netlabel.h (3680B)
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* 3 * SELinux interface to the NetLabel subsystem 4 * 5 * Author: Paul Moore <paul@paul-moore.com> 6 */ 7 8/* 9 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 10 */ 11 12#ifndef _SELINUX_NETLABEL_H_ 13#define _SELINUX_NETLABEL_H_ 14 15#include <linux/types.h> 16#include <linux/fs.h> 17#include <linux/net.h> 18#include <linux/skbuff.h> 19#include <net/sock.h> 20#include <net/request_sock.h> 21#include <net/sctp/structs.h> 22 23#include "avc.h" 24#include "objsec.h" 25 26#ifdef CONFIG_NETLABEL 27void selinux_netlbl_cache_invalidate(void); 28 29void selinux_netlbl_err(struct sk_buff *skb, u16 family, int error, 30 int gateway); 31 32void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec); 33void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec); 34 35int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, 36 u16 family, 37 u32 *type, 38 u32 *sid); 39int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, 40 u16 family, 41 u32 sid); 42int selinux_netlbl_sctp_assoc_request(struct sctp_association *asoc, 43 struct sk_buff *skb); 44int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family); 45void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family); 46void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk); 47int selinux_netlbl_socket_post_create(struct sock *sk, u16 family); 48int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 49 struct sk_buff *skb, 50 u16 family, 51 struct common_audit_data *ad); 52int selinux_netlbl_socket_setsockopt(struct socket *sock, 53 int level, 54 int optname); 55int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr); 56int selinux_netlbl_socket_connect_locked(struct sock *sk, 57 struct sockaddr *addr); 58 59#else 60static inline void selinux_netlbl_cache_invalidate(void) 61{ 62 return; 63} 64 65static inline void selinux_netlbl_err(struct sk_buff *skb, 66 u16 family, 67 int error, 68 int gateway) 69{ 70 return; 71} 72 73static inline void selinux_netlbl_sk_security_free( 74 struct sk_security_struct *sksec) 75{ 76 return; 77} 78 79static inline void selinux_netlbl_sk_security_reset( 80 struct sk_security_struct *sksec) 81{ 82 return; 83} 84 85static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, 86 u16 family, 87 u32 *type, 88 u32 *sid) 89{ 90 *type = NETLBL_NLTYPE_NONE; 91 *sid = SECSID_NULL; 92 return 0; 93} 94static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, 95 u16 family, 96 u32 sid) 97{ 98 return 0; 99} 100 101static inline int selinux_netlbl_sctp_assoc_request(struct sctp_association *asoc, 102 struct sk_buff *skb) 103{ 104 return 0; 105} 106static inline int selinux_netlbl_inet_conn_request(struct request_sock *req, 107 u16 family) 108{ 109 return 0; 110} 111static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) 112{ 113 return; 114} 115static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk, 116 struct sock *newsk) 117{ 118 return; 119} 120static inline int selinux_netlbl_socket_post_create(struct sock *sk, 121 u16 family) 122{ 123 return 0; 124} 125static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 126 struct sk_buff *skb, 127 u16 family, 128 struct common_audit_data *ad) 129{ 130 return 0; 131} 132static inline int selinux_netlbl_socket_setsockopt(struct socket *sock, 133 int level, 134 int optname) 135{ 136 return 0; 137} 138static inline int selinux_netlbl_socket_connect(struct sock *sk, 139 struct sockaddr *addr) 140{ 141 return 0; 142} 143static inline int selinux_netlbl_socket_connect_locked(struct sock *sk, 144 struct sockaddr *addr) 145{ 146 return 0; 147} 148#endif /* CONFIG_NETLABEL */ 149 150#endif