netlabel_calipso.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
netlabel_calipso.h (3954B)
      1/* SPDX-License-Identifier: GPL-2.0-or-later */
      2/*
      3 * NetLabel CALIPSO Support
      4 *
      5 * This file defines the CALIPSO functions for the NetLabel system.  The
      6 * NetLabel system manages static and dynamic label mappings for network
      7 * protocols such as CIPSO and RIPSO.
      8 *
      9 * Authors: Paul Moore <paul@paul-moore.com>
     10 *          Huw Davies <huw@codeweavers.com>
     11 */
     12
     13/* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
     14 * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015
     15 */
     16
     17#ifndef _NETLABEL_CALIPSO
     18#define _NETLABEL_CALIPSO
     19
     20#include <net/netlabel.h>
     21#include <net/calipso.h>
     22
     23/* The following NetLabel payloads are supported by the CALIPSO subsystem.
     24 *
     25 * o ADD:
     26 *   Sent by an application to add a new DOI mapping table.
     27 *
     28 *   Required attributes:
     29 *
     30 *     NLBL_CALIPSO_A_DOI
     31 *     NLBL_CALIPSO_A_MTYPE
     32 *
     33 *   If using CALIPSO_MAP_PASS no additional attributes are required.
     34 *
     35 * o REMOVE:
     36 *   Sent by an application to remove a specific DOI mapping table from the
     37 *   CALIPSO system.
     38 *
     39 *   Required attributes:
     40 *
     41 *     NLBL_CALIPSO_A_DOI
     42 *
     43 * o LIST:
     44 *   Sent by an application to list the details of a DOI definition.  On
     45 *   success the kernel should send a response using the following format.
     46 *
     47 *   Required attributes:
     48 *
     49 *     NLBL_CALIPSO_A_DOI
     50 *
     51 *   The valid response message format depends on the type of the DOI mapping,
     52 *   the defined formats are shown below.
     53 *
     54 *   Required attributes:
     55 *
     56 *     NLBL_CALIPSO_A_MTYPE
     57 *
     58 *   If using CALIPSO_MAP_PASS no additional attributes are required.
     59 *
     60 * o LISTALL:
     61 *   This message is sent by an application to list the valid DOIs on the
     62 *   system.  When sent by an application there is no payload and the
     63 *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
     64 *   the following messages.
     65 *
     66 *   Required attributes:
     67 *
     68 *    NLBL_CALIPSO_A_DOI
     69 *    NLBL_CALIPSO_A_MTYPE
     70 *
     71 */
     72
     73/* NetLabel CALIPSO commands */
     74enum {
     75	NLBL_CALIPSO_C_UNSPEC,
     76	NLBL_CALIPSO_C_ADD,
     77	NLBL_CALIPSO_C_REMOVE,
     78	NLBL_CALIPSO_C_LIST,
     79	NLBL_CALIPSO_C_LISTALL,
     80	__NLBL_CALIPSO_C_MAX,
     81};
     82
     83/* NetLabel CALIPSO attributes */
     84enum {
     85	NLBL_CALIPSO_A_UNSPEC,
     86	NLBL_CALIPSO_A_DOI,
     87	/* (NLA_U32)
     88	 * the DOI value */
     89	NLBL_CALIPSO_A_MTYPE,
     90	/* (NLA_U32)
     91	 * the mapping table type (defined in the calipso.h header as
     92	 * CALIPSO_MAP_*) */
     93	__NLBL_CALIPSO_A_MAX,
     94};
     95
     96#define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1)
     97
     98/* NetLabel protocol functions */
     99#if IS_ENABLED(CONFIG_IPV6)
    100int netlbl_calipso_genl_init(void);
    101#else
    102static inline int netlbl_calipso_genl_init(void)
    103{
    104	return 0;
    105}
    106#endif
    107
    108int calipso_doi_add(struct calipso_doi *doi_def,
    109		    struct netlbl_audit *audit_info);
    110void calipso_doi_free(struct calipso_doi *doi_def);
    111int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info);
    112struct calipso_doi *calipso_doi_getdef(u32 doi);
    113void calipso_doi_putdef(struct calipso_doi *doi_def);
    114int calipso_doi_walk(u32 *skip_cnt,
    115		     int (*callback)(struct calipso_doi *doi_def, void *arg),
    116		     void *cb_arg);
    117int calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
    118int calipso_sock_setattr(struct sock *sk,
    119			 const struct calipso_doi *doi_def,
    120			 const struct netlbl_lsm_secattr *secattr);
    121void calipso_sock_delattr(struct sock *sk);
    122int calipso_req_setattr(struct request_sock *req,
    123			const struct calipso_doi *doi_def,
    124			const struct netlbl_lsm_secattr *secattr);
    125void calipso_req_delattr(struct request_sock *req);
    126unsigned char *calipso_optptr(const struct sk_buff *skb);
    127int calipso_getattr(const unsigned char *calipso,
    128		    struct netlbl_lsm_secattr *secattr);
    129int calipso_skbuff_setattr(struct sk_buff *skb,
    130			   const struct calipso_doi *doi_def,
    131			   const struct netlbl_lsm_secattr *secattr);
    132int calipso_skbuff_delattr(struct sk_buff *skb);
    133void calipso_cache_invalidate(void);
    134int calipso_cache_add(const unsigned char *calipso_ptr,
    135		      const struct netlbl_lsm_secattr *secattr);
    136
    137#endif