linux/security/selinux/include/xfrm.h
<<
>>
Prefs 
   1/*
   2 * SELinux support for the XFRM LSM hooks
   3 *
   4 * Author : Trent Jaeger, <jaegert@us.ibm.com>
   5 * Updated : Venkat Yekkirala, <vyekkirala@TrustedCS.com>
   6 */
   7#ifndef _SELINUX_XFRM_H_
   8#define _SELINUX_XFRM_H_
   9
  10#include <net/flow.h>
  11
  12int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
  13                              struct xfrm_user_sec_ctx *sec_ctx);
  14int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
  15                              struct xfrm_sec_ctx **new_ctxp);
  16void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
  17int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
  18int selinux_xfrm_state_alloc(struct xfrm_state *x,
  19        struct xfrm_user_sec_ctx *sec_ctx, u32 secid);
  20void selinux_xfrm_state_free(struct xfrm_state *x);
  21int selinux_xfrm_state_delete(struct xfrm_state *x);
  22int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
  23int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
  24                        struct xfrm_policy *xp, const struct flowi *fl);
  25
  26/*
  27 * Extract the security blob from the sock (it's actually on the socket)
  28 */
  29static inline struct inode_security_struct *get_sock_isec(struct sock *sk)
  30{
  31        if (!sk->sk_socket)
  32                return NULL;
  33
  34        return SOCK_INODE(sk->sk_socket)->i_security;
  35}
  36
  37#ifdef CONFIG_SECURITY_NETWORK_XFRM
  38extern atomic_t selinux_xfrm_refcount;
  39
  40static inline int selinux_xfrm_enabled(void)
  41{
  42        return (atomic_read(&selinux_xfrm_refcount) > 0);
  43}
  44
  45int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb,
  46                        struct common_audit_data *ad);
  47int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
  48                        struct common_audit_data *ad, u8 proto);
  49int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
  50
  51static inline void selinux_xfrm_notify_policyload(void)
  52{
  53        atomic_inc(&flow_cache_genid);
  54        rt_genid_bump(&init_net);
  55}
  56#else
  57static inline int selinux_xfrm_enabled(void)
  58{
  59        return 0;
  60}
  61
  62static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
  63                        struct common_audit_data *ad)
  64{
  65        return 0;
  66}
  67
  68static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
  69                        struct common_audit_data *ad, u8 proto)
  70{
  71        return 0;
  72}
  73
  74static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
  75{
  76        *sid = SECSID_NULL;
  77        return 0;
  78}
  79
  80static inline void selinux_xfrm_notify_policyload(void)
  81{
  82}
  83#endif
  84
  85static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid)
  86{
  87        int err = selinux_xfrm_decode_session(skb, sid, 0);
  88        BUG_ON(err);
  89}
  90
  91#endif /* _SELINUX_XFRM_H_ */
  92
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.