xfrm.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
xfrm.h (2565B)
      1/* SPDX-License-Identifier: GPL-2.0 */
      2/*
      3 * SELinux support for the XFRM LSM hooks
      4 *
      5 * Author : Trent Jaeger, <jaegert@us.ibm.com>
      6 * Updated : Venkat Yekkirala, <vyekkirala@TrustedCS.com>
      7 */
      8#ifndef _SELINUX_XFRM_H_
      9#define _SELINUX_XFRM_H_
     10
     11#include <linux/lsm_audit.h>
     12#include <net/flow.h>
     13#include <net/xfrm.h>
     14
     15int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
     16			      struct xfrm_user_sec_ctx *uctx,
     17			      gfp_t gfp);
     18int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
     19			      struct xfrm_sec_ctx **new_ctxp);
     20void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
     21int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
     22int selinux_xfrm_state_alloc(struct xfrm_state *x,
     23			     struct xfrm_user_sec_ctx *uctx);
     24int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
     25				     struct xfrm_sec_ctx *polsec, u32 secid);
     26void selinux_xfrm_state_free(struct xfrm_state *x);
     27int selinux_xfrm_state_delete(struct xfrm_state *x);
     28int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid);
     29int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
     30				      struct xfrm_policy *xp,
     31				      const struct flowi_common *flic);
     32
     33#ifdef CONFIG_SECURITY_NETWORK_XFRM
     34extern atomic_t selinux_xfrm_refcount;
     35
     36static inline int selinux_xfrm_enabled(void)
     37{
     38	return (atomic_read(&selinux_xfrm_refcount) > 0);
     39}
     40
     41int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
     42			      struct common_audit_data *ad);
     43int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
     44				struct common_audit_data *ad, u8 proto);
     45int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
     46int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid);
     47
     48static inline void selinux_xfrm_notify_policyload(void)
     49{
     50	struct net *net;
     51
     52	down_read(&net_rwsem);
     53	for_each_net(net)
     54		rt_genid_bump_all(net);
     55	up_read(&net_rwsem);
     56}
     57#else
     58static inline int selinux_xfrm_enabled(void)
     59{
     60	return 0;
     61}
     62
     63static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
     64					    struct common_audit_data *ad)
     65{
     66	return 0;
     67}
     68
     69static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
     70					      struct common_audit_data *ad,
     71					      u8 proto)
     72{
     73	return 0;
     74}
     75
     76static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid,
     77					      int ckall)
     78{
     79	*sid = SECSID_NULL;
     80	return 0;
     81}
     82
     83static inline void selinux_xfrm_notify_policyload(void)
     84{
     85}
     86
     87static inline int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)
     88{
     89	*sid = SECSID_NULL;
     90	return 0;
     91}
     92#endif
     93
     94#endif /* _SELINUX_XFRM_H_ */