Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/security/selinux/include/xfrm.h
26424 views
1
/* SPDX-License-Identifier: GPL-2.0 */

2
/*

3
 * SELinux support for the XFRM LSM hooks

4
 *

5
 * Author : Trent Jaeger, <[email protected]>

6
 * Updated : Venkat Yekkirala, <[email protected]>

7
 */

8


9
#ifndef _SELINUX_XFRM_H_

10
#define _SELINUX_XFRM_H_

11


12
#include <linux/lsm_audit.h>

13
#include <net/flow.h>

14
#include <net/xfrm.h>

15


16
int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,

17
			      struct xfrm_user_sec_ctx *uctx, gfp_t gfp);

18
int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,

19
			      struct xfrm_sec_ctx **new_ctxp);

20
void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);

21
int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);

22
int selinux_xfrm_state_alloc(struct xfrm_state *x,

23
			     struct xfrm_user_sec_ctx *uctx);

24
int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,

25
				     struct xfrm_sec_ctx *polsec, u32 secid);

26
void selinux_xfrm_state_free(struct xfrm_state *x);

27
int selinux_xfrm_state_delete(struct xfrm_state *x);

28
int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid);

29
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,

30
				      struct xfrm_policy *xp,

31
				      const struct flowi_common *flic);

32


33
#ifdef CONFIG_SECURITY_NETWORK_XFRM

34
extern atomic_t selinux_xfrm_refcount;

35


36
static inline int selinux_xfrm_enabled(void)

37
{

38
	return (atomic_read(&selinux_xfrm_refcount) > 0);

39
}

40


41
int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,

42
			      struct common_audit_data *ad);

43
int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,

44
				struct common_audit_data *ad, u8 proto);

45
int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);

46
int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid);

47


48
static inline void selinux_xfrm_notify_policyload(void)

49
{

50
	struct net *net;

51


52
	down_read(&net_rwsem);

53
	for_each_net(net)

54
		rt_genid_bump_all(net);

55
	up_read(&net_rwsem);

56
}

57
#else

58
static inline int selinux_xfrm_enabled(void)

59
{

60
	return 0;

61
}

62


63
static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,

64
					    struct common_audit_data *ad)

65
{

66
	return 0;

67
}

68


69
static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,

70
					      struct common_audit_data *ad,

71
					      u8 proto)

72
{

73
	return 0;

74
}

75


76
static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid,

77
					      int ckall)

78
{

79
	*sid = SECSID_NULL;

80
	return 0;

81
}

82


83
static inline void selinux_xfrm_notify_policyload(void)

84
{

85
}

86


87
static inline int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)

88
{

89
	*sid = SECSID_NULL;

90
	return 0;

91
}

92
#endif

93


94
#endif /* _SELINUX_XFRM_H_ */

95


96