netlabel_unlabeled.c - OpenGrok cross reference for /openbmc/linux/net/netlabel/netlabel

Deleted Added

sdiffudifftextold (3dcbbcda..)new (95d4e6be..)

netlabel_unlabeled.c (3dcbbcda7c5b77c400791b26facd6593c5b176e0)	netlabel_unlabeled.c (95d4e6be25a68cd9fbe8c0d356b585504d8db1c7)
1/* 2 * NetLabel Unlabeled Support 3 * 4 * This file defines functions for dealing with unlabeled packets for the 5 * NetLabel system. The NetLabel system manages static and dynamic label 6 * mappings for network protocols such as CIPSO and RIPSO. 7 * 8 * Author: Paul Moore <paul.moore@hp.com> --- 56 unchanged lines hidden (view full) --- 65 66/* 67 * Helper Functions 68 / 69 70/* 71 * netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag 72 * @value: desired value	1/* 2 * NetLabel Unlabeled Support 3 * 4 * This file defines functions for dealing with unlabeled packets for the 5 * NetLabel system. The NetLabel system manages static and dynamic label 6 * mappings for network protocols such as CIPSO and RIPSO. 7 * 8 * Author: Paul Moore <paul.moore@hp.com> --- 56 unchanged lines hidden (view full) --- 65 66/* 67 * Helper Functions 68 / 69 70/* 71 * netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag 72 * @value: desired value
73 * @audit_secid: the LSM secid to use in the audit message	73 * @audit_info: NetLabel audit information
74 * 75 * Description: 76 * Set the value of the unlabeled accept flag to @value. 77 * 78 */	74 * 75 * Description: 76 * Set the value of the unlabeled accept flag to @value. 77 * 78 */
79static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)	79static void netlbl_unlabel_acceptflg_set(u8 value, 80 struct netlbl_audit *audit_info)
80{	81{
	82 struct audit_buffer *audit_buf; 83 u8 old_val; 84 85 old_val = atomic_read(&netlabel_unlabel_accept_flg);
81 atomic_set(&netlabel_unlabel_accept_flg, value);	86 atomic_set(&netlabel_unlabel_accept_flg, value);
82 netlbl_audit_nomsg((value ? 83 AUDIT_MAC_UNLBL_ACCEPT : AUDIT_MAC_UNLBL_DENY), 84 audit_secid);	87 88 audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW, 89 audit_info); 90 audit_log_format(audit_buf, " unlbl_accept=%u old=%u", value, old_val); 91 audit_log_end(audit_buf);
85} 86 87/* 88 * NetLabel Command Handlers 89 / 90 91/* 92 * netlbl_unlabel_accept - Handle an ACCEPT message 93 * @skb: the NETLINK buffer 94 * @info: the Generic NETLINK info block 95 * 96 * Description: 97 * Process a user generated ACCEPT message and set the accept flag accordingly. 98 * Returns zero on success, negative values on failure. 99 * 100 / 101static int netlbl_unlabel_accept(struct sk_buff skb, struct genl_info *info) 102{ 103 u8 value;	92} 93 94/* 95 * NetLabel Command Handlers 96 / 97 98/* 99 * netlbl_unlabel_accept - Handle an ACCEPT message 100 * @skb: the NETLINK buffer 101 * @info: the Generic NETLINK info block 102 * 103 * Description: 104 * Process a user generated ACCEPT message and set the accept flag accordingly. 105 * Returns zero on success, negative values on failure. 106 * 107 / 108static int netlbl_unlabel_accept(struct sk_buff skb, struct genl_info *info) 109{ 110 u8 value;
	111 struct netlbl_audit audit_info;
104 105 if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) { 106 value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]); 107 if (value == 1 \|\| value == 0) {	112 113 if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) { 114 value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]); 115 if (value == 1 \|\| value == 0) {
108 netlbl_unlabel_acceptflg_set(value, 109 NETLINK_CB(skb).sid);	116 netlbl_netlink_auditinfo(skb, &audit_info); 117 netlbl_unlabel_acceptflg_set(value, &audit_info);
110 return 0; 111 } 112 } 113 114 return -EINVAL; 115} 116 117/ --- 127 unchanged lines hidden** (view full) --- 245 * Set the default NetLabel configuration to allow incoming unlabeled packets 246 * and to send unlabeled network traffic by default. 247 * 248 / 249int netlbl_unlabel_defconf(void) 250{ 251 int ret_val; 252 struct netlbl_dom_map entry;	118 return 0; 119 } 120 } 121 122 return -EINVAL; 123} 124 125/ --- 127 unchanged lines hidden** (view full) --- 253 * Set the default NetLabel configuration to allow incoming unlabeled packets 254 * and to send unlabeled network traffic by default. 255 * 256 / 257int netlbl_unlabel_defconf(void) 258{ 259 int ret_val; 260 struct netlbl_dom_map entry;
253 u32 secid;	261 struct netlbl_audit audit_info;
254	262
255 security_task_getsecid(current, &secid);	263 /* Only the kernel is allowed to call this function and the only time 264 * it is called is at bootup before the audit subsystem is reporting 265 * messages so don't worry to much about these values. */ 266 security_task_getsecid(current, &audit_info.secid); 267 audit_info.loginuid = 0;
256 257 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 258 if (entry == NULL) 259 return -ENOMEM; 260 entry->type = NETLBL_NLTYPE_UNLABELED;	268 269 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 270 if (entry == NULL) 271 return -ENOMEM; 272 entry->type = NETLBL_NLTYPE_UNLABELED;
261 ret_val = netlbl_domhsh_add_default(entry, secid);	273 ret_val = netlbl_domhsh_add_default(entry, &audit_info);
262 if (ret_val != 0) 263 return ret_val; 264	274 if (ret_val != 0) 275 return ret_val; 276
265 netlbl_unlabel_acceptflg_set(1, secid);	277 netlbl_unlabel_acceptflg_set(1, &audit_info);
266 267 return 0; 268}	278 279 return 0; 280}