1 /*
2  * SELinux interface to the NetLabel subsystem
3  *
4  * Author : Paul Moore <paul.moore@hp.com>
5  *
6  */
7 
8 /*
9  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
10  *
11  * This program is free software;  you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
19  * the GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program;  if not, write to the Free Software
23  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24  *
25  */
26 
27 #ifndef _SELINUX_NETLABEL_H_
28 #define _SELINUX_NETLABEL_H_
29 
30 #include <linux/types.h>
31 #include <linux/fs.h>
32 #include <linux/net.h>
33 #include <linux/skbuff.h>
34 #include <net/sock.h>
35 
36 #include "avc.h"
37 #include "objsec.h"
38 
39 #ifdef CONFIG_NETLABEL
40 void selinux_netlbl_cache_invalidate(void);
41 
42 void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec,
43 				      int family);
44 void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec,
45 				     int family);
46 void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec,
47 				      struct sk_security_struct *newssec);
48 
49 int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
50 				 u16 family,
51 				 u32 *type,
52 				 u32 *sid);
53 
54 void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock);
55 int selinux_netlbl_socket_post_create(struct socket *sock);
56 int selinux_netlbl_inode_permission(struct inode *inode, int mask);
57 int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
58 				struct sk_buff *skb,
59 				u16 family,
60 				struct avc_audit_data *ad);
61 int selinux_netlbl_socket_setsockopt(struct socket *sock,
62 				     int level,
63 				     int optname);
64 #else
65 static inline void selinux_netlbl_cache_invalidate(void)
66 {
67 	return;
68 }
69 
70 static inline void selinux_netlbl_sk_security_reset(
71 	                                       struct sk_security_struct *ssec,
72 					       int family)
73 {
74 	return;
75 }
76 static inline void selinux_netlbl_sk_security_init(
77 	                                       struct sk_security_struct *ssec,
78 					       int family)
79 {
80 	return;
81 }
82 static inline void selinux_netlbl_sk_security_clone(
83 	                                    struct sk_security_struct *ssec,
84 					    struct sk_security_struct *newssec)
85 {
86 	return;
87 }
88 
89 static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
90 					       u16 family,
91 					       u32 *type,
92 					       u32 *sid)
93 {
94 	*type = NETLBL_NLTYPE_NONE;
95 	*sid = SECSID_NULL;
96 	return 0;
97 }
98 
99 static inline void selinux_netlbl_sock_graft(struct sock *sk,
100 					     struct socket *sock)
101 {
102 	return;
103 }
104 static inline int selinux_netlbl_socket_post_create(struct socket *sock)
105 {
106 	return 0;
107 }
108 static inline int selinux_netlbl_inode_permission(struct inode *inode,
109 						  int mask)
110 {
111 	return 0;
112 }
113 static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
114 					      struct sk_buff *skb,
115 					      u16 family,
116 					      struct avc_audit_data *ad)
117 {
118 	return 0;
119 }
120 static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
121 						   int level,
122 						   int optname)
123 {
124 	return 0;
125 }
126 #endif /* CONFIG_NETLABEL */
127 
128 #endif
129