: the skb to write to 6418c2ecf20Sopenharmony_ci * @cb: the NETLINK callback 6428c2ecf20Sopenharmony_ci * @protocol: the NetLabel protocol to use in the message 6438c2ecf20Sopenharmony_ci * 6448c2ecf20Sopenharmony_ci * Description: 6458c2ecf20Sopenharmony_ci * This function is to be used in conjunction with netlbl_mgmt_protocols() to 6468c2ecf20Sopenharmony_ci * answer a application's PROTOCOLS message. Returns the size of the message 6478c2ecf20Sopenharmony_ci * on success, negative values on failure. 6488c2ecf20Sopenharmony_ci * 6498c2ecf20Sopenharmony_ci */ 6508c2ecf20Sopenharmony_cistatic int netlbl_mgmt_protocols_cb(struct sk_buff *skb, 6518c2ecf20Sopenharmony_ci struct netlink_callback *cb, 6528c2ecf20Sopenharmony_ci u32 protocol) 6538c2ecf20Sopenharmony_ci{ 6548c2ecf20Sopenharmony_ci int ret_val = -ENOMEM; 6558c2ecf20Sopenharmony_ci void *data; 6568c2ecf20Sopenharmony_ci 6578c2ecf20Sopenharmony_ci data = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq, 6588c2ecf20Sopenharmony_ci &netlbl_mgmt_gnl_family, NLM_F_MULTI, 6598c2ecf20Sopenharmony_ci NLBL_MGMT_C_PROTOCOLS); 6608c2ecf20Sopenharmony_ci if (data == NULL) 6618c2ecf20Sopenharmony_ci goto protocols_cb_failure; 6628c2ecf20Sopenharmony_ci 6638c2ecf20Sopenharmony_ci ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, protocol); 6648c2ecf20Sopenharmony_ci if (ret_val != 0) 6658c2ecf20Sopenharmony_ci goto protocols_cb_failure; 6668c2ecf20Sopenharmony_ci 6678c2ecf20Sopenharmony_ci genlmsg_end(skb, data); 6688c2ecf20Sopenharmony_ci return 0; 6698c2ecf20Sopenharmony_ci 6708c2ecf20Sopenharmony_ciprotocols_cb_failure: 6718c2ecf20Sopenharmony_ci genlmsg_cancel(skb, data); 6728c2ecf20Sopenharmony_ci return ret_val; 6738c2ecf20Sopenharmony_ci} 6748c2ecf20Sopenharmony_ci 6758c2ecf20Sopenharmony_ci/** 6768c2ecf20Sopenharmony_ci * netlbl_mgmt_protocols - Handle a PROTOCOLS message 6778c2ecf20Sopenharmony_ci * @skb: the NETLINK buffer 6788c2ecf20Sopenharmony_ci * @cb: the NETLINK callback 6798c2ecf20Sopenharmony_ci * 6808c2ecf20Sopenharmony_ci * Description: 6818c2ecf20Sopenharmony_ci * Process a user generated PROTOCOLS message and respond accordingly. 6828c2ecf20Sopenharmony_ci * 6838c2ecf20Sopenharmony_ci */ 6848c2ecf20Sopenharmony_cistatic int netlbl_mgmt_protocols(struct sk_buff *skb, 6858c2ecf20Sopenharmony_ci struct netlink_callback *cb) 6868c2ecf20Sopenharmony_ci{ 6878c2ecf20Sopenharmony_ci u32 protos_sent = cb->args[0]; 6888c2ecf20Sopenharmony_ci 6898c2ecf20Sopenharmony_ci if (protos_sent == 0) { 6908c2ecf20Sopenharmony_ci if (netlbl_mgmt_protocols_cb(skb, 6918c2ecf20Sopenharmony_ci cb, 6928c2ecf20Sopenharmony_ci NETLBL_NLTYPE_UNLABELED) < 0) 6938c2ecf20Sopenharmony_ci goto protocols_return; 6948c2ecf20Sopenharmony_ci protos_sent++; 6958c2ecf20Sopenharmony_ci } 6968c2ecf20Sopenharmony_ci if (protos_sent == 1) { 6978c2ecf20Sopenharmony_ci if (netlbl_mgmt_protocols_cb(skb, 6988c2ecf20Sopenharmony_ci cb, 6998c2ecf20Sopenharmony_ci NETLBL_NLTYPE_CIPSOV4) < 0) 7008c2ecf20Sopenharmony_ci goto protocols_return; 7018c2ecf20Sopenharmony_ci protos_sent++; 7028c2ecf20Sopenharmony_ci } 7038c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 7048c2ecf20Sopenharmony_ci if (protos_sent == 2) { 7058c2ecf20Sopenharmony_ci if (netlbl_mgmt_protocols_cb(skb, 7068c2ecf20Sopenharmony_ci cb, 7078c2ecf20Sopenharmony_ci NETLBL_NLTYPE_CALIPSO) < 0) 7088c2ecf20Sopenharmony_ci goto protocols_return; 7098c2ecf20Sopenharmony_ci protos_sent++; 7108c2ecf20Sopenharmony_ci } 7118c2ecf20Sopenharmony_ci#endif 7128c2ecf20Sopenharmony_ci 7138c2ecf20Sopenharmony_ciprotocols_return: 7148c2ecf20Sopenharmony_ci cb->args[0] = protos_sent; 7158c2ecf20Sopenharmony_ci return skb->len; 7168c2ecf20Sopenharmony_ci} 7178c2ecf20Sopenharmony_ci 7188c2ecf20Sopenharmony_ci/** 7198c2ecf20Sopenharmony_ci * netlbl_mgmt_version - Handle a VERSION message 7208c2ecf20Sopenharmony_ci * @skb: the NETLINK buffer 7218c2ecf20Sopenharmony_ci * @info: the Generic NETLINK info block 7228c2ecf20Sopenharmony_ci * 7238c2ecf20Sopenharmony_ci * Description: 7248c2ecf20Sopenharmony_ci * Process a user generated VERSION message and respond accordingly. Returns 7258c2ecf20Sopenharmony_ci * zero on success, negative values on failure. 7268c2ecf20Sopenharmony_ci * 7278c2ecf20Sopenharmony_ci */ 7288c2ecf20Sopenharmony_cistatic int netlbl_mgmt_version(struct sk_buff *skb, struct genl_info *info) 7298c2ecf20Sopenharmony_ci{ 7308c2ecf20Sopenharmony_ci int ret_val = -ENOMEM; 7318c2ecf20Sopenharmony_ci struct sk_buff *ans_skb = NULL; 7328c2ecf20Sopenharmony_ci void *data; 7338c2ecf20Sopenharmony_ci 7348c2ecf20Sopenharmony_ci ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7358c2ecf20Sopenharmony_ci if (ans_skb == NULL) 7368c2ecf20Sopenharmony_ci return -ENOMEM; 7378c2ecf20Sopenharmony_ci data = genlmsg_put_reply(ans_skb, info, &netlbl_mgmt_gnl_family, 7388c2ecf20Sopenharmony_ci 0, NLBL_MGMT_C_VERSION); 7398c2ecf20Sopenharmony_ci if (data == NULL) 7408c2ecf20Sopenharmony_ci goto version_failure; 7418c2ecf20Sopenharmony_ci 7428c2ecf20Sopenharmony_ci ret_val = nla_put_u32(ans_skb, 7438c2ecf20Sopenharmony_ci NLBL_MGMT_A_VERSION, 7448c2ecf20Sopenharmony_ci NETLBL_PROTO_VERSION); 7458c2ecf20Sopenharmony_ci if (ret_val != 0) 7468c2ecf20Sopenharmony_ci goto version_failure; 7478c2ecf20Sopenharmony_ci 7488c2ecf20Sopenharmony_ci genlmsg_end(ans_skb, data); 7498c2ecf20Sopenharmony_ci return genlmsg_reply(ans_skb, info); 7508c2ecf20Sopenharmony_ci 7518c2ecf20Sopenharmony_civersion_failure: 7528c2ecf20Sopenharmony_ci kfree_skb(ans_skb); 7538c2ecf20Sopenharmony_ci return ret_val; 7548c2ecf20Sopenharmony_ci} 7558c2ecf20Sopenharmony_ci 7568c2ecf20Sopenharmony_ci 7578c2ecf20Sopenharmony_ci/* 7588c2ecf20Sopenharmony_ci * NetLabel Generic NETLINK Command Definitions 7598c2ecf20Sopenharmony_ci */ 7608c2ecf20Sopenharmony_ci 7618c2ecf20Sopenharmony_cistatic const struct genl_small_ops netlbl_mgmt_genl_ops[] = { 7628c2ecf20Sopenharmony_ci { 7638c2ecf20Sopenharmony_ci .cmd = NLBL_MGMT_C_ADD, 7648c2ecf20Sopenharmony_ci .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 7658c2ecf20Sopenharmony_ci .flags = GENL_ADMIN_PERM, 7668c2ecf20Sopenharmony_ci .doit = netlbl_mgmt_add, 7678c2ecf20Sopenharmony_ci .dumpit = NULL, 7688c2ecf20Sopenharmony_ci }, 7698c2ecf20Sopenharmony_ci { 7708c2ecf20Sopenharmony_ci .cmd = NLBL_MGMT_C_REMOVE, 7718c2ecf20Sopenharmony_ci .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 7728c2ecf20Sopenharmony_ci .flags = GENL_ADMIN_PERM, 7738c2ecf20Sopenharmony_ci .doit = netlbl_mgmt_remove, 7748c2ecf20Sopenharmony_ci .dumpit = NULL, 7758c2ecf20Sopenharmony_ci }, 7768c2ecf20Sopenharmony_ci { 7778c2ecf20Sopenharmony_ci .cmd = NLBL_MGMT_C_LISTALL, 7788c2ecf20Sopenharmony_ci .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 7798c2ecf20Sopenharmony_ci .flags = 0, 7808c2ecf20Sopenharmony_ci .doit = NULL, 7818c2ecf20Sopenharmony_ci .dumpit = netlbl_mgmt_listall, 7828c2ecf20Sopenharmony_ci }, 7838c2ecf20Sopenharmony_ci { 7848c2ecf20Sopenharmony_ci .cmd = NLBL_MGMT_C_ADDDEF, 7858c2ecf20Sopenharmony_ci .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 7868c2ecf20Sopenharmony_ci .flags = GENL_ADMIN_PERM, 7878c2ecf20Sopenharmony_ci .doit = netlbl_mgmt_adddef, 7888c2ecf20Sopenharmony_ci .dumpit = NULL, 7898c2ecf20Sopenharmony_ci }, 7908c2ecf20Sopenharmony_ci { 7918c2ecf20Sopenharmony_ci .cmd = NLBL_MGMT_C_REMOVEDEF, 7928c2ecf20Sopenharmony_ci .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 7938c2ecf20Sopenharmony_ci .flags = GENL_ADMIN_PERM, 7948c2ecf20Sopenharmony_ci .doit = netlbl_mgmt_removedef, 7958c2ecf20Sopenharmony_ci .dumpit = NULL, 7968c2ecf20Sopenharmony_ci }, 7978c2ecf20Sopenharmony_ci { 7988c2ecf20Sopenharmony_ci .cmd = NLBL_MGMT_C_LISTDEF, 7998c2ecf20Sopenharmony_ci .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 8008c2ecf20Sopenharmony_ci .flags = 0, 8018c2ecf20Sopenharmony_ci .doit = netlbl_mgmt_listdef, 8028c2ecf20Sopenharmony_ci .dumpit = NULL, 8038c2ecf20Sopenharmony_ci }, 8048c2ecf20Sopenharmony_ci { 8058c2ecf20Sopenharmony_ci .cmd = NLBL_MGMT_C_PROTOCOLS, 8068c2ecf20Sopenharmony_ci .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 8078c2ecf20Sopenharmony_ci .flags = 0, 8088c2ecf20Sopenharmony_ci .doit = NULL, 8098c2ecf20Sopenharmony_ci .dumpit = netlbl_mgmt_protocols, 8108c2ecf20Sopenharmony_ci }, 8118c2ecf20Sopenharmony_ci { 8128c2ecf20Sopenharmony_ci .cmd = NLBL_MGMT_C_VERSION, 8138c2ecf20Sopenharmony_ci .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 8148c2ecf20Sopenharmony_ci .flags = 0, 8158c2ecf20Sopenharmony_ci .doit = netlbl_mgmt_version, 8168c2ecf20Sopenharmony_ci .dumpit = NULL, 8178c2ecf20Sopenharmony_ci }, 8188c2ecf20Sopenharmony_ci}; 8198c2ecf20Sopenharmony_ci 8208c2ecf20Sopenharmony_cistatic struct genl_family netlbl_mgmt_gnl_family __ro_after_init = { 8218c2ecf20Sopenharmony_ci .hdrsize = 0, 8228c2ecf20Sopenharmony_ci .name = NETLBL_NLTYPE_MGMT_NAME, 8238c2ecf20Sopenharmony_ci .version = NETLBL_PROTO_VERSION, 8248c2ecf20Sopenharmony_ci .maxattr = NLBL_MGMT_A_MAX, 8258c2ecf20Sopenharmony_ci .policy = netlbl_mgmt_genl_policy, 8268c2ecf20Sopenharmony_ci .module = THIS_MODULE, 8278c2ecf20Sopenharmony_ci .small_ops = netlbl_mgmt_genl_ops, 8288c2ecf20Sopenharmony_ci .n_small_ops = ARRAY_SIZE(netlbl_mgmt_genl_ops), 8298c2ecf20Sopenharmony_ci}; 8308c2ecf20Sopenharmony_ci 8318c2ecf20Sopenharmony_ci/* 8328c2ecf20Sopenharmony_ci * NetLabel Generic NETLINK Protocol Functions 8338c2ecf20Sopenharmony_ci */ 8348c2ecf20Sopenharmony_ci 8358c2ecf20Sopenharmony_ci/** 8368c2ecf20Sopenharmony_ci * netlbl_mgmt_genl_init - Register the NetLabel management component 8378c2ecf20Sopenharmony_ci * 8388c2ecf20Sopenharmony_ci * Description: 8398c2ecf20Sopenharmony_ci * Register the NetLabel management component with the Generic NETLINK 8408c2ecf20Sopenharmony_ci * mechanism. Returns zero on success, negative values on failure. 8418c2ecf20Sopenharmony_ci * 8428c2ecf20Sopenharmony_ci */ 8438c2ecf20Sopenharmony_ciint __init netlbl_mgmt_genl_init(void) 8448c2ecf20Sopenharmony_ci{ 8458c2ecf20Sopenharmony_ci return genl_register_family(&netlbl_mgmt_gnl_family); 8468c2ecf20Sopenharmony_ci} 847