1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* 3 * SELinux interface to the NetLabel subsystem 4 * 5 * Author: Paul Moore <paul@paul-moore.com> 6 */ 7 8 /* 9 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 10 */ 11 12 #ifndef _SELINUX_NETLABEL_H_ 13 #define _SELINUX_NETLABEL_H_ 14 15 #include <linux/types.h> 16 #include <linux/fs.h> 17 #include <linux/net.h> 18 #include <linux/skbuff.h> 19 #include <net/sock.h> 20 #include <net/request_sock.h> 21 #include <net/sctp/structs.h> 22 23 #include "avc.h" 24 #include "objsec.h" 25 26 #ifdef CONFIG_NETLABEL 27 void selinux_netlbl_cache_invalidate(void); 28 29 void selinux_netlbl_err(struct sk_buff *skb, u16 family, int error, 30 int gateway); 31 32 void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec); 33 void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec); 34 35 int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, 36 u16 family, 37 u32 *type, 38 u32 *sid); 39 int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, 40 u16 family, 41 u32 sid); 42 int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep, 43 struct sk_buff *skb); 44 int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family); 45 void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family); 46 void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk); 47 int selinux_netlbl_socket_post_create(struct sock *sk, u16 family); 48 int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 49 struct sk_buff *skb, 50 u16 family, 51 struct common_audit_data *ad); 52 int selinux_netlbl_socket_setsockopt(struct socket *sock, 53 int level, 54 int optname); 55 int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr); 56 int selinux_netlbl_socket_connect_locked(struct sock *sk, 57 struct sockaddr *addr); 58 59 #else 60 static inline void selinux_netlbl_cache_invalidate(void) 61 { 62 return; 63 } 64 65 static inline void selinux_netlbl_err(struct sk_buff *skb, 66 u16 family, 67 int error, 68 int gateway) 69 { 70 return; 71 } 72 73 static inline void selinux_netlbl_sk_security_free( 74 struct sk_security_struct *sksec) 75 { 76 return; 77 } 78 79 static inline void selinux_netlbl_sk_security_reset( 80 struct sk_security_struct *sksec) 81 { 82 return; 83 } 84 85 static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, 86 u16 family, 87 u32 *type, 88 u32 *sid) 89 { 90 *type = NETLBL_NLTYPE_NONE; 91 *sid = SECSID_NULL; 92 return 0; 93 } 94 static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, 95 u16 family, 96 u32 sid) 97 { 98 return 0; 99 } 100 101 static inline int selinux_netlbl_conn_setsid(struct sock *sk, 102 struct sockaddr *addr) 103 { 104 return 0; 105 } 106 107 static inline int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep, 108 struct sk_buff *skb) 109 { 110 return 0; 111 } 112 static inline int selinux_netlbl_inet_conn_request(struct request_sock *req, 113 u16 family) 114 { 115 return 0; 116 } 117 static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) 118 { 119 return; 120 } 121 static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk, 122 struct sock *newsk) 123 { 124 return; 125 } 126 static inline int selinux_netlbl_socket_post_create(struct sock *sk, 127 u16 family) 128 { 129 return 0; 130 } 131 static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 132 struct sk_buff *skb, 133 u16 family, 134 struct common_audit_data *ad) 135 { 136 return 0; 137 } 138 static inline int selinux_netlbl_socket_setsockopt(struct socket *sock, 139 int level, 140 int optname) 141 { 142 return 0; 143 } 144 static inline int selinux_netlbl_socket_connect(struct sock *sk, 145 struct sockaddr *addr) 146 { 147 return 0; 148 } 149 static inline int selinux_netlbl_socket_connect_locked(struct sock *sk, 150 struct sockaddr *addr) 151 { 152 return 0; 153 } 154 #endif /* CONFIG_NETLABEL */ 155 156 #endif 157