Commit d91d4079 authored by Paul Moore's avatar Paul Moore
Browse files

netlabel: Add configuration support for local labeling 



Add the necessary NetLabel support for the new CIPSO mapping,
CIPSO_V4_MAP_LOCAL, which allows full LSM label/context support.

Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
Reviewed-by: default avatarJames Morris <jmorris@namei.org>
parent 15c45f7b

include/net/netlabel.h

+2 −1
Original line number Diff line number Diff line
@@ -72,7 +72,8 @@ struct cipso_v4_doi; 
/* NetLabel NETLINK protocol version

 *  1: initial version

 *  2: added static labels for unlabeled connections

 *  3: network selectors added to the NetLabel/LSM domain mapping

 *  3: network selectors added to the NetLabel/LSM domain mapping and the

 *     CIPSO_V4_MAP_LOCAL CIPSO mapping was added

 */

#define NETLBL_PROTO_VERSION            3

net/netlabel/netlabel_cipso_v4.c

+41 −0
Original line number Diff line number Diff line
@@ -364,6 +364,43 @@ static int netlbl_cipsov4_add_pass(struct genl_info *info) 
	return ret_val;

}



/**

 * netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition

 * @info: the Generic NETLINK info block

 *

 * Description:

 * Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD

 * message and add it to the CIPSO V4 engine.  Return zero on success and

 * non-zero on error.

 *

 */

static int netlbl_cipsov4_add_local(struct genl_info *info)

{

	int ret_val;

	struct cipso_v4_doi *doi_def = NULL;



	if (!info->attrs[NLBL_CIPSOV4_A_TAGLST])

		return -EINVAL;



	doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);

	if (doi_def == NULL)

		return -ENOMEM;

	doi_def->type = CIPSO_V4_MAP_LOCAL;



	ret_val = netlbl_cipsov4_add_common(info, doi_def);

	if (ret_val != 0)

		goto add_local_failure;



	ret_val = cipso_v4_doi_add(doi_def);

	if (ret_val != 0)

		goto add_local_failure;

	return 0;



add_local_failure:

	cipso_v4_doi_free(doi_def);

	return ret_val;

}



/**

 * netlbl_cipsov4_add - Handle an ADD message

 * @skb: the NETLINK buffer
@@ -401,6 +438,10 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) 
		type_str = "pass";

		ret_val = netlbl_cipsov4_add_pass(info);

		break;

	case CIPSO_V4_MAP_LOCAL:

		type_str = "local";

		ret_val = netlbl_cipsov4_add_local(info);

		break;

	}

	if (ret_val == 0)

		atomic_inc(&netlabel_mgmt_protocount);

net/netlabel/netlabel_cipso_v4.h

+4 −2
Original line number Diff line number Diff line
@@ -50,7 +50,8 @@ 
 *     NLBL_CIPSOV4_A_MLSLVLLST

 *     NLBL_CIPSOV4_A_MLSCATLST

 *

 *   If using CIPSO_V4_MAP_PASS no additional attributes are required.

 *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes

 *   are required.

 *

 * o REMOVE:

 *   Sent by an application to remove a specific DOI mapping table from the
@@ -81,7 +82,8 @@ 
 *     NLBL_CIPSOV4_A_MLSLVLLST

 *     NLBL_CIPSOV4_A_MLSCATLST

 *

 *   If using CIPSO_V4_MAP_PASS no additional attributes are required.

 *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes

 *   are required.

 *

 * o LISTALL:

 *   This message is sent by an application to list the valid DOIs on the

net/netlabel/netlabel_kapi.c

+3 −0
Original line number Diff line number Diff line
@@ -163,6 +163,9 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, 
		case CIPSO_V4_MAP_PASS:

			type_str = "pass";

			break;

		case CIPSO_V4_MAP_LOCAL:

			type_str = "local";

			break;

		default:

			type_str = "(unknown)";

		}