xref: /openbmc/linux/include/net/netlabel.h (revision 60063497a95e716c9a689af3be2687d261f115b4) 
111a03f78SPaul Moore /*
211a03f78SPaul Moore  * NetLabel System
311a03f78SPaul Moore  *
411a03f78SPaul Moore  * The NetLabel system manages static and dynamic label mappings for network
511a03f78SPaul Moore  * protocols such as CIPSO and RIPSO.
611a03f78SPaul Moore  *
711a03f78SPaul Moore  * Author: Paul Moore <paul.moore@hp.com>
811a03f78SPaul Moore  *
911a03f78SPaul Moore  */
1011a03f78SPaul Moore 
1111a03f78SPaul Moore /*
1263c41688SPaul Moore  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008
1311a03f78SPaul Moore  *
1411a03f78SPaul Moore  * This program is free software;  you can redistribute it and/or modify
1511a03f78SPaul Moore  * it under the terms of the GNU General Public License as published by
1611a03f78SPaul Moore  * the Free Software Foundation; either version 2 of the License, or
1711a03f78SPaul Moore  * (at your option) any later version.
1811a03f78SPaul Moore  *
1911a03f78SPaul Moore  * This program is distributed in the hope that it will be useful,
2011a03f78SPaul Moore  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
2111a03f78SPaul Moore  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
2211a03f78SPaul Moore  * the GNU General Public License for more details.
2311a03f78SPaul Moore  *
2411a03f78SPaul Moore  * You should have received a copy of the GNU General Public License
2511a03f78SPaul Moore  * along with this program;  if not, write to the Free Software
2611a03f78SPaul Moore  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
2711a03f78SPaul Moore  *
2811a03f78SPaul Moore  */
2911a03f78SPaul Moore 
3011a03f78SPaul Moore #ifndef _NETLABEL_H
3111a03f78SPaul Moore #define _NETLABEL_H
3211a03f78SPaul Moore 
3311a03f78SPaul Moore #include <linux/types.h>
345a0e3ad6STejun Heo #include <linux/slab.h>
357a0e1d60SPaul Moore #include <linux/net.h>
3611a03f78SPaul Moore #include <linux/skbuff.h>
376c2e8ac0SPaul Moore #include <linux/in.h>
386c2e8ac0SPaul Moore #include <linux/in6.h>
3911a03f78SPaul Moore #include <net/netlink.h>
40389fb800SPaul Moore #include <net/request_sock.h>
41*60063497SArun Sharma #include <linux/atomic.h>
4211a03f78SPaul Moore 
43eda61d32SPaul Moore struct cipso_v4_doi;
44eda61d32SPaul Moore 
4511a03f78SPaul Moore /*
4611a03f78SPaul Moore  * NetLabel - A management interface for maintaining network packet label
4711a03f78SPaul Moore  *            mapping tables for explicit packet labling protocols.
4811a03f78SPaul Moore  *
4911a03f78SPaul Moore  * Network protocols such as CIPSO and RIPSO require a label translation layer
5011a03f78SPaul Moore  * to convert the label on the packet into something meaningful on the host
5111a03f78SPaul Moore  * machine.  In the current Linux implementation these mapping tables live
5211a03f78SPaul Moore  * inside the kernel; NetLabel provides a mechanism for user space applications
5311a03f78SPaul Moore  * to manage these mapping tables.
5411a03f78SPaul Moore  *
5511a03f78SPaul Moore  * NetLabel makes use of the Generic NETLINK mechanism as a transport layer to
5611a03f78SPaul Moore  * send messages between kernel and user space.  The general format of a
5711a03f78SPaul Moore  * NetLabel message is shown below:
5811a03f78SPaul Moore  *
5911a03f78SPaul Moore  *  +-----------------+-------------------+--------- --- -- -
6011a03f78SPaul Moore  *  | struct nlmsghdr | struct genlmsghdr | payload
6111a03f78SPaul Moore  *  +-----------------+-------------------+--------- --- -- -
6211a03f78SPaul Moore  *
6311a03f78SPaul Moore  * The 'nlmsghdr' and 'genlmsghdr' structs should be dealt with like normal.
6411a03f78SPaul Moore  * The payload is dependent on the subsystem specified in the
6511a03f78SPaul Moore  * 'nlmsghdr->nlmsg_type' and should be defined below, supporting functions
6611a03f78SPaul Moore  * should be defined in the corresponding net/netlabel/netlabel_<subsys>.h|c
67fcd48280SPaul Moore  * file.  All of the fields in the NetLabel payload are NETLINK attributes, see
68fcd48280SPaul Moore  * the include/net/netlink.h file for more information on NETLINK attributes.
6911a03f78SPaul Moore  *
7011a03f78SPaul Moore  */
7111a03f78SPaul Moore 
7211a03f78SPaul Moore /*
7311a03f78SPaul Moore  * NetLabel NETLINK protocol
7411a03f78SPaul Moore  */
7511a03f78SPaul Moore 
768cc44579SPaul Moore /* NetLabel NETLINK protocol version
778cc44579SPaul Moore  *  1: initial version
788cc44579SPaul Moore  *  2: added static labels for unlabeled connections
79d91d4079SPaul Moore  *  3: network selectors added to the NetLabel/LSM domain mapping and the
80d91d4079SPaul Moore  *     CIPSO_V4_MAP_LOCAL CIPSO mapping was added
818cc44579SPaul Moore  */
8263c41688SPaul Moore #define NETLBL_PROTO_VERSION            3
8311a03f78SPaul Moore 
8411a03f78SPaul Moore /* NetLabel NETLINK types/families */
8511a03f78SPaul Moore #define NETLBL_NLTYPE_NONE              0
8611a03f78SPaul Moore #define NETLBL_NLTYPE_MGMT              1
8711a03f78SPaul Moore #define NETLBL_NLTYPE_MGMT_NAME         "NLBL_MGMT"
8811a03f78SPaul Moore #define NETLBL_NLTYPE_RIPSO             2
8911a03f78SPaul Moore #define NETLBL_NLTYPE_RIPSO_NAME        "NLBL_RIPSO"
9011a03f78SPaul Moore #define NETLBL_NLTYPE_CIPSOV4           3
9111a03f78SPaul Moore #define NETLBL_NLTYPE_CIPSOV4_NAME      "NLBL_CIPSOv4"
9211a03f78SPaul Moore #define NETLBL_NLTYPE_CIPSOV6           4
9311a03f78SPaul Moore #define NETLBL_NLTYPE_CIPSOV6_NAME      "NLBL_CIPSOv6"
9411a03f78SPaul Moore #define NETLBL_NLTYPE_UNLABELED         5
9511a03f78SPaul Moore #define NETLBL_NLTYPE_UNLABELED_NAME    "NLBL_UNLBL"
9663c41688SPaul Moore #define NETLBL_NLTYPE_ADDRSELECT        6
9763c41688SPaul Moore #define NETLBL_NLTYPE_ADDRSELECT_NAME   "NLBL_ADRSEL"
9811a03f78SPaul Moore 
9911a03f78SPaul Moore /*
10011a03f78SPaul Moore  * NetLabel - Kernel API for accessing the network packet label mappings.
10111a03f78SPaul Moore  *
10211a03f78SPaul Moore  * The following functions are provided for use by other kernel modules,
10311a03f78SPaul Moore  * specifically kernel LSM modules, to provide a consistent, transparent API
10411a03f78SPaul Moore  * for dealing with explicit packet labeling protocols such as CIPSO and
10511a03f78SPaul Moore  * RIPSO.  The functions defined here are implemented in the
10611a03f78SPaul Moore  * net/netlabel/netlabel_kapi.c file.
10711a03f78SPaul Moore  *
10811a03f78SPaul Moore  */
10911a03f78SPaul Moore 
11095d4e6beSPaul Moore /* NetLabel audit information */
11195d4e6beSPaul Moore struct netlbl_audit {
11295d4e6beSPaul Moore 	u32 secid;
11395d4e6beSPaul Moore 	uid_t loginuid;
1142532386fSEric Paris 	u32 sessionid;
11595d4e6beSPaul Moore };
11695d4e6beSPaul Moore 
11716efd454SPaul Moore /*
11816efd454SPaul Moore  * LSM security attributes
11916efd454SPaul Moore  */
12016efd454SPaul Moore 
12116efd454SPaul Moore /**
12216efd454SPaul Moore  * struct netlbl_lsm_cache - NetLabel LSM security attribute cache
12316efd454SPaul Moore  * @refcount: atomic reference counter
12416efd454SPaul Moore  * @free: LSM supplied function to free the cache data
12516efd454SPaul Moore  * @data: LSM supplied cache data
12616efd454SPaul Moore  *
12716efd454SPaul Moore  * Description:
12816efd454SPaul Moore  * This structure is provided for LSMs which wish to make use of the NetLabel
12916efd454SPaul Moore  * caching mechanism to store LSM specific data/attributes in the NetLabel
13016efd454SPaul Moore  * cache.  If the LSM has to perform a lot of translation from the NetLabel
13116efd454SPaul Moore  * security attributes into it's own internal representation then the cache
13216efd454SPaul Moore  * mechanism can provide a way to eliminate some or all of that translation
13316efd454SPaul Moore  * overhead on a cache hit.
13416efd454SPaul Moore  *
13516efd454SPaul Moore  */
13611a03f78SPaul Moore struct netlbl_lsm_cache {
137ffb733c6Spaul.moore@hp.com 	atomic_t refcount;
13811a03f78SPaul Moore 	void (*free) (const void *data);
13911a03f78SPaul Moore 	void *data;
14011a03f78SPaul Moore };
14116efd454SPaul Moore 
14216efd454SPaul Moore /**
14316efd454SPaul Moore  * struct netlbl_lsm_secattr_catmap - NetLabel LSM secattr category bitmap
14416efd454SPaul Moore  * @startbit: the value of the lowest order bit in the bitmap
14516efd454SPaul Moore  * @bitmap: the category bitmap
14616efd454SPaul Moore  * @next: pointer to the next bitmap "node" or NULL
14716efd454SPaul Moore  *
14816efd454SPaul Moore  * Description:
14916efd454SPaul Moore  * This structure is used to represent category bitmaps.  Due to the large
15016efd454SPaul Moore  * number of categories supported by most labeling protocols it is not
15116efd454SPaul Moore  * practical to transfer a full bitmap internally so NetLabel adopts a sparse
15216efd454SPaul Moore  * bitmap structure modeled after SELinux's ebitmap structure.
15316efd454SPaul Moore  * The catmap bitmap field MUST be a power of two in length and large
15402752760SPaul Moore  * enough to hold at least 240 bits.  Special care (i.e. check the code!)
15502752760SPaul Moore  * should be used when changing these values as the LSM implementation
15602752760SPaul Moore  * probably has functions which rely on the sizes of these types to speed
15716efd454SPaul Moore  * processing.
15816efd454SPaul Moore  *
15916efd454SPaul Moore  */
16002752760SPaul Moore #define NETLBL_CATMAP_MAPTYPE           u64
16102752760SPaul Moore #define NETLBL_CATMAP_MAPCNT            4
16202752760SPaul Moore #define NETLBL_CATMAP_MAPSIZE           (sizeof(NETLBL_CATMAP_MAPTYPE) * 8)
16302752760SPaul Moore #define NETLBL_CATMAP_SIZE              (NETLBL_CATMAP_MAPSIZE * \
16402752760SPaul Moore 					 NETLBL_CATMAP_MAPCNT)
16502752760SPaul Moore #define NETLBL_CATMAP_BIT               (NETLBL_CATMAP_MAPTYPE)0x01
16602752760SPaul Moore struct netlbl_lsm_secattr_catmap {
16702752760SPaul Moore 	u32 startbit;
16802752760SPaul Moore 	NETLBL_CATMAP_MAPTYPE bitmap[NETLBL_CATMAP_MAPCNT];
16902752760SPaul Moore 	struct netlbl_lsm_secattr_catmap *next;
17002752760SPaul Moore };
17116efd454SPaul Moore 
17216efd454SPaul Moore /**
17316efd454SPaul Moore  * struct netlbl_lsm_secattr - NetLabel LSM security attributes
17400447872SPaul Moore  * @flags: indicate structure attributes, see NETLBL_SECATTR_*
17516efd454SPaul Moore  * @type: indicate the NLTYPE of the attributes
17616efd454SPaul Moore  * @domain: the NetLabel LSM domain
17716efd454SPaul Moore  * @cache: NetLabel LSM specific cache
17816efd454SPaul Moore  * @attr.mls: MLS sensitivity label
17916efd454SPaul Moore  * @attr.mls.cat: MLS category bitmap
18016efd454SPaul Moore  * @attr.mls.lvl: MLS sensitivity level
18116efd454SPaul Moore  * @attr.secid: LSM specific secid token
18216efd454SPaul Moore  *
18316efd454SPaul Moore  * Description:
18416efd454SPaul Moore  * This structure is used to pass security attributes between NetLabel and the
18516efd454SPaul Moore  * LSM modules.  The flags field is used to specify which fields within the
18616efd454SPaul Moore  * struct are valid and valid values can be created by bitwise OR'ing the
18716efd454SPaul Moore  * NETLBL_SECATTR_* defines.  The domain field is typically set by the LSM to
18816efd454SPaul Moore  * specify domain specific configuration settings and is not usually used by
18916efd454SPaul Moore  * NetLabel itself when returning security attributes to the LSM.
19016efd454SPaul Moore  *
19116efd454SPaul Moore  */
19200447872SPaul Moore struct netlbl_lsm_secattr {
19300447872SPaul Moore 	u32 flags;
19400447872SPaul Moore 	/* bitmap values for 'flags' */
195701a90baSPaul Moore #define NETLBL_SECATTR_NONE             0x00000000
196701a90baSPaul Moore #define NETLBL_SECATTR_DOMAIN           0x00000001
19700447872SPaul Moore #define NETLBL_SECATTR_DOMAIN_CPY       (NETLBL_SECATTR_DOMAIN | \
19800447872SPaul Moore 					 NETLBL_SECATTR_FREE_DOMAIN)
199701a90baSPaul Moore #define NETLBL_SECATTR_CACHE            0x00000002
200701a90baSPaul Moore #define NETLBL_SECATTR_MLS_LVL          0x00000004
201701a90baSPaul Moore #define NETLBL_SECATTR_MLS_CAT          0x00000008
20216efd454SPaul Moore #define NETLBL_SECATTR_SECID            0x00000010
20300447872SPaul Moore 	/* bitmap meta-values for 'flags' */
20400447872SPaul Moore #define NETLBL_SECATTR_FREE_DOMAIN      0x01000000
2059534f71cSPaul Moore #define NETLBL_SECATTR_CACHEABLE        (NETLBL_SECATTR_MLS_LVL | \
20616efd454SPaul Moore 					 NETLBL_SECATTR_MLS_CAT | \
20716efd454SPaul Moore 					 NETLBL_SECATTR_SECID)
20816efd454SPaul Moore 	u32 type;
20911a03f78SPaul Moore 	char *domain;
210ffb733c6Spaul.moore@hp.com 	struct netlbl_lsm_cache *cache;
2118d75899dSPaul Moore 	struct {
21216efd454SPaul Moore 		struct {
21316efd454SPaul Moore 			struct netlbl_lsm_secattr_catmap *cat;
21416efd454SPaul Moore 			u32 lvl;
21516efd454SPaul Moore 		} mls;
21616efd454SPaul Moore 		u32 secid;
21716efd454SPaul Moore 	} attr;
21811a03f78SPaul Moore };
21911a03f78SPaul Moore 
22011a03f78SPaul Moore /*
22123bcdc1aSPaul Moore  * LSM security attribute operations (inline)
22211a03f78SPaul Moore  */
22311a03f78SPaul Moore 
22411a03f78SPaul Moore /**
225ffb733c6Spaul.moore@hp.com  * netlbl_secattr_cache_alloc - Allocate and initialize a secattr cache
226ffb733c6Spaul.moore@hp.com  * @flags: the memory allocation flags
227ffb733c6Spaul.moore@hp.com  *
228ffb733c6Spaul.moore@hp.com  * Description:
229ffb733c6Spaul.moore@hp.com  * Allocate and initialize a netlbl_lsm_cache structure.  Returns a pointer
230ffb733c6Spaul.moore@hp.com  * on success, NULL on failure.
231ffb733c6Spaul.moore@hp.com  *
232ffb733c6Spaul.moore@hp.com  */
233645408d1SAl Viro static inline struct netlbl_lsm_cache *netlbl_secattr_cache_alloc(gfp_t flags)
234ffb733c6Spaul.moore@hp.com {
235ffb733c6Spaul.moore@hp.com 	struct netlbl_lsm_cache *cache;
236ffb733c6Spaul.moore@hp.com 
237ffb733c6Spaul.moore@hp.com 	cache = kzalloc(sizeof(*cache), flags);
238ffb733c6Spaul.moore@hp.com 	if (cache)
239ffb733c6Spaul.moore@hp.com 		atomic_set(&cache->refcount, 1);
240ffb733c6Spaul.moore@hp.com 	return cache;
241ffb733c6Spaul.moore@hp.com }
242ffb733c6Spaul.moore@hp.com 
243ffb733c6Spaul.moore@hp.com /**
244ffb733c6Spaul.moore@hp.com  * netlbl_secattr_cache_free - Frees a netlbl_lsm_cache struct
245ffb733c6Spaul.moore@hp.com  * @cache: the struct to free
246ffb733c6Spaul.moore@hp.com  *
247ffb733c6Spaul.moore@hp.com  * Description:
248ffb733c6Spaul.moore@hp.com  * Frees @secattr including all of the internal buffers.
249ffb733c6Spaul.moore@hp.com  *
250ffb733c6Spaul.moore@hp.com  */
251ffb733c6Spaul.moore@hp.com static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache)
252ffb733c6Spaul.moore@hp.com {
253ffb733c6Spaul.moore@hp.com 	if (!atomic_dec_and_test(&cache->refcount))
254ffb733c6Spaul.moore@hp.com 		return;
255ffb733c6Spaul.moore@hp.com 
256ffb733c6Spaul.moore@hp.com 	if (cache->free)
257ffb733c6Spaul.moore@hp.com 		cache->free(cache->data);
258ffb733c6Spaul.moore@hp.com 	kfree(cache);
259ffb733c6Spaul.moore@hp.com }
260ffb733c6Spaul.moore@hp.com 
261ffb733c6Spaul.moore@hp.com /**
26202752760SPaul Moore  * netlbl_secattr_catmap_alloc - Allocate a LSM secattr catmap
26302752760SPaul Moore  * @flags: memory allocation flags
26402752760SPaul Moore  *
26502752760SPaul Moore  * Description:
26602752760SPaul Moore  * Allocate memory for a LSM secattr catmap, returns a pointer on success, NULL
26702752760SPaul Moore  * on failure.
26802752760SPaul Moore  *
26902752760SPaul Moore  */
27002752760SPaul Moore static inline struct netlbl_lsm_secattr_catmap *netlbl_secattr_catmap_alloc(
27102752760SPaul Moore 	                                                           gfp_t flags)
27202752760SPaul Moore {
27302752760SPaul Moore 	return kzalloc(sizeof(struct netlbl_lsm_secattr_catmap), flags);
27402752760SPaul Moore }
27502752760SPaul Moore 
27602752760SPaul Moore /**
27702752760SPaul Moore  * netlbl_secattr_catmap_free - Free a LSM secattr catmap
27802752760SPaul Moore  * @catmap: the category bitmap
27902752760SPaul Moore  *
28002752760SPaul Moore  * Description:
28102752760SPaul Moore  * Free a LSM secattr catmap.
28202752760SPaul Moore  *
28302752760SPaul Moore  */
28402752760SPaul Moore static inline void netlbl_secattr_catmap_free(
28502752760SPaul Moore 	                              struct netlbl_lsm_secattr_catmap *catmap)
28602752760SPaul Moore {
28702752760SPaul Moore 	struct netlbl_lsm_secattr_catmap *iter;
28802752760SPaul Moore 
28902752760SPaul Moore 	do {
29002752760SPaul Moore 		iter = catmap;
29102752760SPaul Moore 		catmap = catmap->next;
29202752760SPaul Moore 		kfree(iter);
29302752760SPaul Moore 	} while (catmap);
29402752760SPaul Moore }
29502752760SPaul Moore 
29602752760SPaul Moore /**
29711a03f78SPaul Moore  * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct
29811a03f78SPaul Moore  * @secattr: the struct to initialize
29911a03f78SPaul Moore  *
30011a03f78SPaul Moore  * Description:
301c6fa82a9SPaul Moore  * Initialize an already allocated netlbl_lsm_secattr struct.
30211a03f78SPaul Moore  *
30311a03f78SPaul Moore  */
304c6fa82a9SPaul Moore static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
30511a03f78SPaul Moore {
30616efd454SPaul Moore 	memset(secattr, 0, sizeof(*secattr));
30711a03f78SPaul Moore }
30811a03f78SPaul Moore 
30911a03f78SPaul Moore /**
31011a03f78SPaul Moore  * netlbl_secattr_destroy - Clears a netlbl_lsm_secattr struct
31111a03f78SPaul Moore  * @secattr: the struct to clear
31211a03f78SPaul Moore  *
31311a03f78SPaul Moore  * Description:
31411a03f78SPaul Moore  * Destroys the @secattr struct, including freeing all of the internal buffers.
315ffb733c6Spaul.moore@hp.com  * The struct must be reset with a call to netlbl_secattr_init() before reuse.
31611a03f78SPaul Moore  *
31711a03f78SPaul Moore  */
318ffb733c6Spaul.moore@hp.com static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
31911a03f78SPaul Moore {
32000447872SPaul Moore 	if (secattr->flags & NETLBL_SECATTR_FREE_DOMAIN)
32111a03f78SPaul Moore 		kfree(secattr->domain);
32216efd454SPaul Moore 	if (secattr->flags & NETLBL_SECATTR_CACHE)
32316efd454SPaul Moore 		netlbl_secattr_cache_free(secattr->cache);
32416efd454SPaul Moore 	if (secattr->flags & NETLBL_SECATTR_MLS_CAT)
32516efd454SPaul Moore 		netlbl_secattr_catmap_free(secattr->attr.mls.cat);
32611a03f78SPaul Moore }
32711a03f78SPaul Moore 
32811a03f78SPaul Moore /**
32911a03f78SPaul Moore  * netlbl_secattr_alloc - Allocate and initialize a netlbl_lsm_secattr struct
33011a03f78SPaul Moore  * @flags: the memory allocation flags
33111a03f78SPaul Moore  *
33211a03f78SPaul Moore  * Description:
33311a03f78SPaul Moore  * Allocate and initialize a netlbl_lsm_secattr struct.  Returns a valid
33411a03f78SPaul Moore  * pointer on success, or NULL on failure.
33511a03f78SPaul Moore  *
33611a03f78SPaul Moore  */
3371f758d93SPaul Moore static inline struct netlbl_lsm_secattr *netlbl_secattr_alloc(gfp_t flags)
33811a03f78SPaul Moore {
33911a03f78SPaul Moore 	return kzalloc(sizeof(struct netlbl_lsm_secattr), flags);
34011a03f78SPaul Moore }
34111a03f78SPaul Moore 
34211a03f78SPaul Moore /**
34311a03f78SPaul Moore  * netlbl_secattr_free - Frees a netlbl_lsm_secattr struct
34411a03f78SPaul Moore  * @secattr: the struct to free
34511a03f78SPaul Moore  *
34611a03f78SPaul Moore  * Description:
347ffb733c6Spaul.moore@hp.com  * Frees @secattr including all of the internal buffers.
34811a03f78SPaul Moore  *
34911a03f78SPaul Moore  */
350ffb733c6Spaul.moore@hp.com static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)
35111a03f78SPaul Moore {
352ffb733c6Spaul.moore@hp.com 	netlbl_secattr_destroy(secattr);
35311a03f78SPaul Moore 	kfree(secattr);
35411a03f78SPaul Moore }
35511a03f78SPaul Moore 
35602752760SPaul Moore #ifdef CONFIG_NETLABEL
35723bcdc1aSPaul Moore /*
358eda61d32SPaul Moore  * LSM configuration operations
359eda61d32SPaul Moore  */
3606c2e8ac0SPaul Moore int netlbl_cfg_map_del(const char *domain,
3616c2e8ac0SPaul Moore 		       u16 family,
3626c2e8ac0SPaul Moore 		       const void *addr,
3636c2e8ac0SPaul Moore 		       const void *mask,
364eda61d32SPaul Moore 		       struct netlbl_audit *audit_info);
3656c2e8ac0SPaul Moore int netlbl_cfg_unlbl_map_add(const char *domain,
3666c2e8ac0SPaul Moore 			     u16 family,
3676c2e8ac0SPaul Moore 			     const void *addr,
3686c2e8ac0SPaul Moore 			     const void *mask,
3696c2e8ac0SPaul Moore 			     struct netlbl_audit *audit_info);
3706c2e8ac0SPaul Moore int netlbl_cfg_unlbl_static_add(struct net *net,
3716c2e8ac0SPaul Moore 				const char *dev_name,
3726c2e8ac0SPaul Moore 				const void *addr,
3736c2e8ac0SPaul Moore 				const void *mask,
3746c2e8ac0SPaul Moore 				u16 family,
3756c2e8ac0SPaul Moore 				u32 secid,
3766c2e8ac0SPaul Moore 				struct netlbl_audit *audit_info);
3776c2e8ac0SPaul Moore int netlbl_cfg_unlbl_static_del(struct net *net,
3786c2e8ac0SPaul Moore 				const char *dev_name,
3796c2e8ac0SPaul Moore 				const void *addr,
3806c2e8ac0SPaul Moore 				const void *mask,
3816c2e8ac0SPaul Moore 				u16 family,
3826c2e8ac0SPaul Moore 				struct netlbl_audit *audit_info);
3836c2e8ac0SPaul Moore int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
3846c2e8ac0SPaul Moore 			   struct netlbl_audit *audit_info);
3856c2e8ac0SPaul Moore void netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info);
3866c2e8ac0SPaul Moore int netlbl_cfg_cipsov4_map_add(u32 doi,
387eda61d32SPaul Moore 			       const char *domain,
3886c2e8ac0SPaul Moore 			       const struct in_addr *addr,
3896c2e8ac0SPaul Moore 			       const struct in_addr *mask,
390eda61d32SPaul Moore 			       struct netlbl_audit *audit_info);
391eda61d32SPaul Moore /*
39223bcdc1aSPaul Moore  * LSM security attribute operations
39323bcdc1aSPaul Moore  */
39402752760SPaul Moore int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
39502752760SPaul Moore 			       u32 offset);
39602752760SPaul Moore int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
39702752760SPaul Moore 				   u32 offset);
39802752760SPaul Moore int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap,
39902752760SPaul Moore 				 u32 bit,
40002752760SPaul Moore 				 gfp_t flags);
40102752760SPaul Moore int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
40202752760SPaul Moore 				 u32 start,
40302752760SPaul Moore 				 u32 end,
40402752760SPaul Moore 				 gfp_t flags);
40523bcdc1aSPaul Moore 
40623bcdc1aSPaul Moore /*
40716efd454SPaul Moore  * LSM protocol operations (NetLabel LSM/kernel API)
40823bcdc1aSPaul Moore  */
40923bcdc1aSPaul Moore int netlbl_enabled(void);
41023bcdc1aSPaul Moore int netlbl_sock_setattr(struct sock *sk,
411389fb800SPaul Moore 			u16 family,
41223bcdc1aSPaul Moore 			const struct netlbl_lsm_secattr *secattr);
413014ab19aSPaul Moore void netlbl_sock_delattr(struct sock *sk);
41423bcdc1aSPaul Moore int netlbl_sock_getattr(struct sock *sk,
41523bcdc1aSPaul Moore 			struct netlbl_lsm_secattr *secattr);
416014ab19aSPaul Moore int netlbl_conn_setattr(struct sock *sk,
417014ab19aSPaul Moore 			struct sockaddr *addr,
418014ab19aSPaul Moore 			const struct netlbl_lsm_secattr *secattr);
419389fb800SPaul Moore int netlbl_req_setattr(struct request_sock *req,
420389fb800SPaul Moore 		       const struct netlbl_lsm_secattr *secattr);
42107feee8fSPaul Moore void netlbl_req_delattr(struct request_sock *req);
422948bf85cSPaul Moore int netlbl_skbuff_setattr(struct sk_buff *skb,
423948bf85cSPaul Moore 			  u16 family,
424948bf85cSPaul Moore 			  const struct netlbl_lsm_secattr *secattr);
42523bcdc1aSPaul Moore int netlbl_skbuff_getattr(const struct sk_buff *skb,
42675e22910SPaul Moore 			  u16 family,
42723bcdc1aSPaul Moore 			  struct netlbl_lsm_secattr *secattr);
428dfaebe98SPaul Moore void netlbl_skbuff_err(struct sk_buff *skb, int error, int gateway);
42923bcdc1aSPaul Moore 
43023bcdc1aSPaul Moore /*
43123bcdc1aSPaul Moore  * LSM label mapping cache operations
43223bcdc1aSPaul Moore  */
43323bcdc1aSPaul Moore void netlbl_cache_invalidate(void);
43423bcdc1aSPaul Moore int netlbl_cache_add(const struct sk_buff *skb,
43523bcdc1aSPaul Moore 		     const struct netlbl_lsm_secattr *secattr);
4366c2e8ac0SPaul Moore 
4376c2e8ac0SPaul Moore /*
4386c2e8ac0SPaul Moore  * Protocol engine operations
4396c2e8ac0SPaul Moore  */
4406c2e8ac0SPaul Moore struct audit_buffer *netlbl_audit_start(int type,
4416c2e8ac0SPaul Moore 					struct netlbl_audit *audit_info);
44202752760SPaul Moore #else
443eda61d32SPaul Moore static inline int netlbl_cfg_map_del(const char *domain,
4446c2e8ac0SPaul Moore 				     u16 family,
4456c2e8ac0SPaul Moore 				     const void *addr,
4466c2e8ac0SPaul Moore 				     const void *mask,
447eda61d32SPaul Moore 				     struct netlbl_audit *audit_info)
448eda61d32SPaul Moore {
449eda61d32SPaul Moore 	return -ENOSYS;
450eda61d32SPaul Moore }
4516c2e8ac0SPaul Moore static inline int netlbl_cfg_unlbl_map_add(const char *domain,
4526c2e8ac0SPaul Moore 					   u16 family,
4536c2e8ac0SPaul Moore 					   void *addr,
4546c2e8ac0SPaul Moore 					   void *mask,
455eda61d32SPaul Moore 					   struct netlbl_audit *audit_info)
456eda61d32SPaul Moore {
457eda61d32SPaul Moore 	return -ENOSYS;
458eda61d32SPaul Moore }
4596c2e8ac0SPaul Moore static inline int netlbl_cfg_unlbl_static_add(struct net *net,
4606c2e8ac0SPaul Moore 					      const char *dev_name,
4616c2e8ac0SPaul Moore 					      const void *addr,
4626c2e8ac0SPaul Moore 					      const void *mask,
4636c2e8ac0SPaul Moore 					      u16 family,
4646c2e8ac0SPaul Moore 					      u32 secid,
4656c2e8ac0SPaul Moore 					      struct netlbl_audit *audit_info)
4666c2e8ac0SPaul Moore {
4676c2e8ac0SPaul Moore 	return -ENOSYS;
4686c2e8ac0SPaul Moore }
4696c2e8ac0SPaul Moore static inline int netlbl_cfg_unlbl_static_del(struct net *net,
4706c2e8ac0SPaul Moore 					      const char *dev_name,
4716c2e8ac0SPaul Moore 					      const void *addr,
4726c2e8ac0SPaul Moore 					      const void *mask,
4736c2e8ac0SPaul Moore 					      u16 family,
4746c2e8ac0SPaul Moore 					      struct netlbl_audit *audit_info)
4756c2e8ac0SPaul Moore {
4766c2e8ac0SPaul Moore 	return -ENOSYS;
4776c2e8ac0SPaul Moore }
4786c2e8ac0SPaul Moore static inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
4796c2e8ac0SPaul Moore 					 struct netlbl_audit *audit_info)
4806c2e8ac0SPaul Moore {
4816c2e8ac0SPaul Moore 	return -ENOSYS;
4826c2e8ac0SPaul Moore }
4836c2e8ac0SPaul Moore static inline void netlbl_cfg_cipsov4_del(u32 doi,
4846c2e8ac0SPaul Moore 					  struct netlbl_audit *audit_info)
4856c2e8ac0SPaul Moore {
4866c2e8ac0SPaul Moore 	return;
4876c2e8ac0SPaul Moore }
4886c2e8ac0SPaul Moore static inline int netlbl_cfg_cipsov4_map_add(u32 doi,
489eda61d32SPaul Moore 					     const char *domain,
4906c2e8ac0SPaul Moore 					     const struct in_addr *addr,
4916c2e8ac0SPaul Moore 					     const struct in_addr *mask,
492eda61d32SPaul Moore 					     struct netlbl_audit *audit_info)
493eda61d32SPaul Moore {
494eda61d32SPaul Moore 	return -ENOSYS;
495eda61d32SPaul Moore }
49602752760SPaul Moore static inline int netlbl_secattr_catmap_walk(
49702752760SPaul Moore 	                              struct netlbl_lsm_secattr_catmap *catmap,
49802752760SPaul Moore 				      u32 offset)
49902752760SPaul Moore {
50002752760SPaul Moore 	return -ENOENT;
50102752760SPaul Moore }
50202752760SPaul Moore static inline int netlbl_secattr_catmap_walk_rng(
50302752760SPaul Moore 				      struct netlbl_lsm_secattr_catmap *catmap,
50402752760SPaul Moore 				      u32 offset)
50502752760SPaul Moore {
50602752760SPaul Moore 	return -ENOENT;
50702752760SPaul Moore }
50802752760SPaul Moore static inline int netlbl_secattr_catmap_setbit(
50902752760SPaul Moore 	                              struct netlbl_lsm_secattr_catmap *catmap,
51002752760SPaul Moore 				      u32 bit,
51102752760SPaul Moore 				      gfp_t flags)
51202752760SPaul Moore {
51302752760SPaul Moore 	return 0;
51402752760SPaul Moore }
51502752760SPaul Moore static inline int netlbl_secattr_catmap_setrng(
51602752760SPaul Moore 	                              struct netlbl_lsm_secattr_catmap *catmap,
51702752760SPaul Moore 				      u32 start,
51802752760SPaul Moore 				      u32 end,
51902752760SPaul Moore 				      gfp_t flags)
52002752760SPaul Moore {
52102752760SPaul Moore 	return 0;
52202752760SPaul Moore }
52323bcdc1aSPaul Moore static inline int netlbl_enabled(void)
52423bcdc1aSPaul Moore {
52523bcdc1aSPaul Moore 	return 0;
52623bcdc1aSPaul Moore }
527ba6ff9f2SPaul Moore static inline int netlbl_sock_setattr(struct sock *sk,
528389fb800SPaul Moore 				      u16 family,
52911a03f78SPaul Moore 				      const struct netlbl_lsm_secattr *secattr)
53011a03f78SPaul Moore {
53111a03f78SPaul Moore 	return -ENOSYS;
53211a03f78SPaul Moore }
533014ab19aSPaul Moore static inline void netlbl_sock_delattr(struct sock *sk)
534014ab19aSPaul Moore {
535014ab19aSPaul Moore }
53614a72f53SPaul Moore static inline int netlbl_sock_getattr(struct sock *sk,
53714a72f53SPaul Moore 				      struct netlbl_lsm_secattr *secattr)
53814a72f53SPaul Moore {
53914a72f53SPaul Moore 	return -ENOSYS;
54014a72f53SPaul Moore }
541014ab19aSPaul Moore static inline int netlbl_conn_setattr(struct sock *sk,
542014ab19aSPaul Moore 				      struct sockaddr *addr,
543014ab19aSPaul Moore 				      const struct netlbl_lsm_secattr *secattr)
544014ab19aSPaul Moore {
545014ab19aSPaul Moore 	return -ENOSYS;
546014ab19aSPaul Moore }
547389fb800SPaul Moore static inline int netlbl_req_setattr(struct request_sock *req,
548389fb800SPaul Moore 				     const struct netlbl_lsm_secattr *secattr)
549389fb800SPaul Moore {
550389fb800SPaul Moore 	return -ENOSYS;
551389fb800SPaul Moore }
55207feee8fSPaul Moore static inline void netlbl_req_delattr(struct request_sock *req)
55307feee8fSPaul Moore {
55407feee8fSPaul Moore 	return;
55507feee8fSPaul Moore }
556948bf85cSPaul Moore static inline int netlbl_skbuff_setattr(struct sk_buff *skb,
557948bf85cSPaul Moore 				      u16 family,
558948bf85cSPaul Moore 				      const struct netlbl_lsm_secattr *secattr)
559948bf85cSPaul Moore {
560948bf85cSPaul Moore 	return -ENOSYS;
561948bf85cSPaul Moore }
56211a03f78SPaul Moore static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,
56375e22910SPaul Moore 					u16 family,
56411a03f78SPaul Moore 					struct netlbl_lsm_secattr *secattr)
56511a03f78SPaul Moore {
56611a03f78SPaul Moore 	return -ENOSYS;
56711a03f78SPaul Moore }
568dfaebe98SPaul Moore static inline void netlbl_skbuff_err(struct sk_buff *skb,
569dfaebe98SPaul Moore 				     int error,
570dfaebe98SPaul Moore 				     int gateway)
57111a03f78SPaul Moore {
57211a03f78SPaul Moore 	return;
57311a03f78SPaul Moore }
57411a03f78SPaul Moore static inline void netlbl_cache_invalidate(void)
57511a03f78SPaul Moore {
57611a03f78SPaul Moore 	return;
57711a03f78SPaul Moore }
57811a03f78SPaul Moore static inline int netlbl_cache_add(const struct sk_buff *skb,
57911a03f78SPaul Moore 				   const struct netlbl_lsm_secattr *secattr)
58011a03f78SPaul Moore {
58111a03f78SPaul Moore 	return 0;
58211a03f78SPaul Moore }
5836c2e8ac0SPaul Moore static inline struct audit_buffer *netlbl_audit_start(int type,
5846c2e8ac0SPaul Moore 						struct netlbl_audit *audit_info)
5856c2e8ac0SPaul Moore {
5866c2e8ac0SPaul Moore 	return NULL;
5876c2e8ac0SPaul Moore }
58811a03f78SPaul Moore #endif /* CONFIG_NETLABEL */
58911a03f78SPaul Moore 
59011a03f78SPaul Moore #endif /* _NETLABEL_H */
591