1 /*
2  * SELinux interface to the NetLabel subsystem
3  *
4  * Author: Paul Moore <paul@paul-moore.com>
5  *
6  */
7 
8 /*
9  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
10  *
11  * This program is free software;  you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
19  * the GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
23  *
24  */
25 
26 #ifndef _SELINUX_NETLABEL_H_
27 #define _SELINUX_NETLABEL_H_
28 
29 #include <linux/types.h>
30 #include <linux/fs.h>
31 #include <linux/net.h>
32 #include <linux/skbuff.h>
33 #include <net/sock.h>
34 #include <net/request_sock.h>
35 #include <net/sctp/structs.h>
36 
37 #include "avc.h"
38 #include "objsec.h"
39 
40 #ifdef CONFIG_NETLABEL
41 void selinux_netlbl_cache_invalidate(void);
42 
43 void selinux_netlbl_err(struct sk_buff *skb, u16 family, int error,
44 			int gateway);
45 
46 void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec);
47 void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec);
48 
49 int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
50 				 u16 family,
51 				 u32 *type,
52 				 u32 *sid);
53 int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
54 				 u16 family,
55 				 u32 sid);
56 int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
57 				     struct sk_buff *skb);
58 int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family);
59 void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
60 void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk);
61 int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
62 int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
63 				struct sk_buff *skb,
64 				u16 family,
65 				struct common_audit_data *ad);
66 int selinux_netlbl_socket_setsockopt(struct socket *sock,
67 				     int level,
68 				     int optname);
69 int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
70 int selinux_netlbl_socket_connect_locked(struct sock *sk,
71 					 struct sockaddr *addr);
72 
73 #else
74 static inline void selinux_netlbl_cache_invalidate(void)
75 {
76 	return;
77 }
78 
79 static inline void selinux_netlbl_err(struct sk_buff *skb,
80 				      u16 family,
81 				      int error,
82 				      int gateway)
83 {
84 	return;
85 }
86 
87 static inline void selinux_netlbl_sk_security_free(
88 					       struct sk_security_struct *sksec)
89 {
90 	return;
91 }
92 
93 static inline void selinux_netlbl_sk_security_reset(
94 					       struct sk_security_struct *sksec)
95 {
96 	return;
97 }
98 
99 static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
100 					       u16 family,
101 					       u32 *type,
102 					       u32 *sid)
103 {
104 	*type = NETLBL_NLTYPE_NONE;
105 	*sid = SECSID_NULL;
106 	return 0;
107 }
108 static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
109 					       u16 family,
110 					       u32 sid)
111 {
112 	return 0;
113 }
114 
115 static inline int selinux_netlbl_conn_setsid(struct sock *sk,
116 					     struct sockaddr *addr)
117 {
118 	return 0;
119 }
120 
121 static inline int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
122 						    struct sk_buff *skb)
123 {
124 	return 0;
125 }
126 static inline int selinux_netlbl_inet_conn_request(struct request_sock *req,
127 						   u16 family)
128 {
129 	return 0;
130 }
131 static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
132 {
133 	return;
134 }
135 static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk,
136 						struct sock *newsk)
137 {
138 	return;
139 }
140 static inline int selinux_netlbl_socket_post_create(struct sock *sk,
141 						    u16 family)
142 {
143 	return 0;
144 }
145 static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
146 					      struct sk_buff *skb,
147 					      u16 family,
148 					      struct common_audit_data *ad)
149 {
150 	return 0;
151 }
152 static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
153 						   int level,
154 						   int optname)
155 {
156 	return 0;
157 }
158 static inline int selinux_netlbl_socket_connect(struct sock *sk,
159 						struct sockaddr *addr)
160 {
161 	return 0;
162 }
163 static inline int selinux_netlbl_socket_connect_locked(struct sock *sk,
164 						       struct sockaddr *addr)
165 {
166 	return 0;
167 }
168 #endif /* CONFIG_NETLABEL */
169 
170 #endif
171