1 /* 2 * SELinux interface to the NetLabel subsystem 3 * 4 * Author : Paul Moore <paul.moore@hp.com> 5 * 6 */ 7 8 /* 9 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 19 * the GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program; if not, write to the Free Software 23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 24 * 25 */ 26 27 #ifndef _SELINUX_NETLABEL_H_ 28 #define _SELINUX_NETLABEL_H_ 29 30 #include <linux/types.h> 31 #include <linux/fs.h> 32 #include <linux/net.h> 33 #include <linux/skbuff.h> 34 #include <net/sock.h> 35 36 #include "avc.h" 37 #include "objsec.h" 38 39 #ifdef CONFIG_NETLABEL 40 void selinux_netlbl_cache_invalidate(void); 41 42 void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway); 43 44 void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec); 45 void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec, 46 int family); 47 48 int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, 49 u16 family, 50 u32 *type, 51 u32 *sid); 52 int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, 53 u16 family, 54 u32 sid); 55 56 void selinux_netlbl_inet_conn_established(struct sock *sk, u16 family); 57 int selinux_netlbl_socket_post_create(struct socket *sock); 58 int selinux_netlbl_inode_permission(struct inode *inode, int mask); 59 int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 60 struct sk_buff *skb, 61 u16 family, 62 struct avc_audit_data *ad); 63 int selinux_netlbl_socket_setsockopt(struct socket *sock, 64 int level, 65 int optname); 66 int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr); 67 68 #else 69 static inline void selinux_netlbl_cache_invalidate(void) 70 { 71 return; 72 } 73 74 static inline void selinux_netlbl_err(struct sk_buff *skb, 75 int error, 76 int gateway) 77 { 78 return; 79 } 80 81 static inline void selinux_netlbl_sk_security_free( 82 struct sk_security_struct *ssec) 83 { 84 return; 85 } 86 87 static inline void selinux_netlbl_sk_security_reset( 88 struct sk_security_struct *ssec, 89 int family) 90 { 91 return; 92 } 93 94 static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, 95 u16 family, 96 u32 *type, 97 u32 *sid) 98 { 99 *type = NETLBL_NLTYPE_NONE; 100 *sid = SECSID_NULL; 101 return 0; 102 } 103 static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, 104 u16 family, 105 u32 sid) 106 { 107 return 0; 108 } 109 110 static inline int selinux_netlbl_conn_setsid(struct sock *sk, 111 struct sockaddr *addr) 112 { 113 return 0; 114 } 115 116 static inline void selinux_netlbl_inet_conn_established(struct sock *sk, 117 u16 family) 118 { 119 return; 120 } 121 static inline int selinux_netlbl_socket_post_create(struct socket *sock) 122 { 123 return 0; 124 } 125 static inline int selinux_netlbl_inode_permission(struct inode *inode, 126 int mask) 127 { 128 return 0; 129 } 130 static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 131 struct sk_buff *skb, 132 u16 family, 133 struct avc_audit_data *ad) 134 { 135 return 0; 136 } 137 static inline int selinux_netlbl_socket_setsockopt(struct socket *sock, 138 int level, 139 int optname) 140 { 141 return 0; 142 } 143 static inline int selinux_netlbl_socket_connect(struct sock *sk, 144 struct sockaddr *addr) 145 { 146 return 0; 147 } 148 #endif /* CONFIG_NETLABEL */ 149 150 #endif 151