]>
Commit | Line | Data |
---|---|---|
d28d1e08 TJ |
1 | /* |
2 | * SELinux support for the XFRM LSM hooks | |
3 | * | |
4 | * Author : Trent Jaeger, <jaegert@us.ibm.com> | |
e0d1caa7 | 5 | * Updated : Venkat Yekkirala, <vyekkirala@TrustedCS.com> |
d28d1e08 TJ |
6 | */ |
7 | #ifndef _SELINUX_XFRM_H_ | |
8 | #define _SELINUX_XFRM_H_ | |
9 | ||
10 | int selinux_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); | |
11 | int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new); | |
12 | void selinux_xfrm_policy_free(struct xfrm_policy *xp); | |
c8c05a8e | 13 | int selinux_xfrm_policy_delete(struct xfrm_policy *xp); |
e0d1caa7 VY |
14 | int selinux_xfrm_state_alloc(struct xfrm_state *x, |
15 | struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *pol, u32 secid); | |
d28d1e08 | 16 | void selinux_xfrm_state_free(struct xfrm_state *x); |
c8c05a8e | 17 | int selinux_xfrm_state_delete(struct xfrm_state *x); |
e0d1caa7 VY |
18 | int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir); |
19 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, | |
20 | struct xfrm_policy *xp, struct flowi *fl); | |
21 | int selinux_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm); | |
beb8d13b | 22 | int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall); |
e0d1caa7 | 23 | |
d28d1e08 TJ |
24 | |
25 | /* | |
26 | * Extract the security blob from the sock (it's actually on the socket) | |
27 | */ | |
28 | static inline struct inode_security_struct *get_sock_isec(struct sock *sk) | |
29 | { | |
30 | if (!sk->sk_socket) | |
31 | return NULL; | |
32 | ||
33 | return SOCK_INODE(sk->sk_socket)->i_security; | |
34 | } | |
35 | ||
d28d1e08 | 36 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
e0d1caa7 VY |
37 | int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb, |
38 | struct avc_audit_data *ad); | |
39 | int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, | |
40 | struct avc_audit_data *ad); | |
2c7946a7 CZ |
41 | u32 selinux_socket_getpeer_stream(struct sock *sk); |
42 | u32 selinux_socket_getpeer_dgram(struct sk_buff *skb); | |
d28d1e08 | 43 | #else |
e0d1caa7 VY |
44 | static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, |
45 | struct avc_audit_data *ad) | |
d28d1e08 TJ |
46 | { |
47 | return 0; | |
48 | } | |
49 | ||
e0d1caa7 VY |
50 | static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, |
51 | struct avc_audit_data *ad) | |
d28d1e08 | 52 | { |
4e5ab4cb | 53 | return 0; |
d28d1e08 | 54 | } |
e6f50719 CZ |
55 | |
56 | static inline int selinux_socket_getpeer_stream(struct sock *sk) | |
57 | { | |
58 | return SECSID_NULL; | |
59 | } | |
60 | ||
61 | static inline int selinux_socket_getpeer_dgram(struct sk_buff *skb) | |
62 | { | |
63 | return SECSID_NULL; | |
64 | } | |
d28d1e08 TJ |
65 | #endif |
66 | ||
67 | #endif /* _SELINUX_XFRM_H_ */ |