hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (b6aa3922..)new (1a93a6ea..)

hooks.c (b6aa39228966e0d3f0bc3306be1892f87792903a)	hooks.c (1a93a6eac32a2853177f10e274b9b761b42356eb)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 3970 unchanged lines hidden (view full) --- 3979 3980 default: 3981 break; 3982 } 3983out: 3984 return ret; 3985} 3986	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 3970 unchanged lines hidden (view full) --- 3979 3980 default: 3981 break; 3982 } 3983out: 3984 return ret; 3985} 3986
3987#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	3987#if IS_ENABLED(CONFIG_IPV6)
3988 3989/* Returns error only if unable to parse addresses / 3990static int selinux_parse_skb_ipv6(struct sk_buff skb, 3991 struct common_audit_data ad, u8 proto) 3992{ 3993 u8 nexthdr; 3994 int ret = -EINVAL, offset; 3995 struct ipv6hdr _ipv6h, ip6; --- 74 unchanged lines hidden* (view full) --- 4070 case PF_INET: 4071 ret = selinux_parse_skb_ipv4(skb, ad, proto); 4072 if (ret) 4073 goto parse_error; 4074 addrp = (char *)(src ? &ad->u.net->v4info.saddr : 4075 &ad->u.net->v4info.daddr); 4076 goto okay; 4077	3988 3989/* Returns error only if unable to parse addresses / 3990static int selinux_parse_skb_ipv6(struct sk_buff skb, 3991 struct common_audit_data ad, u8 proto) 3992{ 3993 u8 nexthdr; 3994 int ret = -EINVAL, offset; 3995 struct ipv6hdr _ipv6h, ip6; --- 74 unchanged lines hidden* (view full) --- 4070 case PF_INET: 4071 ret = selinux_parse_skb_ipv4(skb, ad, proto); 4072 if (ret) 4073 goto parse_error; 4074 addrp = (char *)(src ? &ad->u.net->v4info.saddr : 4075 &ad->u.net->v4info.daddr); 4076 goto okay; 4077
4078#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	4078#if IS_ENABLED(CONFIG_IPV6)
4079 case PF_INET6: 4080 ret = selinux_parse_skb_ipv6(skb, ad, proto); 4081 if (ret) 4082 goto parse_error; 4083 addrp = (char )(src ? &ad->u.net->v6info.saddr : 4084 &ad->u.net->v6info.daddr); 4085 goto okay; 4086#endif / IPV6 / --- 937 unchanged lines hidden* (view full) --- 5024 5025static unsigned int selinux_ipv4_forward(void priv, 5026 struct sk_buff skb, 5027 const struct nf_hook_state *state) 5028{ 5029 return selinux_ip_forward(skb, state->in, PF_INET); 5030} 5031	4079 case PF_INET6: 4080 ret = selinux_parse_skb_ipv6(skb, ad, proto); 4081 if (ret) 4082 goto parse_error; 4083 addrp = (char )(src ? &ad->u.net->v6info.saddr : 4084 &ad->u.net->v6info.daddr); 4085 goto okay; 4086#endif / IPV6 / --- 937 unchanged lines hidden* (view full) --- 5024 5025static unsigned int selinux_ipv4_forward(void priv, 5026 struct sk_buff skb, 5027 const struct nf_hook_state *state) 5028{ 5029 return selinux_ip_forward(skb, state->in, PF_INET); 5030} 5031
5032#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5032#if IS_ENABLED(CONFIG_IPV6)
5033static unsigned int selinux_ipv6_forward(void priv, 5034 struct sk_buff skb, 5035 const struct nf_hook_state state) 5036{ 5037 return selinux_ip_forward(skb, state->in, PF_INET6); 5038} 5039#endif / IPV6 / 5040 --- 41 unchanged lines hidden* (view full) --- 5082 5083static unsigned int selinux_ipv4_output(void priv, 5084 struct sk_buff skb, 5085 const struct nf_hook_state *state) 5086{ 5087 return selinux_ip_output(skb, PF_INET); 5088} 5089	5033static unsigned int selinux_ipv6_forward(void priv, 5034 struct sk_buff skb, 5035 const struct nf_hook_state state) 5036{ 5037 return selinux_ip_forward(skb, state->in, PF_INET6); 5038} 5039#endif / IPV6 / 5040 --- 41 unchanged lines hidden* (view full) --- 5082 5083static unsigned int selinux_ipv4_output(void priv, 5084 struct sk_buff skb, 5085 const struct nf_hook_state *state) 5086{ 5087 return selinux_ip_output(skb, PF_INET); 5088} 5089
5090#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5090#if IS_ENABLED(CONFIG_IPV6)
5091static unsigned int selinux_ipv6_output(void priv, 5092 struct sk_buff skb, 5093 const struct nf_hook_state state) 5094{ 5095 return selinux_ip_output(skb, PF_INET6); 5096} 5097#endif / IPV6 / 5098 --- 169 unchanged lines hidden* (view full) --- 5268 5269static unsigned int selinux_ipv4_postroute(void priv, 5270 struct sk_buff skb, 5271 const struct nf_hook_state *state) 5272{ 5273 return selinux_ip_postroute(skb, state->out, PF_INET); 5274} 5275	5091static unsigned int selinux_ipv6_output(void priv, 5092 struct sk_buff skb, 5093 const struct nf_hook_state state) 5094{ 5095 return selinux_ip_output(skb, PF_INET6); 5096} 5097#endif / IPV6 / 5098 --- 169 unchanged lines hidden* (view full) --- 5268 5269static unsigned int selinux_ipv4_postroute(void priv, 5270 struct sk_buff skb, 5271 const struct nf_hook_state *state) 5272{ 5273 return selinux_ip_postroute(skb, state->out, PF_INET); 5274} 5275
5276#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5276#if IS_ENABLED(CONFIG_IPV6)
5277static unsigned int selinux_ipv6_postroute(void priv, 5278 struct sk_buff skb, 5279 const struct nf_hook_state state) 5280{ 5281 return selinux_ip_postroute(skb, state->out, PF_INET6); 5282} 5283#endif / IPV6 / 5284 --- 1027 unchanged lines hidden* (view full) --- 6312 .priority = NF_IP_PRI_SELINUX_FIRST, 6313 }, 6314 { 6315 .hook = selinux_ipv4_output, 6316 .pf = NFPROTO_IPV4, 6317 .hooknum = NF_INET_LOCAL_OUT, 6318 .priority = NF_IP_PRI_SELINUX_FIRST, 6319 },	5277static unsigned int selinux_ipv6_postroute(void priv, 5278 struct sk_buff skb, 5279 const struct nf_hook_state state) 5280{ 5281 return selinux_ip_postroute(skb, state->out, PF_INET6); 5282} 5283#endif / IPV6 / 5284 --- 1027 unchanged lines hidden* (view full) --- 6312 .priority = NF_IP_PRI_SELINUX_FIRST, 6313 }, 6314 { 6315 .hook = selinux_ipv4_output, 6316 .pf = NFPROTO_IPV4, 6317 .hooknum = NF_INET_LOCAL_OUT, 6318 .priority = NF_IP_PRI_SELINUX_FIRST, 6319 },
6320#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	6320#if IS_ENABLED(CONFIG_IPV6)
6321 { 6322 .hook = selinux_ipv6_postroute, 6323 .pf = NFPROTO_IPV6, 6324 .hooknum = NF_INET_POST_ROUTING, 6325 .priority = NF_IP6_PRI_SELINUX_LAST, 6326 }, 6327 { 6328 .hook = selinux_ipv6_forward, --- 82 unchanged lines hidden ---	6321 { 6322 .hook = selinux_ipv6_postroute, 6323 .pf = NFPROTO_IPV6, 6324 .hooknum = NF_INET_POST_ROUTING, 6325 .priority = NF_IP6_PRI_SELINUX_LAST, 6326 }, 6327 { 6328 .hook = selinux_ipv6_forward, --- 82 unchanged lines hidden ---

hooks.c (b6aa39228966e0d3f0bc3306be1892f87792903a)	hooks.c (1a93a6eac32a2853177f10e274b9b761b42356eb)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 3970 unchanged lines hidden (view full) --- 3979 3980 default: 3981 break; 3982 } 3983out: 3984 return ret; 3985} 3986	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 3970 unchanged lines hidden (view full) --- 3979 3980 default: 3981 break; 3982 } 3983out: 3984 return ret; 3985} 3986
3987#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	3987#if IS_ENABLED(CONFIG_IPV6)
3988 3989/* Returns error only if unable to parse addresses / 3990static int selinux_parse_skb_ipv6(struct sk_buff skb, 3991 struct common_audit_data ad, u8 proto) 3992{ 3993 u8 nexthdr; 3994 int ret = -EINVAL, offset; 3995 struct ipv6hdr _ipv6h, ip6; --- 74 unchanged lines hidden* (view full) --- 4070 case PF_INET: 4071 ret = selinux_parse_skb_ipv4(skb, ad, proto); 4072 if (ret) 4073 goto parse_error; 4074 addrp = (char *)(src ? &ad->u.net->v4info.saddr : 4075 &ad->u.net->v4info.daddr); 4076 goto okay; 4077	3988 3989/* Returns error only if unable to parse addresses / 3990static int selinux_parse_skb_ipv6(struct sk_buff skb, 3991 struct common_audit_data ad, u8 proto) 3992{ 3993 u8 nexthdr; 3994 int ret = -EINVAL, offset; 3995 struct ipv6hdr _ipv6h, ip6; --- 74 unchanged lines hidden* (view full) --- 4070 case PF_INET: 4071 ret = selinux_parse_skb_ipv4(skb, ad, proto); 4072 if (ret) 4073 goto parse_error; 4074 addrp = (char *)(src ? &ad->u.net->v4info.saddr : 4075 &ad->u.net->v4info.daddr); 4076 goto okay; 4077
4078#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	4078#if IS_ENABLED(CONFIG_IPV6)
4079 case PF_INET6: 4080 ret = selinux_parse_skb_ipv6(skb, ad, proto); 4081 if (ret) 4082 goto parse_error; 4083 addrp = (char )(src ? &ad->u.net->v6info.saddr : 4084 &ad->u.net->v6info.daddr); 4085 goto okay; 4086#endif / IPV6 / --- 937 unchanged lines hidden* (view full) --- 5024 5025static unsigned int selinux_ipv4_forward(void priv, 5026 struct sk_buff skb, 5027 const struct nf_hook_state *state) 5028{ 5029 return selinux_ip_forward(skb, state->in, PF_INET); 5030} 5031	4079 case PF_INET6: 4080 ret = selinux_parse_skb_ipv6(skb, ad, proto); 4081 if (ret) 4082 goto parse_error; 4083 addrp = (char )(src ? &ad->u.net->v6info.saddr : 4084 &ad->u.net->v6info.daddr); 4085 goto okay; 4086#endif / IPV6 / --- 937 unchanged lines hidden* (view full) --- 5024 5025static unsigned int selinux_ipv4_forward(void priv, 5026 struct sk_buff skb, 5027 const struct nf_hook_state *state) 5028{ 5029 return selinux_ip_forward(skb, state->in, PF_INET); 5030} 5031
5032#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5032#if IS_ENABLED(CONFIG_IPV6)
5033static unsigned int selinux_ipv6_forward(void priv, 5034 struct sk_buff skb, 5035 const struct nf_hook_state state) 5036{ 5037 return selinux_ip_forward(skb, state->in, PF_INET6); 5038} 5039#endif / IPV6 / 5040 --- 41 unchanged lines hidden* (view full) --- 5082 5083static unsigned int selinux_ipv4_output(void priv, 5084 struct sk_buff skb, 5085 const struct nf_hook_state *state) 5086{ 5087 return selinux_ip_output(skb, PF_INET); 5088} 5089	5033static unsigned int selinux_ipv6_forward(void priv, 5034 struct sk_buff skb, 5035 const struct nf_hook_state state) 5036{ 5037 return selinux_ip_forward(skb, state->in, PF_INET6); 5038} 5039#endif / IPV6 / 5040 --- 41 unchanged lines hidden* (view full) --- 5082 5083static unsigned int selinux_ipv4_output(void priv, 5084 struct sk_buff skb, 5085 const struct nf_hook_state *state) 5086{ 5087 return selinux_ip_output(skb, PF_INET); 5088} 5089
5090#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5090#if IS_ENABLED(CONFIG_IPV6)
5091static unsigned int selinux_ipv6_output(void priv, 5092 struct sk_buff skb, 5093 const struct nf_hook_state state) 5094{ 5095 return selinux_ip_output(skb, PF_INET6); 5096} 5097#endif / IPV6 / 5098 --- 169 unchanged lines hidden* (view full) --- 5268 5269static unsigned int selinux_ipv4_postroute(void priv, 5270 struct sk_buff skb, 5271 const struct nf_hook_state *state) 5272{ 5273 return selinux_ip_postroute(skb, state->out, PF_INET); 5274} 5275	5091static unsigned int selinux_ipv6_output(void priv, 5092 struct sk_buff skb, 5093 const struct nf_hook_state state) 5094{ 5095 return selinux_ip_output(skb, PF_INET6); 5096} 5097#endif / IPV6 / 5098 --- 169 unchanged lines hidden* (view full) --- 5268 5269static unsigned int selinux_ipv4_postroute(void priv, 5270 struct sk_buff skb, 5271 const struct nf_hook_state *state) 5272{ 5273 return selinux_ip_postroute(skb, state->out, PF_INET); 5274} 5275
5276#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5276#if IS_ENABLED(CONFIG_IPV6)
5277static unsigned int selinux_ipv6_postroute(void priv, 5278 struct sk_buff skb, 5279 const struct nf_hook_state state) 5280{ 5281 return selinux_ip_postroute(skb, state->out, PF_INET6); 5282} 5283#endif / IPV6 / 5284 --- 1027 unchanged lines hidden* (view full) --- 6312 .priority = NF_IP_PRI_SELINUX_FIRST, 6313 }, 6314 { 6315 .hook = selinux_ipv4_output, 6316 .pf = NFPROTO_IPV4, 6317 .hooknum = NF_INET_LOCAL_OUT, 6318 .priority = NF_IP_PRI_SELINUX_FIRST, 6319 },	5277static unsigned int selinux_ipv6_postroute(void priv, 5278 struct sk_buff skb, 5279 const struct nf_hook_state state) 5280{ 5281 return selinux_ip_postroute(skb, state->out, PF_INET6); 5282} 5283#endif / IPV6 / 5284 --- 1027 unchanged lines hidden* (view full) --- 6312 .priority = NF_IP_PRI_SELINUX_FIRST, 6313 }, 6314 { 6315 .hook = selinux_ipv4_output, 6316 .pf = NFPROTO_IPV4, 6317 .hooknum = NF_INET_LOCAL_OUT, 6318 .priority = NF_IP_PRI_SELINUX_FIRST, 6319 },
6320#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	6320#if IS_ENABLED(CONFIG_IPV6)
6321 { 6322 .hook = selinux_ipv6_postroute, 6323 .pf = NFPROTO_IPV6, 6324 .hooknum = NF_INET_POST_ROUTING, 6325 .priority = NF_IP6_PRI_SELINUX_LAST, 6326 }, 6327 { 6328 .hook = selinux_ipv6_forward, --- 82 unchanged lines hidden ---	6321 { 6322 .hook = selinux_ipv6_postroute, 6323 .pf = NFPROTO_IPV6, 6324 .hooknum = NF_INET_POST_ROUTING, 6325 .priority = NF_IP6_PRI_SELINUX_LAST, 6326 }, 6327 { 6328 .hook = selinux_ipv6_forward, --- 82 unchanged lines hidden ---