1
/* SPDX-License-Identifier: GPL-2.0-or-later */
2
/*
3
 * SELinux interface to the NetLabel subsystem
4
 *
5
 * Author: Paul Moore <[email protected]>
6
 */
7

8
/*
9
 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
10
 */
11

12
#ifndef _SELINUX_NETLABEL_H_
13
#define _SELINUX_NETLABEL_H_
14

15
#include <linux/types.h>
16
#include <linux/fs.h>
17
#include <linux/net.h>
18
#include <linux/skbuff.h>
19
#include <net/sock.h>
20
#include <net/request_sock.h>
21
#include <net/sctp/structs.h>
22

23
#include "avc.h"
24
#include "objsec.h"
25

26
#ifdef CONFIG_NETLABEL
27
void selinux_netlbl_cache_invalidate(void);
28

29
void selinux_netlbl_err(struct sk_buff *skb, u16 family, int error,
30
			int gateway);
31

32
void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec);
33
void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec);
34

35
int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u16 family, u32 *type,
36
				 u32 *sid);
37
int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, u16 family, u32 sid);
38
int selinux_netlbl_sctp_assoc_request(struct sctp_association *asoc,
39
				      struct sk_buff *skb);
40
int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family);
41
void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
42
void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk);
43
int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
44
int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
45
				struct sk_buff *skb, u16 family,
46
				struct common_audit_data *ad);
47
int selinux_netlbl_socket_setsockopt(struct socket *sock, int level,
48
				     int optname);
49
int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
50
int selinux_netlbl_socket_connect_locked(struct sock *sk,
51
					 struct sockaddr *addr);
52

53
#else
54
static inline void selinux_netlbl_cache_invalidate(void)
55
{
56
	return;
57
}
58

59
static inline void selinux_netlbl_err(struct sk_buff *skb, u16 family,
60
				      int error, int gateway)
61
{
62
	return;
63
}
64

65
static inline void
66
selinux_netlbl_sk_security_free(struct sk_security_struct *sksec)
67
{
68
	return;
69
}
70

71
static inline void
72
selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec)
73
{
74
	return;
75
}
76

77
static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u16 family,
78
					       u32 *type, u32 *sid)
79
{
80
	*type = NETLBL_NLTYPE_NONE;
81
	*sid = SECSID_NULL;
82
	return 0;
83
}
84
static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, u16 family,
85
					       u32 sid)
86
{
87
	return 0;
88
}
89

90
static inline int
91
selinux_netlbl_sctp_assoc_request(struct sctp_association *asoc,
92
				  struct sk_buff *skb)
93
{
94
	return 0;
95
}
96
static inline int selinux_netlbl_inet_conn_request(struct request_sock *req,
97
						   u16 family)
98
{
99
	return 0;
100
}
101
static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
102
{
103
	return;
104
}
105
static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk,
106
						struct sock *newsk)
107
{
108
	return;
109
}
110
static inline int selinux_netlbl_socket_post_create(struct sock *sk, u16 family)
111
{
112
	return 0;
113
}
114
static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
115
					      struct sk_buff *skb, u16 family,
116
					      struct common_audit_data *ad)
117
{
118
	return 0;
119
}
120
static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
121
						   int level, int optname)
122
{
123
	return 0;
124
}
125
static inline int selinux_netlbl_socket_connect(struct sock *sk,
126
						struct sockaddr *addr)
127
{
128
	return 0;
129
}
130
static inline int selinux_netlbl_socket_connect_locked(struct sock *sk,
131
						       struct sockaddr *addr)
132
{
133
	return 0;
134
}
135
#endif /* CONFIG_NETLABEL */
136

137
#endif
138

139