1 /*
2  * SELinux interface to the NetLabel subsystem
3  *
4  * Author : Paul Moore <paul.moore@hp.com>
5  *
6  */
7 
8 /*
9  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
10  *
11  * This program is free software;  you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
19  * the GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program;  if not, write to the Free Software
23  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24  *
25  */
26 
27 #ifndef _SELINUX_NETLABEL_H_
28 #define _SELINUX_NETLABEL_H_
29 
30 #include <linux/types.h>
31 #include <linux/fs.h>
32 #include <linux/net.h>
33 #include <linux/skbuff.h>
34 #include <net/sock.h>
35 
36 #include "avc.h"
37 #include "objsec.h"
38 
39 #ifdef CONFIG_NETLABEL
40 void selinux_netlbl_cache_invalidate(void);
41 
42 void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec,
43 				      int family);
44 void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec,
45 				     int family);
46 void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec,
47 				      struct sk_security_struct *newssec);
48 
49 int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid);
50 
51 void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock);
52 int selinux_netlbl_socket_post_create(struct socket *sock);
53 int selinux_netlbl_inode_permission(struct inode *inode, int mask);
54 int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
55 				struct sk_buff *skb,
56 				struct avc_audit_data *ad);
57 int selinux_netlbl_socket_setsockopt(struct socket *sock,
58 				     int level,
59 				     int optname);
60 #else
61 static inline void selinux_netlbl_cache_invalidate(void)
62 {
63 	return;
64 }
65 
66 static inline void selinux_netlbl_sk_security_reset(
67 	                                       struct sk_security_struct *ssec,
68 					       int family)
69 {
70 	return;
71 }
72 static inline void selinux_netlbl_sk_security_init(
73 	                                       struct sk_security_struct *ssec,
74 					       int family)
75 {
76 	return;
77 }
78 static inline void selinux_netlbl_sk_security_clone(
79 	                                    struct sk_security_struct *ssec,
80 					    struct sk_security_struct *newssec)
81 {
82 	return;
83 }
84 
85 static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
86 					       u32 base_sid,
87 					       u32 *sid)
88 {
89 	*sid = SECSID_NULL;
90 	return 0;
91 }
92 
93 static inline void selinux_netlbl_sock_graft(struct sock *sk,
94 					     struct socket *sock)
95 {
96 	return;
97 }
98 static inline int selinux_netlbl_socket_post_create(struct socket *sock)
99 {
100 	return 0;
101 }
102 static inline int selinux_netlbl_inode_permission(struct inode *inode,
103 						  int mask)
104 {
105 	return 0;
106 }
107 static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
108 					      struct sk_buff *skb,
109 					      struct avc_audit_data *ad)
110 {
111 	return 0;
112 }
113 static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
114 						   int level,
115 						   int optname)
116 {
117 	return 0;
118 }
119 #endif /* CONFIG_NETLABEL */
120 
121 #endif
122