162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * NetLabel NETLINK Interface 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * This file defines the NETLINK interface for the NetLabel system. The 662306a36Sopenharmony_ci * NetLabel system manages static and dynamic label mappings for network 762306a36Sopenharmony_ci * protocols such as CIPSO and RIPSO. 862306a36Sopenharmony_ci * 962306a36Sopenharmony_ci * Author: Paul Moore <paul@paul-moore.com> 1062306a36Sopenharmony_ci */ 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_ci/* 1362306a36Sopenharmony_ci * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 1462306a36Sopenharmony_ci */ 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci#include <linux/init.h> 1762306a36Sopenharmony_ci#include <linux/types.h> 1862306a36Sopenharmony_ci#include <linux/list.h> 1962306a36Sopenharmony_ci#include <linux/socket.h> 2062306a36Sopenharmony_ci#include <linux/audit.h> 2162306a36Sopenharmony_ci#include <linux/tty.h> 2262306a36Sopenharmony_ci#include <linux/security.h> 2362306a36Sopenharmony_ci#include <linux/gfp.h> 2462306a36Sopenharmony_ci#include <net/sock.h> 2562306a36Sopenharmony_ci#include <net/netlink.h> 2662306a36Sopenharmony_ci#include <net/genetlink.h> 2762306a36Sopenharmony_ci#include <net/netlabel.h> 2862306a36Sopenharmony_ci#include <asm/bug.h> 2962306a36Sopenharmony_ci 3062306a36Sopenharmony_ci#include "netlabel_mgmt.h" 3162306a36Sopenharmony_ci#include "netlabel_unlabeled.h" 3262306a36Sopenharmony_ci#include "netlabel_cipso_v4.h" 3362306a36Sopenharmony_ci#include "netlabel_calipso.h" 3462306a36Sopenharmony_ci#include "netlabel_user.h" 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_ci/* 3762306a36Sopenharmony_ci * NetLabel NETLINK Setup Functions 3862306a36Sopenharmony_ci */ 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci/** 4162306a36Sopenharmony_ci * netlbl_netlink_init - Initialize the NETLINK communication channel 4262306a36Sopenharmony_ci * 4362306a36Sopenharmony_ci * Description: 4462306a36Sopenharmony_ci * Call out to the NetLabel components so they can register their families and 4562306a36Sopenharmony_ci * commands with the Generic NETLINK mechanism. Returns zero on success and 4662306a36Sopenharmony_ci * non-zero on failure. 4762306a36Sopenharmony_ci * 4862306a36Sopenharmony_ci */ 4962306a36Sopenharmony_ciint __init netlbl_netlink_init(void) 5062306a36Sopenharmony_ci{ 5162306a36Sopenharmony_ci int ret_val; 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_ci ret_val = netlbl_mgmt_genl_init(); 5462306a36Sopenharmony_ci if (ret_val != 0) 5562306a36Sopenharmony_ci return ret_val; 5662306a36Sopenharmony_ci 5762306a36Sopenharmony_ci ret_val = netlbl_cipsov4_genl_init(); 5862306a36Sopenharmony_ci if (ret_val != 0) 5962306a36Sopenharmony_ci return ret_val; 6062306a36Sopenharmony_ci 6162306a36Sopenharmony_ci ret_val = netlbl_calipso_genl_init(); 6262306a36Sopenharmony_ci if (ret_val != 0) 6362306a36Sopenharmony_ci return ret_val; 6462306a36Sopenharmony_ci 6562306a36Sopenharmony_ci return netlbl_unlabel_genl_init(); 6662306a36Sopenharmony_ci} 6762306a36Sopenharmony_ci 6862306a36Sopenharmony_ci/* 6962306a36Sopenharmony_ci * NetLabel Audit Functions 7062306a36Sopenharmony_ci */ 7162306a36Sopenharmony_ci 7262306a36Sopenharmony_ci/** 7362306a36Sopenharmony_ci * netlbl_audit_start_common - Start an audit message 7462306a36Sopenharmony_ci * @type: audit message type 7562306a36Sopenharmony_ci * @audit_info: NetLabel audit information 7662306a36Sopenharmony_ci * 7762306a36Sopenharmony_ci * Description: 7862306a36Sopenharmony_ci * Start an audit message using the type specified in @type and fill the audit 7962306a36Sopenharmony_ci * message with some fields common to all NetLabel audit messages. Returns 8062306a36Sopenharmony_ci * a pointer to the audit buffer on success, NULL on failure. 8162306a36Sopenharmony_ci * 8262306a36Sopenharmony_ci */ 8362306a36Sopenharmony_cistruct audit_buffer *netlbl_audit_start_common(int type, 8462306a36Sopenharmony_ci struct netlbl_audit *audit_info) 8562306a36Sopenharmony_ci{ 8662306a36Sopenharmony_ci struct audit_buffer *audit_buf; 8762306a36Sopenharmony_ci char *secctx; 8862306a36Sopenharmony_ci u32 secctx_len; 8962306a36Sopenharmony_ci 9062306a36Sopenharmony_ci if (audit_enabled == AUDIT_OFF) 9162306a36Sopenharmony_ci return NULL; 9262306a36Sopenharmony_ci 9362306a36Sopenharmony_ci audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type); 9462306a36Sopenharmony_ci if (audit_buf == NULL) 9562306a36Sopenharmony_ci return NULL; 9662306a36Sopenharmony_ci 9762306a36Sopenharmony_ci audit_log_format(audit_buf, "netlabel: auid=%u ses=%u", 9862306a36Sopenharmony_ci from_kuid(&init_user_ns, audit_info->loginuid), 9962306a36Sopenharmony_ci audit_info->sessionid); 10062306a36Sopenharmony_ci 10162306a36Sopenharmony_ci if (audit_info->secid != 0 && 10262306a36Sopenharmony_ci security_secid_to_secctx(audit_info->secid, 10362306a36Sopenharmony_ci &secctx, 10462306a36Sopenharmony_ci &secctx_len) == 0) { 10562306a36Sopenharmony_ci audit_log_format(audit_buf, " subj=%s", secctx); 10662306a36Sopenharmony_ci security_release_secctx(secctx, secctx_len); 10762306a36Sopenharmony_ci } 10862306a36Sopenharmony_ci 10962306a36Sopenharmony_ci return audit_buf; 11062306a36Sopenharmony_ci} 111