Commit | Line | Data |
---|---|---|
b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
d28d1e08 TJ |
2 | /* |
3 | * SELinux support for the XFRM LSM hooks | |
4 | * | |
5 | * Author : Trent Jaeger, <jaegert@us.ibm.com> | |
e0d1caa7 | 6 | * Updated : Venkat Yekkirala, <vyekkirala@TrustedCS.com> |
d28d1e08 | 7 | */ |
cea92163 | 8 | |
d28d1e08 TJ |
9 | #ifndef _SELINUX_XFRM_H_ |
10 | #define _SELINUX_XFRM_H_ | |
11 | ||
4ad37de4 | 12 | #include <linux/lsm_audit.h> |
778aae84 | 13 | #include <net/flow.h> |
4ad37de4 | 14 | #include <net/xfrm.h> |
778aae84 | 15 | |
03e1ad7b | 16 | int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, |
cea92163 | 17 | struct xfrm_user_sec_ctx *uctx, gfp_t gfp); |
03e1ad7b PM |
18 | int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, |
19 | struct xfrm_sec_ctx **new_ctxp); | |
20 | void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx); | |
21 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); | |
e0d1caa7 | 22 | int selinux_xfrm_state_alloc(struct xfrm_state *x, |
2e5aa866 PM |
23 | struct xfrm_user_sec_ctx *uctx); |
24 | int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x, | |
25 | struct xfrm_sec_ctx *polsec, u32 secid); | |
d28d1e08 | 26 | void selinux_xfrm_state_free(struct xfrm_state *x); |
c8c05a8e | 27 | int selinux_xfrm_state_delete(struct xfrm_state *x); |
8a922805 | 28 | int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid); |
e0d1caa7 | 29 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, |
d1b17b09 | 30 | struct xfrm_policy *xp, |
3df98d79 | 31 | const struct flowi_common *flic); |
d28d1e08 | 32 | |
d28d1e08 | 33 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
d621d35e PM |
34 | extern atomic_t selinux_xfrm_refcount; |
35 | ||
36 | static inline int selinux_xfrm_enabled(void) | |
37 | { | |
38 | return (atomic_read(&selinux_xfrm_refcount) > 0); | |
39 | } | |
40 | ||
eef9b416 PM |
41 | int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb, |
42 | struct common_audit_data *ad); | |
43 | int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb, | |
44 | struct common_audit_data *ad, u8 proto); | |
a51c64f1 | 45 | int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); |
817eff71 | 46 | int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid); |
342a0cff VY |
47 | |
48 | static inline void selinux_xfrm_notify_policyload(void) | |
49 | { | |
ca4c3fc2 | 50 | struct net *net; |
51 | ||
f0b07bb1 | 52 | down_read(&net_rwsem); |
09c75704 | 53 | for_each_net(net) |
ca4c3fc2 | 54 | rt_genid_bump_all(net); |
f0b07bb1 | 55 | up_read(&net_rwsem); |
342a0cff | 56 | } |
d28d1e08 | 57 | #else |
d621d35e PM |
58 | static inline int selinux_xfrm_enabled(void) |
59 | { | |
60 | return 0; | |
61 | } | |
62 | ||
eef9b416 PM |
63 | static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb, |
64 | struct common_audit_data *ad) | |
d28d1e08 TJ |
65 | { |
66 | return 0; | |
67 | } | |
68 | ||
eef9b416 PM |
69 | static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb, |
70 | struct common_audit_data *ad, | |
71 | u8 proto) | |
d28d1e08 | 72 | { |
4e5ab4cb | 73 | return 0; |
d28d1e08 | 74 | } |
e6f50719 | 75 | |
d1b17b09 PM |
76 | static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, |
77 | int ckall) | |
a51c64f1 VY |
78 | { |
79 | *sid = SECSID_NULL; | |
80 | return 0; | |
81 | } | |
342a0cff VY |
82 | |
83 | static inline void selinux_xfrm_notify_policyload(void) | |
84 | { | |
85 | } | |
d28d1e08 | 86 | |
817eff71 | 87 | static inline int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid) |
6b877699 | 88 | { |
817eff71 PM |
89 | *sid = SECSID_NULL; |
90 | return 0; | |
6b877699 | 91 | } |
817eff71 | 92 | #endif |
6b877699 | 93 | |
d28d1e08 | 94 | #endif /* _SELINUX_XFRM_H_ */ |