18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-or-later */
28c2ecf20Sopenharmony_ci/*
38c2ecf20Sopenharmony_ci * NetLabel Management Support
48c2ecf20Sopenharmony_ci *
58c2ecf20Sopenharmony_ci * This file defines the management functions for the NetLabel system.  The
68c2ecf20Sopenharmony_ci * NetLabel system manages static and dynamic label mappings for network
78c2ecf20Sopenharmony_ci * protocols such as CIPSO and RIPSO.
88c2ecf20Sopenharmony_ci *
98c2ecf20Sopenharmony_ci * Author: Paul Moore <paul@paul-moore.com>
108c2ecf20Sopenharmony_ci */
118c2ecf20Sopenharmony_ci
128c2ecf20Sopenharmony_ci/*
138c2ecf20Sopenharmony_ci * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
148c2ecf20Sopenharmony_ci */
158c2ecf20Sopenharmony_ci
168c2ecf20Sopenharmony_ci#ifndef _NETLABEL_MGMT_H
178c2ecf20Sopenharmony_ci#define _NETLABEL_MGMT_H
188c2ecf20Sopenharmony_ci
198c2ecf20Sopenharmony_ci#include <net/netlabel.h>
208c2ecf20Sopenharmony_ci#include <linux/atomic.h>
218c2ecf20Sopenharmony_ci
228c2ecf20Sopenharmony_ci/*
238c2ecf20Sopenharmony_ci * The following NetLabel payloads are supported by the management interface.
248c2ecf20Sopenharmony_ci *
258c2ecf20Sopenharmony_ci * o ADD:
268c2ecf20Sopenharmony_ci *   Sent by an application to add a domain mapping to the NetLabel system.
278c2ecf20Sopenharmony_ci *
288c2ecf20Sopenharmony_ci *   Required attributes:
298c2ecf20Sopenharmony_ci *
308c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_DOMAIN
318c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_PROTOCOL
328c2ecf20Sopenharmony_ci *
338c2ecf20Sopenharmony_ci *   If IPv4 is specified the following attributes are required:
348c2ecf20Sopenharmony_ci *
358c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_IPV4ADDR
368c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_IPV4MASK
378c2ecf20Sopenharmony_ci *
388c2ecf20Sopenharmony_ci *   If IPv6 is specified the following attributes are required:
398c2ecf20Sopenharmony_ci *
408c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_IPV6ADDR
418c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_IPV6MASK
428c2ecf20Sopenharmony_ci *
438c2ecf20Sopenharmony_ci *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
448c2ecf20Sopenharmony_ci *
458c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_CV4DOI
468c2ecf20Sopenharmony_ci *
478c2ecf20Sopenharmony_ci *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
488c2ecf20Sopenharmony_ci *   however the following attribute may optionally be sent:
498c2ecf20Sopenharmony_ci *
508c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_FAMILY
518c2ecf20Sopenharmony_ci *
528c2ecf20Sopenharmony_ci * o REMOVE:
538c2ecf20Sopenharmony_ci *   Sent by an application to remove a domain mapping from the NetLabel
548c2ecf20Sopenharmony_ci *   system.
558c2ecf20Sopenharmony_ci *
568c2ecf20Sopenharmony_ci *   Required attributes:
578c2ecf20Sopenharmony_ci *
588c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_DOMAIN
598c2ecf20Sopenharmony_ci *
608c2ecf20Sopenharmony_ci * o LISTALL:
618c2ecf20Sopenharmony_ci *   This message can be sent either from an application or by the kernel in
628c2ecf20Sopenharmony_ci *   response to an application generated LISTALL message.  When sent by an
638c2ecf20Sopenharmony_ci *   application there is no payload and the NLM_F_DUMP flag should be set.
648c2ecf20Sopenharmony_ci *   The kernel should respond with a series of the following messages.
658c2ecf20Sopenharmony_ci *
668c2ecf20Sopenharmony_ci *   Required attributes:
678c2ecf20Sopenharmony_ci *
688c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_DOMAIN
698c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_FAMILY
708c2ecf20Sopenharmony_ci *
718c2ecf20Sopenharmony_ci *   If the IP address selectors are not used the following attribute is
728c2ecf20Sopenharmony_ci *   required:
738c2ecf20Sopenharmony_ci *
748c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_PROTOCOL
758c2ecf20Sopenharmony_ci *
768c2ecf20Sopenharmony_ci *   If the IP address selectors are used then the following attritbute is
778c2ecf20Sopenharmony_ci *   required:
788c2ecf20Sopenharmony_ci *
798c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_SELECTORLIST
808c2ecf20Sopenharmony_ci *
818c2ecf20Sopenharmony_ci *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
828c2ecf20Sopenharmony_ci *   attributes are required:
838c2ecf20Sopenharmony_ci *
848c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_CV4DOI
858c2ecf20Sopenharmony_ci *
868c2ecf20Sopenharmony_ci *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
878c2ecf20Sopenharmony_ci *   attributes are required.
888c2ecf20Sopenharmony_ci *
898c2ecf20Sopenharmony_ci * o ADDDEF:
908c2ecf20Sopenharmony_ci *   Sent by an application to set the default domain mapping for the NetLabel
918c2ecf20Sopenharmony_ci *   system.
928c2ecf20Sopenharmony_ci *
938c2ecf20Sopenharmony_ci *   Required attributes:
948c2ecf20Sopenharmony_ci *
958c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_PROTOCOL
968c2ecf20Sopenharmony_ci *
978c2ecf20Sopenharmony_ci *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
988c2ecf20Sopenharmony_ci *
998c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_CV4DOI
1008c2ecf20Sopenharmony_ci *
1018c2ecf20Sopenharmony_ci *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
1028c2ecf20Sopenharmony_ci *   however the following attribute may optionally be sent:
1038c2ecf20Sopenharmony_ci *
1048c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_FAMILY
1058c2ecf20Sopenharmony_ci *
1068c2ecf20Sopenharmony_ci * o REMOVEDEF:
1078c2ecf20Sopenharmony_ci *   Sent by an application to remove the default domain mapping from the
1088c2ecf20Sopenharmony_ci *   NetLabel system, there is no payload.
1098c2ecf20Sopenharmony_ci *
1108c2ecf20Sopenharmony_ci * o LISTDEF:
1118c2ecf20Sopenharmony_ci *   This message can be sent either from an application or by the kernel in
1128c2ecf20Sopenharmony_ci *   response to an application generated LISTDEF message.  When sent by an
1138c2ecf20Sopenharmony_ci *   application there may be an optional payload.
1148c2ecf20Sopenharmony_ci *
1158c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_FAMILY
1168c2ecf20Sopenharmony_ci *
1178c2ecf20Sopenharmony_ci *   On success the kernel should send a response using the following format:
1188c2ecf20Sopenharmony_ci *
1198c2ecf20Sopenharmony_ci *   If the IP address selectors are not used the following attributes are
1208c2ecf20Sopenharmony_ci *   required:
1218c2ecf20Sopenharmony_ci *
1228c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_PROTOCOL
1238c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_FAMILY
1248c2ecf20Sopenharmony_ci *
1258c2ecf20Sopenharmony_ci *   If the IP address selectors are used then the following attritbute is
1268c2ecf20Sopenharmony_ci *   required:
1278c2ecf20Sopenharmony_ci *
1288c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_SELECTORLIST
1298c2ecf20Sopenharmony_ci *
1308c2ecf20Sopenharmony_ci *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
1318c2ecf20Sopenharmony_ci *   attributes are required:
1328c2ecf20Sopenharmony_ci *
1338c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_CV4DOI
1348c2ecf20Sopenharmony_ci *
1358c2ecf20Sopenharmony_ci *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
1368c2ecf20Sopenharmony_ci *   attributes are required.
1378c2ecf20Sopenharmony_ci *
1388c2ecf20Sopenharmony_ci * o PROTOCOLS:
1398c2ecf20Sopenharmony_ci *   Sent by an application to request a list of configured NetLabel protocols
1408c2ecf20Sopenharmony_ci *   in the kernel.  When sent by an application there is no payload and the
1418c2ecf20Sopenharmony_ci *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
1428c2ecf20Sopenharmony_ci *   the following messages.
1438c2ecf20Sopenharmony_ci *
1448c2ecf20Sopenharmony_ci *   Required attributes:
1458c2ecf20Sopenharmony_ci *
1468c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_PROTOCOL
1478c2ecf20Sopenharmony_ci *
1488c2ecf20Sopenharmony_ci * o VERSION:
1498c2ecf20Sopenharmony_ci *   Sent by an application to request the NetLabel version.  When sent by an
1508c2ecf20Sopenharmony_ci *   application there is no payload.  This message type is also used by the
1518c2ecf20Sopenharmony_ci *   kernel to respond to an VERSION request.
1528c2ecf20Sopenharmony_ci *
1538c2ecf20Sopenharmony_ci *   Required attributes:
1548c2ecf20Sopenharmony_ci *
1558c2ecf20Sopenharmony_ci *     NLBL_MGMT_A_VERSION
1568c2ecf20Sopenharmony_ci *
1578c2ecf20Sopenharmony_ci */
1588c2ecf20Sopenharmony_ci
1598c2ecf20Sopenharmony_ci/* NetLabel Management commands */
1608c2ecf20Sopenharmony_cienum {
1618c2ecf20Sopenharmony_ci	NLBL_MGMT_C_UNSPEC,
1628c2ecf20Sopenharmony_ci	NLBL_MGMT_C_ADD,
1638c2ecf20Sopenharmony_ci	NLBL_MGMT_C_REMOVE,
1648c2ecf20Sopenharmony_ci	NLBL_MGMT_C_LISTALL,
1658c2ecf20Sopenharmony_ci	NLBL_MGMT_C_ADDDEF,
1668c2ecf20Sopenharmony_ci	NLBL_MGMT_C_REMOVEDEF,
1678c2ecf20Sopenharmony_ci	NLBL_MGMT_C_LISTDEF,
1688c2ecf20Sopenharmony_ci	NLBL_MGMT_C_PROTOCOLS,
1698c2ecf20Sopenharmony_ci	NLBL_MGMT_C_VERSION,
1708c2ecf20Sopenharmony_ci	__NLBL_MGMT_C_MAX,
1718c2ecf20Sopenharmony_ci};
1728c2ecf20Sopenharmony_ci
1738c2ecf20Sopenharmony_ci/* NetLabel Management attributes */
1748c2ecf20Sopenharmony_cienum {
1758c2ecf20Sopenharmony_ci	NLBL_MGMT_A_UNSPEC,
1768c2ecf20Sopenharmony_ci	NLBL_MGMT_A_DOMAIN,
1778c2ecf20Sopenharmony_ci	/* (NLA_NUL_STRING)
1788c2ecf20Sopenharmony_ci	 * the NULL terminated LSM domain string */
1798c2ecf20Sopenharmony_ci	NLBL_MGMT_A_PROTOCOL,
1808c2ecf20Sopenharmony_ci	/* (NLA_U32)
1818c2ecf20Sopenharmony_ci	 * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */
1828c2ecf20Sopenharmony_ci	NLBL_MGMT_A_VERSION,
1838c2ecf20Sopenharmony_ci	/* (NLA_U32)
1848c2ecf20Sopenharmony_ci	 * the NetLabel protocol version number (defined by
1858c2ecf20Sopenharmony_ci	 * NETLBL_PROTO_VERSION) */
1868c2ecf20Sopenharmony_ci	NLBL_MGMT_A_CV4DOI,
1878c2ecf20Sopenharmony_ci	/* (NLA_U32)
1888c2ecf20Sopenharmony_ci	 * the CIPSOv4 DOI value */
1898c2ecf20Sopenharmony_ci	NLBL_MGMT_A_IPV6ADDR,
1908c2ecf20Sopenharmony_ci	/* (NLA_BINARY, struct in6_addr)
1918c2ecf20Sopenharmony_ci	 * an IPv6 address */
1928c2ecf20Sopenharmony_ci	NLBL_MGMT_A_IPV6MASK,
1938c2ecf20Sopenharmony_ci	/* (NLA_BINARY, struct in6_addr)
1948c2ecf20Sopenharmony_ci	 * an IPv6 address mask */
1958c2ecf20Sopenharmony_ci	NLBL_MGMT_A_IPV4ADDR,
1968c2ecf20Sopenharmony_ci	/* (NLA_BINARY, struct in_addr)
1978c2ecf20Sopenharmony_ci	 * an IPv4 address */
1988c2ecf20Sopenharmony_ci	NLBL_MGMT_A_IPV4MASK,
1998c2ecf20Sopenharmony_ci	/* (NLA_BINARY, struct in_addr)
2008c2ecf20Sopenharmony_ci	 * and IPv4 address mask */
2018c2ecf20Sopenharmony_ci	NLBL_MGMT_A_ADDRSELECTOR,
2028c2ecf20Sopenharmony_ci	/* (NLA_NESTED)
2038c2ecf20Sopenharmony_ci	 * an IP address selector, must contain an address, mask, and protocol
2048c2ecf20Sopenharmony_ci	 * attribute plus any protocol specific attributes */
2058c2ecf20Sopenharmony_ci	NLBL_MGMT_A_SELECTORLIST,
2068c2ecf20Sopenharmony_ci	/* (NLA_NESTED)
2078c2ecf20Sopenharmony_ci	 * the selector list, there must be at least one
2088c2ecf20Sopenharmony_ci	 * NLBL_MGMT_A_ADDRSELECTOR attribute */
2098c2ecf20Sopenharmony_ci	NLBL_MGMT_A_FAMILY,
2108c2ecf20Sopenharmony_ci	/* (NLA_U16)
2118c2ecf20Sopenharmony_ci	 * The address family */
2128c2ecf20Sopenharmony_ci	NLBL_MGMT_A_CLPDOI,
2138c2ecf20Sopenharmony_ci	/* (NLA_U32)
2148c2ecf20Sopenharmony_ci	 * the CALIPSO DOI value */
2158c2ecf20Sopenharmony_ci	__NLBL_MGMT_A_MAX,
2168c2ecf20Sopenharmony_ci};
2178c2ecf20Sopenharmony_ci#define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)
2188c2ecf20Sopenharmony_ci
2198c2ecf20Sopenharmony_ci/* NetLabel protocol functions */
2208c2ecf20Sopenharmony_ciint netlbl_mgmt_genl_init(void);
2218c2ecf20Sopenharmony_ci
2228c2ecf20Sopenharmony_ci/* NetLabel configured protocol reference counter */
2238c2ecf20Sopenharmony_ciextern atomic_t netlabel_mgmt_protocount;
2248c2ecf20Sopenharmony_ci
2258c2ecf20Sopenharmony_ci#endif
226