1 // SPDX-License-Identifier: GPL-2.0-only
5  * Network interfaces (devices) do not have a security field, so we
11  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
12  *		      Paul Moore <paul@paul-moore.com>
43  * sel_netif_hashfn - Hashing function for the interface table
44  * @ns: the network namespace
52 static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex)  in sel_netif_hashfn()  argument
54 	return (((uintptr_t)ns + ifindex) & (SEL_NETIF_HASH_SIZE - 1));  in sel_netif_hashfn()
58  * sel_netif_find - Search for an interface record
59  * @ns: the network namespace
67 static inline struct sel_netif *sel_netif_find(const struct net *ns,  in sel_netif_find()  argument
70 	u32 idx = sel_netif_hashfn(ns, ifindex);  in sel_netif_find()
74 		if (net_eq(netif->nsec.ns, ns) &&  in sel_netif_find()
75 		    netif->nsec.ifindex == ifindex)  in sel_netif_find()
82  * sel_netif_insert - Insert a new interface into the table
87  * zero on success, negative values on failure.
95 		return -ENOSPC;  in sel_netif_insert()
97 	idx = sel_netif_hashfn(netif->nsec.ns, netif->nsec.ifindex);  in sel_netif_insert()
98 	list_add_rcu(&netif->list, &sel_netif_hash[idx]);  in sel_netif_insert()
105  * sel_netif_destroy - Remove an interface record from the table
114 	list_del_rcu(&netif->list);  in sel_netif_destroy()
115 	sel_netif_total--;  in sel_netif_destroy()
120  * sel_netif_sid_slow - Lookup the SID of a network interface using the policy
121  * @ns: the network namespace
128  * speedup future queries.  Returns zero on success, negative values on
132 static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid)  in sel_netif_sid_slow()  argument
139 	/* NOTE: we always use init's network namespace since we don't  in sel_netif_sid_slow()
142 	dev = dev_get_by_index(ns, ifindex);  in sel_netif_sid_slow()
146 		return -ENOENT;  in sel_netif_sid_slow()
150 	netif = sel_netif_find(ns, ifindex);  in sel_netif_sid_slow()
152 		*sid = netif->nsec.sid;  in sel_netif_sid_slow()
156 	ret = security_netif_sid(dev->name, sid);  in sel_netif_sid_slow()
161 		new->nsec.ns = ns;  in sel_netif_sid_slow()
162 		new->nsec.ifindex = ifindex;  in sel_netif_sid_slow()
163 		new->nsec.sid = *sid;  in sel_netif_sid_slow()
178  * sel_netif_sid - Lookup the SID of a network interface
179  * @ns: the network namespace
187  * table to speedup future queries.  Returns zero on success, negative values
188  * on failure.
191 int sel_netif_sid(struct net *ns, int ifindex, u32 *sid)  in sel_netif_sid()  argument
196 	netif = sel_netif_find(ns, ifindex);  in sel_netif_sid()
198 		*sid = netif->nsec.sid;  in sel_netif_sid()
204 	return sel_netif_sid_slow(ns, ifindex, sid);  in sel_netif_sid()
208  * sel_netif_kill - Remove an entry from the network interface table
209  * @ns: the network namespace
217 static void sel_netif_kill(const struct net *ns, int ifindex)  in sel_netif_kill()  argument
223 	netif = sel_netif_find(ns, ifindex);  in sel_netif_kill()
231  * sel_netif_flush - Flush the entire network interface table
255 		sel_netif_kill(dev_net(dev), dev->ifindex);  in sel_netif_netdev_notifier_handler()