| netlabel_domainhash.c (3dcbbcda7c5b77c400791b26facd6593c5b176e0) | netlabel_domainhash.c (95d4e6be25a68cd9fbe8c0d356b585504d8db1c7) |
|---|---|
| 1/* 2 * NetLabel Domain Hash Table 3 * 4 * This file manages the domain hash table that NetLabel uses to determine 5 * which network labeling protocol to use for a given domain. The NetLabel 6 * system manages static and dynamic label mappings for network protocols such 7 * as CIPSO and RIPSO. 8 * --- 174 unchanged lines hidden (view full) --- 183 rcu_read_unlock(); 184 185 return 0; 186} 187 188/** 189 * netlbl_domhsh_add - Adds a entry to the domain hash table 190 * @entry: the entry to add | 1/* 2 * NetLabel Domain Hash Table 3 * 4 * This file manages the domain hash table that NetLabel uses to determine 5 * which network labeling protocol to use for a given domain. The NetLabel 6 * system manages static and dynamic label mappings for network protocols such 7 * as CIPSO and RIPSO. 8 * --- 174 unchanged lines hidden (view full) --- 183 rcu_read_unlock(); 184 185 return 0; 186} 187 188/** 189 * netlbl_domhsh_add - Adds a entry to the domain hash table 190 * @entry: the entry to add |
| 191 * @audit_secid: the LSM secid to use in the audit message | 191 * @audit_info: NetLabel audit information |
| 192 * 193 * Description: 194 * Adds a new entry to the domain hash table and handles any updates to the 195 * lower level protocol handler (i.e. CIPSO). Returns zero on success, 196 * negative on failure. 197 * 198 */ | 192 * 193 * Description: 194 * Adds a new entry to the domain hash table and handles any updates to the 195 * lower level protocol handler (i.e. CIPSO). Returns zero on success, 196 * negative on failure. 197 * 198 */ |
| 199int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid) | 199int netlbl_domhsh_add(struct netlbl_dom_map *entry, 200 struct netlbl_audit *audit_info) |
| 200{ 201 int ret_val; 202 u32 bkt; 203 struct audit_buffer *audit_buf; 204 char *audit_domain; 205 206 switch (entry->type) { 207 case NETLBL_NLTYPE_UNLABELED: --- 28 unchanged lines hidden (view full) --- 236 spin_lock(&netlbl_domhsh_def_lock); 237 if (rcu_dereference(netlbl_domhsh_def) == NULL) 238 rcu_assign_pointer(netlbl_domhsh_def, entry); 239 else 240 ret_val = -EEXIST; 241 spin_unlock(&netlbl_domhsh_def_lock); 242 } else 243 ret_val = -EINVAL; | 201{ 202 int ret_val; 203 u32 bkt; 204 struct audit_buffer *audit_buf; 205 char *audit_domain; 206 207 switch (entry->type) { 208 case NETLBL_NLTYPE_UNLABELED: --- 28 unchanged lines hidden (view full) --- 237 spin_lock(&netlbl_domhsh_def_lock); 238 if (rcu_dereference(netlbl_domhsh_def) == NULL) 239 rcu_assign_pointer(netlbl_domhsh_def, entry); 240 else 241 ret_val = -EEXIST; 242 spin_unlock(&netlbl_domhsh_def_lock); 243 } else 244 ret_val = -EINVAL; |
| 244 if (ret_val == 0) { 245 if (entry->domain != NULL) 246 audit_domain = entry->domain; 247 else 248 audit_domain = "(default)"; 249 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, 250 audit_secid); 251 audit_log_format(audit_buf, " domain=%s", audit_domain); 252 switch (entry->type) { 253 case NETLBL_NLTYPE_UNLABELED: 254 audit_log_format(audit_buf, " protocol=unlbl"); 255 break; 256 case NETLBL_NLTYPE_CIPSOV4: 257 audit_log_format(audit_buf, 258 " protocol=cipsov4 doi=%u", 259 entry->type_def.cipsov4->doi); 260 break; 261 } 262 audit_log_end(audit_buf); | 245 246 if (entry->domain != NULL) 247 audit_domain = entry->domain; 248 else 249 audit_domain = "(default)"; 250 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info); 251 audit_log_format(audit_buf, " nlbl_domain=%s", audit_domain); 252 switch (entry->type) { 253 case NETLBL_NLTYPE_UNLABELED: 254 audit_log_format(audit_buf, " nlbl_protocol=unlbl"); 255 break; 256 case NETLBL_NLTYPE_CIPSOV4: 257 audit_log_format(audit_buf, 258 " nlbl_protocol=cipsov4 cipso_doi=%u", 259 entry->type_def.cipsov4->doi); 260 break; |
| 263 } | 261 } |
| 262 audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); 263 audit_log_end(audit_buf); 264 |
|
| 264 rcu_read_unlock(); 265 266 if (ret_val != 0) { 267 switch (entry->type) { 268 case NETLBL_NLTYPE_CIPSOV4: 269 if (cipso_v4_doi_domhsh_remove(entry->type_def.cipsov4, 270 entry->domain) != 0) 271 BUG(); 272 break; 273 } 274 } 275 276 return ret_val; 277} 278 279/** 280 * netlbl_domhsh_add_default - Adds the default entry to the domain hash table 281 * @entry: the entry to add | 265 rcu_read_unlock(); 266 267 if (ret_val != 0) { 268 switch (entry->type) { 269 case NETLBL_NLTYPE_CIPSOV4: 270 if (cipso_v4_doi_domhsh_remove(entry->type_def.cipsov4, 271 entry->domain) != 0) 272 BUG(); 273 break; 274 } 275 } 276 277 return ret_val; 278} 279 280/** 281 * netlbl_domhsh_add_default - Adds the default entry to the domain hash table 282 * @entry: the entry to add |
| 282 * @audit_secid: the LSM secid to use in the audit message | 283 * @audit_info: NetLabel audit information |
| 283 * 284 * Description: 285 * Adds a new default entry to the domain hash table and handles any updates 286 * to the lower level protocol handler (i.e. CIPSO). Returns zero on success, 287 * negative on failure. 288 * 289 */ | 284 * 285 * Description: 286 * Adds a new default entry to the domain hash table and handles any updates 287 * to the lower level protocol handler (i.e. CIPSO). Returns zero on success, 288 * negative on failure. 289 * 290 */ |
| 290int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid) | 291int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, 292 struct netlbl_audit *audit_info) |
| 291{ | 293{ |
| 292 return netlbl_domhsh_add(entry, audit_secid); | 294 return netlbl_domhsh_add(entry, audit_info); |
| 293} 294 295/** 296 * netlbl_domhsh_remove - Removes an entry from the domain hash table 297 * @domain: the domain to remove | 295} 296 297/** 298 * netlbl_domhsh_remove - Removes an entry from the domain hash table 299 * @domain: the domain to remove |
| 298 * @audit_secid: the LSM secid to use in the audit message | 300 * @audit_info: NetLabel audit information |
| 299 * 300 * Description: 301 * Removes an entry from the domain hash table and handles any updates to the 302 * lower level protocol handler (i.e. CIPSO). Returns zero on success, 303 * negative on failure. 304 * 305 */ | 301 * 302 * Description: 303 * Removes an entry from the domain hash table and handles any updates to the 304 * lower level protocol handler (i.e. CIPSO). Returns zero on success, 305 * negative on failure. 306 * 307 */ |
| 306int netlbl_domhsh_remove(const char *domain, u32 audit_secid) | 308int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info) |
| 307{ 308 int ret_val = -ENOENT; 309 struct netlbl_dom_map *entry; 310 struct audit_buffer *audit_buf; 311 char *audit_domain; 312 313 rcu_read_lock(); 314 if (domain != NULL) --- 25 unchanged lines hidden (view full) --- 340 spin_lock(&netlbl_domhsh_def_lock); 341 if (entry->valid) { 342 entry->valid = 0; 343 rcu_assign_pointer(netlbl_domhsh_def, NULL); 344 } else 345 ret_val = -ENOENT; 346 spin_unlock(&netlbl_domhsh_def_lock); 347 } | 309{ 310 int ret_val = -ENOENT; 311 struct netlbl_dom_map *entry; 312 struct audit_buffer *audit_buf; 313 char *audit_domain; 314 315 rcu_read_lock(); 316 if (domain != NULL) --- 25 unchanged lines hidden (view full) --- 342 spin_lock(&netlbl_domhsh_def_lock); 343 if (entry->valid) { 344 entry->valid = 0; 345 rcu_assign_pointer(netlbl_domhsh_def, NULL); 346 } else 347 ret_val = -ENOENT; 348 spin_unlock(&netlbl_domhsh_def_lock); 349 } |
| 348 if (ret_val == 0) { 349 if (entry->domain != NULL) 350 audit_domain = entry->domain; 351 else 352 audit_domain = "(default)"; 353 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, 354 audit_secid); 355 audit_log_format(audit_buf, " domain=%s", audit_domain); 356 audit_log_end(audit_buf); | |
| 357 | 350 |
| 351 if (entry->domain != NULL) 352 audit_domain = entry->domain; 353 else 354 audit_domain = "(default)"; 355 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info); 356 audit_log_format(audit_buf, 357 " nlbl_domain=%s res=%u", 358 audit_domain, 359 ret_val == 0 ? 1 : 0); 360 audit_log_end(audit_buf); 361 362 if (ret_val == 0) |
|
| 358 call_rcu(&entry->rcu, netlbl_domhsh_free_entry); | 363 call_rcu(&entry->rcu, netlbl_domhsh_free_entry); |
| 359 } | |
| 360 361remove_return: 362 rcu_read_unlock(); 363 return ret_val; 364} 365 366/** 367 * netlbl_domhsh_remove_default - Removes the default entry from the table | 364 365remove_return: 366 rcu_read_unlock(); 367 return ret_val; 368} 369 370/** 371 * netlbl_domhsh_remove_default - Removes the default entry from the table |
| 368 * @audit_secid: the LSM secid to use in the audit message | 372 * @audit_info: NetLabel audit information |
| 369 * 370 * Description: 371 * Removes/resets the default entry for the domain hash table and handles any 372 * updates to the lower level protocol handler (i.e. CIPSO). Returns zero on 373 * success, non-zero on failure. 374 * 375 */ | 373 * 374 * Description: 375 * Removes/resets the default entry for the domain hash table and handles any 376 * updates to the lower level protocol handler (i.e. CIPSO). Returns zero on 377 * success, non-zero on failure. 378 * 379 */ |
| 376int netlbl_domhsh_remove_default(u32 audit_secid) | 380int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info) |
| 377{ | 381{ |
| 378 return netlbl_domhsh_remove(NULL, audit_secid); | 382 return netlbl_domhsh_remove(NULL, audit_info); |
| 379} 380 381/** 382 * netlbl_domhsh_getentry - Get an entry from the domain hash table 383 * @domain: the domain name to search for 384 * 385 * Description: 386 * Look through the domain hash table searching for an entry to match @domain, --- 58 unchanged lines hidden --- | 383} 384 385/** 386 * netlbl_domhsh_getentry - Get an entry from the domain hash table 387 * @domain: the domain name to search for 388 * 389 * Description: 390 * Look through the domain hash table searching for an entry to match @domain, --- 58 unchanged lines hidden --- |