netlabel: Add support for removing a CALIPSO DOI.

	int (*doi_add)(struct calipso_doi *doi_def,

		       struct netlbl_audit *audit_info);

	void (*doi_free)(struct calipso_doi *doi_def);

	int (*doi_remove)(u32 doi, struct netlbl_audit *audit_info);

	struct calipso_doi *(*doi_getdef)(u32 doi);

	void (*doi_putdef)(struct calipso_doi *doi_def);

	int (*doi_walk)(u32 *skip_cnt,

	calipso_doi_free(doi_def);

}

/**

 * calipso_doi_remove - Remove an existing DOI from the CALIPSO protocol engine

 * @doi: the DOI value

 * @audit_secid: the LSM secid to use in the audit message

 *

 * Description:

 * Removes a DOI definition from the CALIPSO engine.  The NetLabel routines will

 * be called to release their own LSM domain mappings as well as our own

 * domain list.  Returns zero on success and negative values on failure.

 *

 */

static int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info)

{

	int ret_val;

	struct calipso_doi *doi_def;

	struct audit_buffer *audit_buf;

	spin_lock(&calipso_doi_list_lock);

	doi_def = calipso_doi_search(doi);

	if (!doi_def) {

		spin_unlock(&calipso_doi_list_lock);

		ret_val = -ENOENT;

		goto doi_remove_return;

	}

	if (!atomic_dec_and_test(&doi_def->refcount)) {

		spin_unlock(&calipso_doi_list_lock);

		ret_val = -EBUSY;

		goto doi_remove_return;

	}

	list_del_rcu(&doi_def->list);

	spin_unlock(&calipso_doi_list_lock);

	call_rcu(&doi_def->rcu, calipso_doi_free_rcu);

	ret_val = 0;

doi_remove_return:

	audit_buf = netlbl_audit_start(AUDIT_MAC_CALIPSO_DEL, audit_info);

	if (audit_buf) {

		audit_log_format(audit_buf,

				 " calipso_doi=%u res=%u",

				 doi, ret_val == 0 ? 1 : 0);

		audit_log_end(audit_buf);

	}

	return ret_val;

}

/**

 * calipso_doi_getdef - Returns a reference to a valid DOI definition

 * @doi: the DOI value

static const struct netlbl_calipso_ops ops = {

	.doi_add          = calipso_doi_add,

	.doi_free         = calipso_doi_free,

	.doi_remove       = calipso_doi_remove,

	.doi_getdef       = calipso_doi_getdef,

	.doi_putdef       = calipso_doi_putdef,

	.doi_walk         = calipso_doi_walk,

	u32 seq;

};

/* Argument struct for netlbl_domhsh_walk() */

struct netlbl_domhsh_walk_arg {

	struct netlbl_audit *audit_info;

	u32 doi;

};

/* NetLabel Generic NETLINK CALIPSO family */

static struct genl_family netlbl_calipso_gnl_family = {

	.id = GENL_ID_GENERATE,

	return skb->len;

}

/**

 * netlbl_calipso_remove_cb - netlbl_calipso_remove() callback for REMOVE

 * @entry: LSM domain mapping entry

 * @arg: the netlbl_domhsh_walk_arg structure

 *

 * Description:

 * This function is intended for use by netlbl_calipso_remove() as the callback

 * for the netlbl_domhsh_walk() function; it removes LSM domain map entries

 * which are associated with the CALIPSO DOI specified in @arg.  Returns zero on

 * success, negative values on failure.

 *

 */

static int netlbl_calipso_remove_cb(struct netlbl_dom_map *entry, void *arg)

{

	struct netlbl_domhsh_walk_arg *cb_arg = arg;

	if (entry->def.type == NETLBL_NLTYPE_CALIPSO &&

	    entry->def.calipso->doi == cb_arg->doi)

		return netlbl_domhsh_remove_entry(entry, cb_arg->audit_info);

	return 0;

}

/**

 * netlbl_calipso_remove - Handle a REMOVE message

 * @skb: the NETLINK buffer

 * @info: the Generic NETLINK info block

 *

 * Description:

 * Process a user generated REMOVE message and respond accordingly.  Returns

 * zero on success, negative values on failure.

 *

 */

static int netlbl_calipso_remove(struct sk_buff *skb, struct genl_info *info)

{

	int ret_val = -EINVAL;

	struct netlbl_domhsh_walk_arg cb_arg;

	struct netlbl_audit audit_info;

	u32 skip_bkt = 0;

	u32 skip_chain = 0;

	if (!info->attrs[NLBL_CALIPSO_A_DOI])

		return -EINVAL;

	netlbl_netlink_auditinfo(skb, &audit_info);

	cb_arg.doi = nla_get_u32(info->attrs[NLBL_CALIPSO_A_DOI]);

	cb_arg.audit_info = &audit_info;

	ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,

				     netlbl_calipso_remove_cb, &cb_arg);

	if (ret_val == 0 || ret_val == -ENOENT) {

		ret_val = calipso_doi_remove(cb_arg.doi, &audit_info);

		if (ret_val == 0)

			atomic_dec(&netlabel_mgmt_protocount);

	}

	return ret_val;

}

/* NetLabel Generic NETLINK Command Definitions

 */

	.dumpit = NULL,

	},

	{

	.cmd = NLBL_CALIPSO_C_REMOVE,

	.flags = GENL_ADMIN_PERM,

	.policy = calipso_genl_policy,

	.doit = netlbl_calipso_remove,

	.dumpit = NULL,

	},

	{

	.cmd = NLBL_CALIPSO_C_LIST,

	.flags = 0,

	.policy = calipso_genl_policy,

		ops->doi_free(doi_def);

}

/**

 * calipso_doi_remove - Remove an existing DOI from the CALIPSO protocol engine

 * @doi: the DOI value

 * @audit_secid: the LSM secid to use in the audit message

 *

 * Description:

 * Removes a DOI definition from the CALIPSO engine.  The NetLabel routines will

 * be called to release their own LSM domain mappings as well as our own

 * domain list.  Returns zero on success and negative values on failure.

 *

 */

int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info)

{

	int ret_val = -ENOMSG;

	const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();

	if (ops)

		ret_val = ops->doi_remove(doi, audit_info);

	return ret_val;

}

/**

 * calipso_doi_getdef - Returns a reference to a valid DOI definition

 * @doi: the DOI value

 *

 *   If using CALIPSO_MAP_PASS no additional attributes are required.

 *

 * o REMOVE:

 *   Sent by an application to remove a specific DOI mapping table from the

 *   CALIPSO system.

 *

 *   Required attributes:

 *

 *     NLBL_CALIPSO_A_DOI

 *

 * o LIST:

 *   Sent by an application to list the details of a DOI definition.  On

 *   success the kernel should send a response using the following format.

int calipso_doi_add(struct calipso_doi *doi_def,

		    struct netlbl_audit *audit_info);

void calipso_doi_free(struct calipso_doi *doi_def);

int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info);

struct calipso_doi *calipso_doi_getdef(u32 doi);

void calipso_doi_putdef(struct calipso_doi *doi_def);

int calipso_doi_walk(u32 *skip_cnt,