1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0-or-later */
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * SELinux interface to the NetLabel subsystem
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * Author: Paul Moore <paul@paul-moore.com>
6*4882a593Smuzhiyun */
7*4882a593Smuzhiyun
8*4882a593Smuzhiyun /*
9*4882a593Smuzhiyun * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
10*4882a593Smuzhiyun */
11*4882a593Smuzhiyun
12*4882a593Smuzhiyun #ifndef _SELINUX_NETLABEL_H_
13*4882a593Smuzhiyun #define _SELINUX_NETLABEL_H_
14*4882a593Smuzhiyun
15*4882a593Smuzhiyun #include <linux/types.h>
16*4882a593Smuzhiyun #include <linux/fs.h>
17*4882a593Smuzhiyun #include <linux/net.h>
18*4882a593Smuzhiyun #include <linux/skbuff.h>
19*4882a593Smuzhiyun #include <net/sock.h>
20*4882a593Smuzhiyun #include <net/request_sock.h>
21*4882a593Smuzhiyun #include <net/sctp/structs.h>
22*4882a593Smuzhiyun
23*4882a593Smuzhiyun #include "avc.h"
24*4882a593Smuzhiyun #include "objsec.h"
25*4882a593Smuzhiyun
26*4882a593Smuzhiyun #ifdef CONFIG_NETLABEL
27*4882a593Smuzhiyun void selinux_netlbl_cache_invalidate(void);
28*4882a593Smuzhiyun
29*4882a593Smuzhiyun void selinux_netlbl_err(struct sk_buff *skb, u16 family, int error,
30*4882a593Smuzhiyun int gateway);
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec);
33*4882a593Smuzhiyun void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec);
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
36*4882a593Smuzhiyun u16 family,
37*4882a593Smuzhiyun u32 *type,
38*4882a593Smuzhiyun u32 *sid);
39*4882a593Smuzhiyun int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
40*4882a593Smuzhiyun u16 family,
41*4882a593Smuzhiyun u32 sid);
42*4882a593Smuzhiyun int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
43*4882a593Smuzhiyun struct sk_buff *skb);
44*4882a593Smuzhiyun int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family);
45*4882a593Smuzhiyun void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
46*4882a593Smuzhiyun void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk);
47*4882a593Smuzhiyun int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
48*4882a593Smuzhiyun int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
49*4882a593Smuzhiyun struct sk_buff *skb,
50*4882a593Smuzhiyun u16 family,
51*4882a593Smuzhiyun struct common_audit_data *ad);
52*4882a593Smuzhiyun int selinux_netlbl_socket_setsockopt(struct socket *sock,
53*4882a593Smuzhiyun int level,
54*4882a593Smuzhiyun int optname);
55*4882a593Smuzhiyun int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
56*4882a593Smuzhiyun int selinux_netlbl_socket_connect_locked(struct sock *sk,
57*4882a593Smuzhiyun struct sockaddr *addr);
58*4882a593Smuzhiyun
59*4882a593Smuzhiyun #else
selinux_netlbl_cache_invalidate(void)60*4882a593Smuzhiyun static inline void selinux_netlbl_cache_invalidate(void)
61*4882a593Smuzhiyun {
62*4882a593Smuzhiyun return;
63*4882a593Smuzhiyun }
64*4882a593Smuzhiyun
selinux_netlbl_err(struct sk_buff * skb,u16 family,int error,int gateway)65*4882a593Smuzhiyun static inline void selinux_netlbl_err(struct sk_buff *skb,
66*4882a593Smuzhiyun u16 family,
67*4882a593Smuzhiyun int error,
68*4882a593Smuzhiyun int gateway)
69*4882a593Smuzhiyun {
70*4882a593Smuzhiyun return;
71*4882a593Smuzhiyun }
72*4882a593Smuzhiyun
selinux_netlbl_sk_security_free(struct sk_security_struct * sksec)73*4882a593Smuzhiyun static inline void selinux_netlbl_sk_security_free(
74*4882a593Smuzhiyun struct sk_security_struct *sksec)
75*4882a593Smuzhiyun {
76*4882a593Smuzhiyun return;
77*4882a593Smuzhiyun }
78*4882a593Smuzhiyun
selinux_netlbl_sk_security_reset(struct sk_security_struct * sksec)79*4882a593Smuzhiyun static inline void selinux_netlbl_sk_security_reset(
80*4882a593Smuzhiyun struct sk_security_struct *sksec)
81*4882a593Smuzhiyun {
82*4882a593Smuzhiyun return;
83*4882a593Smuzhiyun }
84*4882a593Smuzhiyun
selinux_netlbl_skbuff_getsid(struct sk_buff * skb,u16 family,u32 * type,u32 * sid)85*4882a593Smuzhiyun static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
86*4882a593Smuzhiyun u16 family,
87*4882a593Smuzhiyun u32 *type,
88*4882a593Smuzhiyun u32 *sid)
89*4882a593Smuzhiyun {
90*4882a593Smuzhiyun *type = NETLBL_NLTYPE_NONE;
91*4882a593Smuzhiyun *sid = SECSID_NULL;
92*4882a593Smuzhiyun return 0;
93*4882a593Smuzhiyun }
selinux_netlbl_skbuff_setsid(struct sk_buff * skb,u16 family,u32 sid)94*4882a593Smuzhiyun static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
95*4882a593Smuzhiyun u16 family,
96*4882a593Smuzhiyun u32 sid)
97*4882a593Smuzhiyun {
98*4882a593Smuzhiyun return 0;
99*4882a593Smuzhiyun }
100*4882a593Smuzhiyun
selinux_netlbl_sctp_assoc_request(struct sctp_endpoint * ep,struct sk_buff * skb)101*4882a593Smuzhiyun static inline int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
102*4882a593Smuzhiyun struct sk_buff *skb)
103*4882a593Smuzhiyun {
104*4882a593Smuzhiyun return 0;
105*4882a593Smuzhiyun }
selinux_netlbl_inet_conn_request(struct request_sock * req,u16 family)106*4882a593Smuzhiyun static inline int selinux_netlbl_inet_conn_request(struct request_sock *req,
107*4882a593Smuzhiyun u16 family)
108*4882a593Smuzhiyun {
109*4882a593Smuzhiyun return 0;
110*4882a593Smuzhiyun }
selinux_netlbl_inet_csk_clone(struct sock * sk,u16 family)111*4882a593Smuzhiyun static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
112*4882a593Smuzhiyun {
113*4882a593Smuzhiyun return;
114*4882a593Smuzhiyun }
selinux_netlbl_sctp_sk_clone(struct sock * sk,struct sock * newsk)115*4882a593Smuzhiyun static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk,
116*4882a593Smuzhiyun struct sock *newsk)
117*4882a593Smuzhiyun {
118*4882a593Smuzhiyun return;
119*4882a593Smuzhiyun }
selinux_netlbl_socket_post_create(struct sock * sk,u16 family)120*4882a593Smuzhiyun static inline int selinux_netlbl_socket_post_create(struct sock *sk,
121*4882a593Smuzhiyun u16 family)
122*4882a593Smuzhiyun {
123*4882a593Smuzhiyun return 0;
124*4882a593Smuzhiyun }
selinux_netlbl_sock_rcv_skb(struct sk_security_struct * sksec,struct sk_buff * skb,u16 family,struct common_audit_data * ad)125*4882a593Smuzhiyun static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
126*4882a593Smuzhiyun struct sk_buff *skb,
127*4882a593Smuzhiyun u16 family,
128*4882a593Smuzhiyun struct common_audit_data *ad)
129*4882a593Smuzhiyun {
130*4882a593Smuzhiyun return 0;
131*4882a593Smuzhiyun }
selinux_netlbl_socket_setsockopt(struct socket * sock,int level,int optname)132*4882a593Smuzhiyun static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
133*4882a593Smuzhiyun int level,
134*4882a593Smuzhiyun int optname)
135*4882a593Smuzhiyun {
136*4882a593Smuzhiyun return 0;
137*4882a593Smuzhiyun }
selinux_netlbl_socket_connect(struct sock * sk,struct sockaddr * addr)138*4882a593Smuzhiyun static inline int selinux_netlbl_socket_connect(struct sock *sk,
139*4882a593Smuzhiyun struct sockaddr *addr)
140*4882a593Smuzhiyun {
141*4882a593Smuzhiyun return 0;
142*4882a593Smuzhiyun }
selinux_netlbl_socket_connect_locked(struct sock * sk,struct sockaddr * addr)143*4882a593Smuzhiyun static inline int selinux_netlbl_socket_connect_locked(struct sock *sk,
144*4882a593Smuzhiyun struct sockaddr *addr)
145*4882a593Smuzhiyun {
146*4882a593Smuzhiyun return 0;
147*4882a593Smuzhiyun }
148*4882a593Smuzhiyun #endif /* CONFIG_NETLABEL */
149*4882a593Smuzhiyun
150*4882a593Smuzhiyun #endif
151