| /linux-4.4.14/security/selinux/ |
| H A D | netlabel.c | 47 * @secattr: the NetLabel security attributes
57 struct netlbl_lsm_secattr *secattr, selinux_netlbl_sidlookup_cached()
62 rc = security_netlbl_secattr_to_sid(secattr, sid); selinux_netlbl_sidlookup_cached()
64 (secattr->flags & NETLBL_SECATTR_CACHEABLE) && selinux_netlbl_sidlookup_cached()
65 (secattr->flags & NETLBL_SECATTR_CACHE)) selinux_netlbl_sidlookup_cached()
66 netlbl_cache_add(skb, secattr); selinux_netlbl_sidlookup_cached()
72 * selinux_netlbl_sock_genattr - Generate the NetLabel socket secattr
85 struct netlbl_lsm_secattr *secattr; selinux_netlbl_sock_genattr() local
90 secattr = netlbl_secattr_alloc(GFP_ATOMIC); selinux_netlbl_sock_genattr()
91 if (secattr == NULL) selinux_netlbl_sock_genattr()
93 rc = security_netlbl_sid_to_secattr(sksec->sid, secattr); selinux_netlbl_sock_genattr()
95 netlbl_secattr_free(secattr); selinux_netlbl_sock_genattr()
98 sksec->nlbl_secattr = secattr; selinux_netlbl_sock_genattr()
100 return secattr; selinux_netlbl_sock_genattr()
104 * selinux_netlbl_sock_getattr - Get the cached NetLabel secattr
108 * Query the socket's cached secattr and if the SID matches the cached value
117 struct netlbl_lsm_secattr *secattr = sksec->nlbl_secattr; selinux_netlbl_sock_getattr() local
119 if (secattr == NULL) selinux_netlbl_sock_getattr()
122 if ((secattr->flags & NETLBL_SECATTR_SECID) && selinux_netlbl_sock_getattr()
123 (secattr->attr.secid == sid)) selinux_netlbl_sock_getattr()
124 return secattr; selinux_netlbl_sock_getattr()
207 struct netlbl_lsm_secattr secattr; selinux_netlbl_skbuff_getsid() local
214 netlbl_secattr_init(&secattr); selinux_netlbl_skbuff_getsid()
215 rc = netlbl_skbuff_getattr(skb, family, &secattr); selinux_netlbl_skbuff_getsid()
216 if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) selinux_netlbl_skbuff_getsid()
217 rc = selinux_netlbl_sidlookup_cached(skb, &secattr, sid); selinux_netlbl_skbuff_getsid()
220 *type = secattr.type; selinux_netlbl_skbuff_getsid()
221 netlbl_secattr_destroy(&secattr); selinux_netlbl_skbuff_getsid()
243 struct netlbl_lsm_secattr *secattr = NULL; selinux_netlbl_skbuff_setsid() local
253 secattr = selinux_netlbl_sock_getattr(sk, sid); selinux_netlbl_skbuff_setsid()
255 if (secattr == NULL) { selinux_netlbl_skbuff_setsid()
256 secattr = &secattr_storage; selinux_netlbl_skbuff_setsid()
257 netlbl_secattr_init(secattr); selinux_netlbl_skbuff_setsid()
258 rc = security_netlbl_sid_to_secattr(sid, secattr); selinux_netlbl_skbuff_setsid()
263 rc = netlbl_skbuff_setattr(skb, family, secattr); selinux_netlbl_skbuff_setsid()
266 if (secattr == &secattr_storage) selinux_netlbl_skbuff_setsid()
267 netlbl_secattr_destroy(secattr); selinux_netlbl_skbuff_setsid()
285 struct netlbl_lsm_secattr secattr; selinux_netlbl_inet_conn_request() local
290 netlbl_secattr_init(&secattr); selinux_netlbl_inet_conn_request()
291 rc = security_netlbl_sid_to_secattr(req->secid, &secattr); selinux_netlbl_inet_conn_request()
294 rc = netlbl_req_setattr(req, &secattr); selinux_netlbl_inet_conn_request()
296 netlbl_secattr_destroy(&secattr); selinux_netlbl_inet_conn_request()
334 struct netlbl_lsm_secattr *secattr; selinux_netlbl_socket_post_create() local
339 secattr = selinux_netlbl_sock_genattr(sk); selinux_netlbl_socket_post_create()
340 if (secattr == NULL) selinux_netlbl_socket_post_create()
342 rc = netlbl_sock_setattr(sk, family, secattr); selinux_netlbl_socket_post_create()
377 struct netlbl_lsm_secattr secattr; selinux_netlbl_sock_rcv_skb() local
382 netlbl_secattr_init(&secattr); selinux_netlbl_sock_rcv_skb()
383 rc = netlbl_skbuff_getattr(skb, family, &secattr); selinux_netlbl_sock_rcv_skb()
384 if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) selinux_netlbl_sock_rcv_skb()
385 rc = selinux_netlbl_sidlookup_cached(skb, &secattr, &nlbl_sid); selinux_netlbl_sock_rcv_skb()
388 netlbl_secattr_destroy(&secattr); selinux_netlbl_sock_rcv_skb()
432 struct netlbl_lsm_secattr secattr; selinux_netlbl_socket_setsockopt() local
437 netlbl_secattr_init(&secattr); selinux_netlbl_socket_setsockopt()
442 rc = netlbl_sock_getattr(sk, &secattr); selinux_netlbl_socket_setsockopt()
448 netlbl_secattr_destroy(&secattr); selinux_netlbl_socket_setsockopt()
468 struct netlbl_lsm_secattr *secattr; selinux_netlbl_socket_connect() local
485 secattr = selinux_netlbl_sock_genattr(sk); selinux_netlbl_socket_connect()
486 if (secattr == NULL) { selinux_netlbl_socket_connect()
490 rc = netlbl_conn_setattr(sk, addr, secattr); selinux_netlbl_socket_connect()
56 selinux_netlbl_sidlookup_cached(struct sk_buff *skb, struct netlbl_lsm_secattr *secattr, u32 *sid) selinux_netlbl_sidlookup_cached() argument
|
| /linux-4.4.14/security/selinux/ss/ |
| H A D | mls.h | 60 struct netlbl_lsm_secattr *secattr);
62 struct netlbl_lsm_secattr *secattr);
64 struct netlbl_lsm_secattr *secattr);
66 struct netlbl_lsm_secattr *secattr);
69 struct netlbl_lsm_secattr *secattr) mls_export_netlbl_lvl()
74 struct netlbl_lsm_secattr *secattr) mls_import_netlbl_lvl()
79 struct netlbl_lsm_secattr *secattr) mls_export_netlbl_cat()
84 struct netlbl_lsm_secattr *secattr) mls_import_netlbl_cat()
68 mls_export_netlbl_lvl(struct context *context, struct netlbl_lsm_secattr *secattr) mls_export_netlbl_lvl() argument
73 mls_import_netlbl_lvl(struct context *context, struct netlbl_lsm_secattr *secattr) mls_import_netlbl_lvl() argument
78 mls_export_netlbl_cat(struct context *context, struct netlbl_lsm_secattr *secattr) mls_export_netlbl_cat() argument
83 mls_import_netlbl_cat(struct context *context, struct netlbl_lsm_secattr *secattr) mls_import_netlbl_cat() argument
|
| H A D | mls.c | 572 * @secattr: the NetLabel security attributes
580 struct netlbl_lsm_secattr *secattr) mls_export_netlbl_lvl()
585 secattr->attr.mls.lvl = context->range.level[0].sens - 1; mls_export_netlbl_lvl()
586 secattr->flags |= NETLBL_SECATTR_MLS_LVL; mls_export_netlbl_lvl()
592 * @secattr: the NetLabel security attributes
600 struct netlbl_lsm_secattr *secattr) mls_import_netlbl_lvl()
605 context->range.level[0].sens = secattr->attr.mls.lvl + 1; mls_import_netlbl_lvl()
612 * @secattr: the NetLabel security attributes
620 struct netlbl_lsm_secattr *secattr) mls_export_netlbl_cat()
628 &secattr->attr.mls.cat); mls_export_netlbl_cat()
629 if (rc == 0 && secattr->attr.mls.cat != NULL) mls_export_netlbl_cat()
630 secattr->flags |= NETLBL_SECATTR_MLS_CAT; mls_export_netlbl_cat()
638 * @secattr: the NetLabel security attributes
648 struct netlbl_lsm_secattr *secattr) mls_import_netlbl_cat()
656 secattr->attr.mls.cat); mls_import_netlbl_cat()
579 mls_export_netlbl_lvl(struct context *context, struct netlbl_lsm_secattr *secattr) mls_export_netlbl_lvl() argument
599 mls_import_netlbl_lvl(struct context *context, struct netlbl_lsm_secattr *secattr) mls_import_netlbl_lvl() argument
619 mls_export_netlbl_cat(struct context *context, struct netlbl_lsm_secattr *secattr) mls_export_netlbl_cat() argument
647 mls_import_netlbl_cat(struct context *context, struct netlbl_lsm_secattr *secattr) mls_import_netlbl_cat() argument
|
| H A D | services.c | 3277 * @secattr: the NetLabel packet security attributes
3282 * @skb, in the NetLabel subsystem cache. This function assumes @secattr has
3286 static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr, security_netlbl_cache_add() argument
3294 secattr->cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); security_netlbl_cache_add()
3295 if (secattr->cache == NULL) { security_netlbl_cache_add()
3301 secattr->cache->free = kfree; security_netlbl_cache_add()
3302 secattr->cache->data = sid_cache; security_netlbl_cache_add()
3303 secattr->flags |= NETLBL_SECATTR_CACHE; security_netlbl_cache_add()
3307 * security_netlbl_secattr_to_sid - Convert a NetLabel secattr to a SELinux SID
3308 * @secattr: the NetLabel packet security attributes
3312 * Convert the given NetLabel security attributes in @secattr into a
3313 * SELinux SID. If the @secattr field does not contain a full SELinux
3315 * 'cache' field of @secattr is set and the CACHE flag is set; this is to
3316 * allow the @secattr to be used by NetLabel to cache the secattr to SID
3321 int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, security_netlbl_secattr_to_sid() argument
3335 if (secattr->flags & NETLBL_SECATTR_CACHE) security_netlbl_secattr_to_sid()
3336 *sid = *(u32 *)secattr->cache->data; security_netlbl_secattr_to_sid()
3337 else if (secattr->flags & NETLBL_SECATTR_SECID) security_netlbl_secattr_to_sid()
3338 *sid = secattr->attr.secid; security_netlbl_secattr_to_sid()
3339 else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { security_netlbl_secattr_to_sid()
3349 mls_import_netlbl_lvl(&ctx_new, secattr); security_netlbl_secattr_to_sid()
3350 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { security_netlbl_secattr_to_sid()
3351 rc = mls_import_netlbl_cat(&ctx_new, secattr); security_netlbl_secattr_to_sid()
3363 security_netlbl_cache_add(secattr, *sid); security_netlbl_secattr_to_sid()
3379 * security_netlbl_sid_to_secattr - Convert a SELinux SID to a NetLabel secattr
3381 * @secattr: the NetLabel packet security attributes
3388 int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) security_netlbl_sid_to_secattr() argument
3404 secattr->domain = kstrdup(sym_name(&policydb, SYM_TYPES, ctx->type - 1), security_netlbl_sid_to_secattr()
3406 if (secattr->domain == NULL) security_netlbl_sid_to_secattr()
3409 secattr->attr.secid = sid; security_netlbl_sid_to_secattr()
3410 secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID; security_netlbl_sid_to_secattr()
3411 mls_export_netlbl_lvl(ctx, secattr); security_netlbl_sid_to_secattr()
3412 rc = mls_export_netlbl_cat(ctx, secattr); security_netlbl_sid_to_secattr()
|
| /linux-4.4.14/include/net/ |
| H A D | netlabel.h | 142 * struct netlbl_lsm_catmap - NetLabel LSM secattr category bitmap
224 * netlbl_secattr_cache_alloc - Allocate and initialize a secattr cache
247 * Frees @secattr including all of the internal buffers.
261 * netlbl_catmap_alloc - Allocate a LSM secattr catmap
265 * Allocate memory for a LSM secattr catmap, returns a pointer on success, NULL
275 * netlbl_catmap_free - Free a LSM secattr catmap
279 * Free a LSM secattr catmap.
295 * @secattr: the struct to initialize
301 static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr) netlbl_secattr_init() argument
303 memset(secattr, 0, sizeof(*secattr)); netlbl_secattr_init()
308 * @secattr: the struct to clear
311 * Destroys the @secattr struct, including freeing all of the internal buffers.
315 static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr) netlbl_secattr_destroy() argument
317 if (secattr->flags & NETLBL_SECATTR_FREE_DOMAIN) netlbl_secattr_destroy()
318 kfree(secattr->domain); netlbl_secattr_destroy()
319 if (secattr->flags & NETLBL_SECATTR_CACHE) netlbl_secattr_destroy()
320 netlbl_secattr_cache_free(secattr->cache); netlbl_secattr_destroy()
321 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) netlbl_secattr_destroy()
322 netlbl_catmap_free(secattr->attr.mls.cat); netlbl_secattr_destroy()
341 * @secattr: the struct to free
344 * Frees @secattr including all of the internal buffers.
347 static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr) netlbl_secattr_free() argument
349 netlbl_secattr_destroy(secattr); netlbl_secattr_free()
350 kfree(secattr); netlbl_secattr_free()
414 const struct netlbl_lsm_secattr *secattr);
417 struct netlbl_lsm_secattr *secattr);
420 const struct netlbl_lsm_secattr *secattr);
422 const struct netlbl_lsm_secattr *secattr);
426 const struct netlbl_lsm_secattr *secattr);
429 struct netlbl_lsm_secattr *secattr);
437 const struct netlbl_lsm_secattr *secattr);
540 const struct netlbl_lsm_secattr *secattr) netlbl_sock_setattr()
548 struct netlbl_lsm_secattr *secattr) netlbl_sock_getattr()
554 const struct netlbl_lsm_secattr *secattr) netlbl_conn_setattr()
559 const struct netlbl_lsm_secattr *secattr) netlbl_req_setattr()
569 const struct netlbl_lsm_secattr *secattr) netlbl_skbuff_setattr()
575 struct netlbl_lsm_secattr *secattr) netlbl_skbuff_getattr()
590 const struct netlbl_lsm_secattr *secattr) netlbl_cache_add()
538 netlbl_sock_setattr(struct sock *sk, u16 family, const struct netlbl_lsm_secattr *secattr) netlbl_sock_setattr() argument
547 netlbl_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) netlbl_sock_getattr() argument
552 netlbl_conn_setattr(struct sock *sk, struct sockaddr *addr, const struct netlbl_lsm_secattr *secattr) netlbl_conn_setattr() argument
558 netlbl_req_setattr(struct request_sock *req, const struct netlbl_lsm_secattr *secattr) netlbl_req_setattr() argument
567 netlbl_skbuff_setattr(struct sk_buff *skb, u16 family, const struct netlbl_lsm_secattr *secattr) netlbl_skbuff_setattr() argument
573 netlbl_skbuff_getattr(const struct sk_buff *skb, u16 family, struct netlbl_lsm_secattr *secattr) netlbl_skbuff_getattr() argument
589 netlbl_cache_add(const struct sk_buff *skb, const struct netlbl_lsm_secattr *secattr) netlbl_cache_add() argument
|
| H A D | cipso_ipv4.h | 187 const struct netlbl_lsm_secattr *secattr);
195 const struct netlbl_lsm_secattr *secattr) cipso_v4_cache_add()
208 struct netlbl_lsm_secattr *secattr);
211 const struct netlbl_lsm_secattr *secattr);
213 int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
216 const struct netlbl_lsm_secattr *secattr);
220 const struct netlbl_lsm_secattr *secattr);
223 struct netlbl_lsm_secattr *secattr);
235 struct netlbl_lsm_secattr *secattr) cipso_v4_getattr()
242 const struct netlbl_lsm_secattr *secattr) cipso_v4_sock_setattr()
252 struct netlbl_lsm_secattr *secattr) cipso_v4_sock_getattr()
259 const struct netlbl_lsm_secattr *secattr) cipso_v4_req_setattr()
271 const struct netlbl_lsm_secattr *secattr) cipso_v4_skbuff_setattr()
282 struct netlbl_lsm_secattr *secattr) cipso_v4_skbuff_getattr()
194 cipso_v4_cache_add(const unsigned char *cipso_ptr, const struct netlbl_lsm_secattr *secattr) cipso_v4_cache_add() argument
234 cipso_v4_getattr(const unsigned char *cipso, struct netlbl_lsm_secattr *secattr) cipso_v4_getattr() argument
240 cipso_v4_sock_setattr(struct sock *sk, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) cipso_v4_sock_setattr() argument
251 cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) cipso_v4_sock_getattr() argument
257 cipso_v4_req_setattr(struct request_sock *req, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) cipso_v4_req_setattr() argument
269 cipso_v4_skbuff_setattr(struct sk_buff *skb, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) cipso_v4_skbuff_setattr() argument
281 cipso_v4_skbuff_getattr(const struct sk_buff *skb, struct netlbl_lsm_secattr *secattr) cipso_v4_skbuff_getattr() argument
|
| /linux-4.4.14/net/ipv4/ |
| H A D | cipso_ipv4.c | 300 * @secattr: the security attribute struct to use
305 * @secattr struct is populated with the correct LSM security attributes. The
320 struct netlbl_lsm_secattr *secattr) cipso_v4_cache_check()
339 secattr->cache = entry->lsm_data; cipso_v4_cache_check()
340 secattr->flags |= NETLBL_SECATTR_CACHE; cipso_v4_cache_check()
341 secattr->type = NETLBL_NLTYPE_CIPSOV4; cipso_v4_cache_check()
371 * @secattr: the packet's security attributes
382 const struct netlbl_lsm_secattr *secattr) cipso_v4_cache_add()
405 atomic_inc(&secattr->cache->refcount); cipso_v4_cache_add()
406 entry->lsm_data = secattr->cache; cipso_v4_cache_add()
865 * @secattr: the security attributes
876 const struct netlbl_lsm_secattr *secattr, cipso_v4_map_cat_rbm_hton()
893 host_spot = netlbl_catmap_walk(secattr->attr.mls.cat, cipso_v4_map_cat_rbm_hton()
928 * @secattr: the security attributes
939 struct netlbl_lsm_secattr *secattr) cipso_v4_map_cat_rbm_ntoh()
976 ret_val = netlbl_catmap_setbit(&secattr->attr.mls.cat, cipso_v4_map_cat_rbm_ntoh()
1022 * @secattr: the security attributes
1034 const struct netlbl_lsm_secattr *secattr, cipso_v4_map_cat_enum_hton()
1042 cat = netlbl_catmap_walk(secattr->attr.mls.cat, cat + 1); cipso_v4_map_cat_enum_hton()
1060 * @secattr: the security attributes
1071 struct netlbl_lsm_secattr *secattr) cipso_v4_map_cat_enum_ntoh()
1077 ret_val = netlbl_catmap_setbit(&secattr->attr.mls.cat, cipso_v4_map_cat_enum_ntoh()
1130 * @secattr: the security attributes
1142 const struct netlbl_lsm_secattr *secattr, cipso_v4_map_cat_rng_hton()
1157 iter = netlbl_catmap_walk(secattr->attr.mls.cat, iter + 1); cipso_v4_map_cat_rng_hton()
1165 iter = netlbl_catmap_walkrng(secattr->attr.mls.cat, iter); cipso_v4_map_cat_rng_hton()
1192 * @secattr: the security attributes
1203 struct netlbl_lsm_secattr *secattr) cipso_v4_map_cat_rng_ntoh()
1217 ret_val = netlbl_catmap_setrng(&secattr->attr.mls.cat, cipso_v4_map_cat_rng_ntoh()
1254 * @secattr: the security attributes
1266 const struct netlbl_lsm_secattr *secattr, cipso_v4_gentag_rbm()
1274 if ((secattr->flags & NETLBL_SECATTR_MLS_LVL) == 0) cipso_v4_gentag_rbm()
1278 secattr->attr.mls.lvl, cipso_v4_gentag_rbm()
1283 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { cipso_v4_gentag_rbm()
1285 secattr, cipso_v4_gentag_rbm()
1312 * @secattr: the security attributes
1316 * attributes in @secattr. Return zero on success, negatives values on
1322 struct netlbl_lsm_secattr *secattr) cipso_v4_parsetag_rbm()
1331 secattr->attr.mls.lvl = level; cipso_v4_parsetag_rbm()
1332 secattr->flags |= NETLBL_SECATTR_MLS_LVL; cipso_v4_parsetag_rbm()
1338 secattr); cipso_v4_parsetag_rbm()
1340 netlbl_catmap_free(secattr->attr.mls.cat); cipso_v4_parsetag_rbm()
1344 secattr->flags |= NETLBL_SECATTR_MLS_CAT; cipso_v4_parsetag_rbm()
1353 * @secattr: the security attributes
1363 const struct netlbl_lsm_secattr *secattr, cipso_v4_gentag_enum()
1371 if (!(secattr->flags & NETLBL_SECATTR_MLS_LVL)) cipso_v4_gentag_enum()
1375 secattr->attr.mls.lvl, cipso_v4_gentag_enum()
1380 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { cipso_v4_gentag_enum()
1382 secattr, cipso_v4_gentag_enum()
1403 * @secattr: the security attributes
1407 * attributes in @secattr. Return zero on success, negatives values on
1413 struct netlbl_lsm_secattr *secattr) cipso_v4_parsetag_enum()
1422 secattr->attr.mls.lvl = level; cipso_v4_parsetag_enum()
1423 secattr->flags |= NETLBL_SECATTR_MLS_LVL; cipso_v4_parsetag_enum()
1429 secattr); cipso_v4_parsetag_enum()
1431 netlbl_catmap_free(secattr->attr.mls.cat); cipso_v4_parsetag_enum()
1435 secattr->flags |= NETLBL_SECATTR_MLS_CAT; cipso_v4_parsetag_enum()
1444 * @secattr: the security attributes
1454 const struct netlbl_lsm_secattr *secattr, cipso_v4_gentag_rng()
1462 if (!(secattr->flags & NETLBL_SECATTR_MLS_LVL)) cipso_v4_gentag_rng()
1466 secattr->attr.mls.lvl, cipso_v4_gentag_rng()
1471 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { cipso_v4_gentag_rng()
1473 secattr, cipso_v4_gentag_rng()
1494 * @secattr: the security attributes
1498 * in @secattr. Return zero on success, negatives values on failure.
1503 struct netlbl_lsm_secattr *secattr) cipso_v4_parsetag_rng()
1512 secattr->attr.mls.lvl = level; cipso_v4_parsetag_rng()
1513 secattr->flags |= NETLBL_SECATTR_MLS_LVL; cipso_v4_parsetag_rng()
1519 secattr); cipso_v4_parsetag_rng()
1521 netlbl_catmap_free(secattr->attr.mls.cat); cipso_v4_parsetag_rng()
1525 secattr->flags |= NETLBL_SECATTR_MLS_CAT; cipso_v4_parsetag_rng()
1534 * @secattr: the security attributes
1544 const struct netlbl_lsm_secattr *secattr, cipso_v4_gentag_loc()
1548 if (!(secattr->flags & NETLBL_SECATTR_SECID)) cipso_v4_gentag_loc()
1553 *(u32 *)&buffer[2] = secattr->attr.secid; cipso_v4_gentag_loc()
1562 * @secattr: the security attributes
1565 * Parse a CIPSO local tag and return the security attributes in @secattr.
1571 struct netlbl_lsm_secattr *secattr) cipso_v4_parsetag_loc()
1573 secattr->attr.secid = *(u32 *)&tag[2]; cipso_v4_parsetag_loc()
1574 secattr->flags |= NETLBL_SECATTR_SECID; cipso_v4_parsetag_loc()
1807 * @secattr: the security attributes
1817 const struct netlbl_lsm_secattr *secattr) cipso_v4_genopt()
1834 secattr, cipso_v4_genopt()
1840 secattr, cipso_v4_genopt()
1846 secattr, cipso_v4_genopt()
1852 secattr, cipso_v4_genopt()
1874 * @secattr: the specific security attributes of the socket
1886 const struct netlbl_lsm_secattr *secattr) cipso_v4_sock_setattr()
1913 ret_val = cipso_v4_genopt(buf, buf_len, doi_def, secattr); cipso_v4_sock_setattr()
1960 * @secattr: the specific security attributes of the socket
1970 const struct netlbl_lsm_secattr *secattr) cipso_v4_req_setattr()
1989 ret_val = cipso_v4_genopt(buf, buf_len, doi_def, secattr); cipso_v4_req_setattr()
2140 * @secattr: the security attributes
2143 * Inspect @cipso and return the security attributes in @secattr. Returns zero
2148 struct netlbl_lsm_secattr *secattr) cipso_v4_getattr()
2154 if (cipso_v4_cache_check(cipso, cipso[1], secattr) == 0) cipso_v4_getattr()
2167 ret_val = cipso_v4_parsetag_rbm(doi_def, &cipso[6], secattr); cipso_v4_getattr()
2170 ret_val = cipso_v4_parsetag_enum(doi_def, &cipso[6], secattr); cipso_v4_getattr()
2173 ret_val = cipso_v4_parsetag_rng(doi_def, &cipso[6], secattr); cipso_v4_getattr()
2176 ret_val = cipso_v4_parsetag_loc(doi_def, &cipso[6], secattr); cipso_v4_getattr()
2180 secattr->type = NETLBL_NLTYPE_CIPSOV4; cipso_v4_getattr()
2190 * @secattr: the security attributes
2194 * there is return the CIPSO security attributes in @secattr. This function
2199 int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) cipso_v4_sock_getattr() argument
2210 secattr); cipso_v4_sock_getattr()
2218 * @secattr: the security attributes
2227 const struct netlbl_lsm_secattr *secattr) cipso_v4_skbuff_setattr()
2237 ret_val = cipso_v4_genopt(buf, buf_len, doi_def, secattr); cipso_v4_skbuff_setattr()
318 cipso_v4_cache_check(const unsigned char *key, u32 key_len, struct netlbl_lsm_secattr *secattr) cipso_v4_cache_check() argument
381 cipso_v4_cache_add(const unsigned char *cipso_ptr, const struct netlbl_lsm_secattr *secattr) cipso_v4_cache_add() argument
875 cipso_v4_map_cat_rbm_hton(const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr, unsigned char *net_cat, u32 net_cat_len) cipso_v4_map_cat_rbm_hton() argument
936 cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def, const unsigned char *net_cat, u32 net_cat_len, struct netlbl_lsm_secattr *secattr) cipso_v4_map_cat_rbm_ntoh() argument
1033 cipso_v4_map_cat_enum_hton(const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr, unsigned char *net_cat, u32 net_cat_len) cipso_v4_map_cat_enum_hton() argument
1068 cipso_v4_map_cat_enum_ntoh(const struct cipso_v4_doi *doi_def, const unsigned char *net_cat, u32 net_cat_len, struct netlbl_lsm_secattr *secattr) cipso_v4_map_cat_enum_ntoh() argument
1141 cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr, unsigned char *net_cat, u32 net_cat_len) cipso_v4_map_cat_rng_hton() argument
1200 cipso_v4_map_cat_rng_ntoh(const struct cipso_v4_doi *doi_def, const unsigned char *net_cat, u32 net_cat_len, struct netlbl_lsm_secattr *secattr) cipso_v4_map_cat_rng_ntoh() argument
1265 cipso_v4_gentag_rbm(const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr, unsigned char *buffer, u32 buffer_len) cipso_v4_gentag_rbm() argument
1320 cipso_v4_parsetag_rbm(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) cipso_v4_parsetag_rbm() argument
1362 cipso_v4_gentag_enum(const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr, unsigned char *buffer, u32 buffer_len) cipso_v4_gentag_enum() argument
1411 cipso_v4_parsetag_enum(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) cipso_v4_parsetag_enum() argument
1453 cipso_v4_gentag_rng(const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr, unsigned char *buffer, u32 buffer_len) cipso_v4_gentag_rng() argument
1501 cipso_v4_parsetag_rng(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) cipso_v4_parsetag_rng() argument
1543 cipso_v4_gentag_loc(const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr, unsigned char *buffer, u32 buffer_len) cipso_v4_gentag_loc() argument
1569 cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) cipso_v4_parsetag_loc() argument
1815 cipso_v4_genopt(unsigned char *buf, u32 buf_len, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) cipso_v4_genopt() argument
1884 cipso_v4_sock_setattr(struct sock *sk, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) cipso_v4_sock_setattr() argument
1968 cipso_v4_req_setattr(struct request_sock *req, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) cipso_v4_req_setattr() argument
2147 cipso_v4_getattr(const unsigned char *cipso, struct netlbl_lsm_secattr *secattr) cipso_v4_getattr() argument
2225 cipso_v4_skbuff_setattr(struct sk_buff *skb, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) cipso_v4_skbuff_setattr() argument
|
| /linux-4.4.14/net/netlabel/ |
| H A D | netlabel_kapi.c | 471 * netlbl_catmap_walk - Walk a LSM secattr catmap looking for a bit
476 * This function walks a LSM secattr category bitmap starting at @offset and
529 * This function walks a LSM secattr category bitmap starting at @offset and
631 * netlbl_catmap_setbit - Set a bit in a LSM secattr catmap
660 * netlbl_catmap_setrng - Set a range of bits in a LSM secattr catmap
758 * @secattr: the security attributes
762 * specified in @secattr. This function requires exclusive access to @sk,
771 const struct netlbl_lsm_secattr *secattr) netlbl_sock_setattr()
777 dom_entry = netlbl_domhsh_getentry(secattr->domain); netlbl_sock_setattr()
791 secattr); netlbl_sock_setattr()
833 * @secattr: the security attributes
838 * security attributes in @secattr. Returns zero on success, negative values
843 struct netlbl_lsm_secattr *secattr) netlbl_sock_getattr()
849 ret_val = cipso_v4_sock_getattr(sk, secattr); netlbl_sock_getattr()
867 * @secattr: the security attributes
871 * attributes specified in @secattr. The caller is responsible for ensuring
877 const struct netlbl_lsm_secattr *secattr) netlbl_conn_setattr()
887 entry = netlbl_domhsh_getentry_af4(secattr->domain, netlbl_conn_setattr()
896 entry->cipso, secattr); netlbl_conn_setattr()
927 * @secattr: the security attributes
931 * specified in @secattr. Returns zero on success, negative values on failure.
935 const struct netlbl_lsm_secattr *secattr) netlbl_req_setattr()
943 entry = netlbl_domhsh_getentry_af4(secattr->domain, netlbl_req_setattr()
952 entry->cipso, secattr); netlbl_req_setattr()
997 * @secattr: the security attributes
1001 * specified in @secattr. Returns zero on success, negative values on failure.
1006 const struct netlbl_lsm_secattr *secattr) netlbl_skbuff_setattr()
1016 entry = netlbl_domhsh_getentry_af4(secattr->domain,hdr4->daddr); netlbl_skbuff_setattr()
1024 secattr); netlbl_skbuff_setattr()
1055 * @secattr: the security attributes
1060 * attributes in @secattr. Returns zero on success, negative values on
1066 struct netlbl_lsm_secattr *secattr) netlbl_skbuff_getattr()
1073 if (ptr && cipso_v4_getattr(ptr, secattr) == 0) netlbl_skbuff_getattr()
1082 return netlbl_unlabel_getattr(skb, family, secattr); netlbl_skbuff_getattr()
1120 * @secattr: the packet's security attributes
1129 const struct netlbl_lsm_secattr *secattr) netlbl_cache_add()
1133 if ((secattr->flags & NETLBL_SECATTR_CACHE) == 0) netlbl_cache_add()
1138 return cipso_v4_cache_add(ptr, secattr); netlbl_cache_add()
769 netlbl_sock_setattr(struct sock *sk, u16 family, const struct netlbl_lsm_secattr *secattr) netlbl_sock_setattr() argument
842 netlbl_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) netlbl_sock_getattr() argument
875 netlbl_conn_setattr(struct sock *sk, struct sockaddr *addr, const struct netlbl_lsm_secattr *secattr) netlbl_conn_setattr() argument
934 netlbl_req_setattr(struct request_sock *req, const struct netlbl_lsm_secattr *secattr) netlbl_req_setattr() argument
1004 netlbl_skbuff_setattr(struct sk_buff *skb, u16 family, const struct netlbl_lsm_secattr *secattr) netlbl_skbuff_setattr() argument
1064 netlbl_skbuff_getattr(const struct sk_buff *skb, u16 family, struct netlbl_lsm_secattr *secattr) netlbl_skbuff_getattr() argument
1128 netlbl_cache_add(const struct sk_buff *skb, const struct netlbl_lsm_secattr *secattr) netlbl_cache_add() argument
|
| H A D | netlabel_unlabeled.c | 1453 * @secattr: the security attributes
1457 * them in @secattr. Returns zero on success and negative values on failure.
1462 struct netlbl_lsm_secattr *secattr) netlbl_unlabel_getattr()
1482 secattr->attr.secid = netlbl_unlhsh_addr4_entry(addr4)->secid; netlbl_unlabel_getattr()
1495 secattr->attr.secid = netlbl_unlhsh_addr6_entry(addr6)->secid; netlbl_unlabel_getattr()
1504 secattr->flags |= NETLBL_SECATTR_SECID; netlbl_unlabel_getattr()
1505 secattr->type = NETLBL_NLTYPE_UNLABELED; netlbl_unlabel_getattr()
1512 secattr->type = NETLBL_NLTYPE_UNLABELED; netlbl_unlabel_getattr()
1460 netlbl_unlabel_getattr(const struct sk_buff *skb, u16 family, struct netlbl_lsm_secattr *secattr) netlbl_unlabel_getattr() argument
|
| H A D | netlabel_unlabeled.h | 240 struct netlbl_lsm_secattr *secattr);
|
| /linux-4.4.14/security/selinux/include/ |
| H A D | security.h | 218 int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
222 struct netlbl_lsm_secattr *secattr);
225 struct netlbl_lsm_secattr *secattr, security_netlbl_secattr_to_sid()
232 struct netlbl_lsm_secattr *secattr) security_netlbl_sid_to_secattr()
224 security_netlbl_secattr_to_sid( struct netlbl_lsm_secattr *secattr, u32 *sid) security_netlbl_secattr_to_sid() argument
231 security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) security_netlbl_sid_to_secattr() argument
|
| /linux-4.4.14/security/smack/ |
| H A D | smack_lsm.c | 2417 * smack_netlabel - Set the secattr on a socket
2422 * secattr and attach it to the socket.
2458 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2462 * Set the correct secattr for the given socket based on the destination
3780 * @sap: netlabel secattr
3921 struct netlbl_lsm_secattr secattr; smack_socket_sock_rcv_skb() local
3950 netlbl_secattr_init(&secattr); smack_socket_sock_rcv_skb()
3952 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); smack_socket_sock_rcv_skb()
3954 skp = smack_from_secattr(&secattr, ssp); smack_socket_sock_rcv_skb()
3958 netlbl_secattr_destroy(&secattr); smack_socket_sock_rcv_skb()
4061 struct netlbl_lsm_secattr secattr; smack_socket_getpeersec_dgram() local
4095 netlbl_secattr_init(&secattr); smack_socket_getpeersec_dgram()
4096 rc = netlbl_skbuff_getattr(skb, family, &secattr); smack_socket_getpeersec_dgram()
4098 skp = smack_from_secattr(&secattr, ssp); smack_socket_getpeersec_dgram()
4101 netlbl_secattr_destroy(&secattr); smack_socket_getpeersec_dgram()
4153 struct netlbl_lsm_secattr secattr; smack_inet_conn_request() local
4189 netlbl_secattr_init(&secattr); smack_inet_conn_request()
4190 rc = netlbl_skbuff_getattr(skb, family, &secattr); smack_inet_conn_request()
4192 skp = smack_from_secattr(&secattr, ssp); smack_inet_conn_request()
4195 netlbl_secattr_destroy(&secattr); smack_inet_conn_request()
|