Commit | Line | Data |
---|---|---|
d28d1e08 TJ |
1 | /* |
2 | * SELinux support for the XFRM LSM hooks | |
3 | * | |
4 | * Author : Trent Jaeger, <jaegert@us.ibm.com> | |
e0d1caa7 | 5 | * Updated : Venkat Yekkirala, <vyekkirala@TrustedCS.com> |
d28d1e08 TJ |
6 | */ |
7 | #ifndef _SELINUX_XFRM_H_ | |
8 | #define _SELINUX_XFRM_H_ | |
9 | ||
cb969f07 | 10 | int selinux_xfrm_policy_alloc(struct xfrm_policy *xp, |
c1a856c9 | 11 | struct xfrm_user_sec_ctx *sec_ctx); |
d28d1e08 TJ |
12 | int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new); |
13 | void selinux_xfrm_policy_free(struct xfrm_policy *xp); | |
c8c05a8e | 14 | int selinux_xfrm_policy_delete(struct xfrm_policy *xp); |
e0d1caa7 | 15 | int selinux_xfrm_state_alloc(struct xfrm_state *x, |
c1a856c9 | 16 | struct xfrm_user_sec_ctx *sec_ctx, u32 secid); |
d28d1e08 | 17 | void selinux_xfrm_state_free(struct xfrm_state *x); |
c8c05a8e | 18 | int selinux_xfrm_state_delete(struct xfrm_state *x); |
e0d1caa7 VY |
19 | int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir); |
20 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, | |
21 | struct xfrm_policy *xp, struct flowi *fl); | |
5b368e61 VY |
22 | int selinux_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm, |
23 | struct xfrm_policy *xp); | |
e0d1caa7 | 24 | |
d28d1e08 TJ |
25 | |
26 | /* | |
27 | * Extract the security blob from the sock (it's actually on the socket) | |
28 | */ | |
29 | static inline struct inode_security_struct *get_sock_isec(struct sock *sk) | |
30 | { | |
31 | if (!sk->sk_socket) | |
32 | return NULL; | |
33 | ||
34 | return SOCK_INODE(sk->sk_socket)->i_security; | |
35 | } | |
36 | ||
d28d1e08 | 37 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
e0d1caa7 VY |
38 | int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb, |
39 | struct avc_audit_data *ad); | |
40 | int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, | |
41 | struct avc_audit_data *ad); | |
2c7946a7 | 42 | u32 selinux_socket_getpeer_dgram(struct sk_buff *skb); |
a51c64f1 | 43 | int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); |
d28d1e08 | 44 | #else |
e0d1caa7 VY |
45 | static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, |
46 | struct avc_audit_data *ad) | |
d28d1e08 TJ |
47 | { |
48 | return 0; | |
49 | } | |
50 | ||
e0d1caa7 VY |
51 | static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, |
52 | struct avc_audit_data *ad) | |
d28d1e08 | 53 | { |
4e5ab4cb | 54 | return 0; |
d28d1e08 | 55 | } |
e6f50719 | 56 | |
e6f50719 CZ |
57 | static inline int selinux_socket_getpeer_dgram(struct sk_buff *skb) |
58 | { | |
59 | return SECSID_NULL; | |
60 | } | |
a51c64f1 VY |
61 | static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) |
62 | { | |
63 | *sid = SECSID_NULL; | |
64 | return 0; | |
65 | } | |
d28d1e08 TJ |
66 | #endif |
67 | ||
6b877699 VY |
68 | static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid) |
69 | { | |
70 | int err = selinux_xfrm_decode_session(skb, sid, 0); | |
71 | BUG_ON(err); | |
72 | } | |
73 | ||
d28d1e08 | 74 | #endif /* _SELINUX_XFRM_H_ */ |