1 /*
2  * NetLabel CALIPSO Support
3  *
4  * This file defines the CALIPSO functions for the NetLabel system.  The
5  * NetLabel system manages static and dynamic label mappings for network
6  * protocols such as CIPSO and RIPSO.
7  *
8  * Authors: Paul Moore <paul@paul-moore.com>
9  *          Huw Davies <huw@codeweavers.com>
10  *
11  */
12 
13 /* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14  * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015
15  *
16  * This program is free software;  you can redistribute it and/or modify
17  * it under the terms of the GNU General Public License as published by
18  * the Free Software Foundation; either version 2 of the License, or
19  * (at your option) any later version.
20  *
21  * This program is distributed in the hope that it will be useful,
22  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
23  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
24  * the GNU General Public License for more details.
25  *
26  * You should have received a copy of the GNU General Public License
27  * along with this program;  if not, see <http://www.gnu.org/licenses/>.
28  *
29  */
30 
31 #ifndef _NETLABEL_CALIPSO
32 #define _NETLABEL_CALIPSO
33 
34 #include <net/netlabel.h>
35 #include <net/calipso.h>
36 
37 /* The following NetLabel payloads are supported by the CALIPSO subsystem.
38  *
39  * o ADD:
40  *   Sent by an application to add a new DOI mapping table.
41  *
42  *   Required attributes:
43  *
44  *     NLBL_CALIPSO_A_DOI
45  *     NLBL_CALIPSO_A_MTYPE
46  *
47  *   If using CALIPSO_MAP_PASS no additional attributes are required.
48  *
49  * o REMOVE:
50  *   Sent by an application to remove a specific DOI mapping table from the
51  *   CALIPSO system.
52  *
53  *   Required attributes:
54  *
55  *     NLBL_CALIPSO_A_DOI
56  *
57  * o LIST:
58  *   Sent by an application to list the details of a DOI definition.  On
59  *   success the kernel should send a response using the following format.
60  *
61  *   Required attributes:
62  *
63  *     NLBL_CALIPSO_A_DOI
64  *
65  *   The valid response message format depends on the type of the DOI mapping,
66  *   the defined formats are shown below.
67  *
68  *   Required attributes:
69  *
70  *     NLBL_CALIPSO_A_MTYPE
71  *
72  *   If using CALIPSO_MAP_PASS no additional attributes are required.
73  *
74  * o LISTALL:
75  *   This message is sent by an application to list the valid DOIs on the
76  *   system.  When sent by an application there is no payload and the
77  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
78  *   the following messages.
79  *
80  *   Required attributes:
81  *
82  *    NLBL_CALIPSO_A_DOI
83  *    NLBL_CALIPSO_A_MTYPE
84  *
85  */
86 
87 /* NetLabel CALIPSO commands */
88 enum {
89 	NLBL_CALIPSO_C_UNSPEC,
90 	NLBL_CALIPSO_C_ADD,
91 	NLBL_CALIPSO_C_REMOVE,
92 	NLBL_CALIPSO_C_LIST,
93 	NLBL_CALIPSO_C_LISTALL,
94 	__NLBL_CALIPSO_C_MAX,
95 };
96 
97 /* NetLabel CALIPSO attributes */
98 enum {
99 	NLBL_CALIPSO_A_UNSPEC,
100 	NLBL_CALIPSO_A_DOI,
101 	/* (NLA_U32)
102 	 * the DOI value */
103 	NLBL_CALIPSO_A_MTYPE,
104 	/* (NLA_U32)
105 	 * the mapping table type (defined in the calipso.h header as
106 	 * CALIPSO_MAP_*) */
107 	__NLBL_CALIPSO_A_MAX,
108 };
109 
110 #define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1)
111 
112 /* NetLabel protocol functions */
113 #if IS_ENABLED(CONFIG_IPV6)
114 int netlbl_calipso_genl_init(void);
115 #else
116 static inline int netlbl_calipso_genl_init(void)
117 {
118 	return 0;
119 }
120 #endif
121 
122 int calipso_doi_add(struct calipso_doi *doi_def,
123 		    struct netlbl_audit *audit_info);
124 void calipso_doi_free(struct calipso_doi *doi_def);
125 int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info);
126 struct calipso_doi *calipso_doi_getdef(u32 doi);
127 void calipso_doi_putdef(struct calipso_doi *doi_def);
128 int calipso_doi_walk(u32 *skip_cnt,
129 		     int (*callback)(struct calipso_doi *doi_def, void *arg),
130 		     void *cb_arg);
131 int calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
132 int calipso_sock_setattr(struct sock *sk,
133 			 const struct calipso_doi *doi_def,
134 			 const struct netlbl_lsm_secattr *secattr);
135 void calipso_sock_delattr(struct sock *sk);
136 int calipso_req_setattr(struct request_sock *req,
137 			const struct calipso_doi *doi_def,
138 			const struct netlbl_lsm_secattr *secattr);
139 void calipso_req_delattr(struct request_sock *req);
140 unsigned char *calipso_optptr(const struct sk_buff *skb);
141 int calipso_getattr(const unsigned char *calipso,
142 		    struct netlbl_lsm_secattr *secattr);
143 int calipso_skbuff_setattr(struct sk_buff *skb,
144 			   const struct calipso_doi *doi_def,
145 			   const struct netlbl_lsm_secattr *secattr);
146 int calipso_skbuff_delattr(struct sk_buff *skb);
147 void calipso_cache_invalidate(void);
148 int calipso_cache_add(const unsigned char *calipso_ptr,
149 		      const struct netlbl_lsm_secattr *secattr);
150 
151 #endif
152