include/net/netlabel.h

0001 /* SPDX-License-Identifier: GPL-2.0-or-later */
0002 /*
0003  * NetLabel System
0004  *
0005  * The NetLabel system manages static and dynamic label mappings for network
0006  * protocols such as CIPSO and RIPSO.
0007  *
0008  * Author: Paul Moore <paul@paul-moore.com>
0009  */
0010
0011 /*
0012  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008
0013  */
0014
0015 #ifndef _NETLABEL_H
0016 #define _NETLABEL_H
0017
0018 #include <linux/types.h>
0019 #include <linux/slab.h>
0020 #include <linux/net.h>
0021 #include <linux/skbuff.h>
0022 #include <linux/in.h>
0023 #include <linux/in6.h>
0024 #include <net/netlink.h>
0025 #include <net/request_sock.h>
0026 #include <linux/refcount.h>
0027
0028 struct cipso_v4_doi;
0029 struct calipso_doi;
0030
0031 /*
0032  * NetLabel - A management interface for maintaining network packet label
0033  *            mapping tables for explicit packet labling protocols.
0034  *
0035  * Network protocols such as CIPSO and RIPSO require a label translation layer
0036  * to convert the label on the packet into something meaningful on the host
0037  * machine.  In the current Linux implementation these mapping tables live
0038  * inside the kernel; NetLabel provides a mechanism for user space applications
0039  * to manage these mapping tables.
0040  *
0041  * NetLabel makes use of the Generic NETLINK mechanism as a transport layer to
0042  * send messages between kernel and user space.  The general format of a
0043  * NetLabel message is shown below:
0044  *
0045  *  +-----------------+-------------------+--------- --- -- -
0046  *  | struct nlmsghdr | struct genlmsghdr | payload
0047  *  +-----------------+-------------------+--------- --- -- -
0048  *
0049  * The 'nlmsghdr' and 'genlmsghdr' structs should be dealt with like normal.
0050  * The payload is dependent on the subsystem specified in the
0051  * 'nlmsghdr->nlmsg_type' and should be defined below, supporting functions
0052  * should be defined in the corresponding net/netlabel/netlabel_<subsys>.h|c
0053  * file.  All of the fields in the NetLabel payload are NETLINK attributes, see
0054  * the include/net/netlink.h file for more information on NETLINK attributes.
0055  *
0056  */
0057
0058 /*
0059  * NetLabel NETLINK protocol
0060  */
0061
0062 /* NetLabel NETLINK protocol version
0063  *  1: initial version
0064  *  2: added static labels for unlabeled connections
0065  *  3: network selectors added to the NetLabel/LSM domain mapping and the
0066  *     CIPSO_V4_MAP_LOCAL CIPSO mapping was added
0067  */
0068 #define NETLBL_PROTO_VERSION            3
0069
0070 /* NetLabel NETLINK types/families */
0071 #define NETLBL_NLTYPE_NONE              0
0072 #define NETLBL_NLTYPE_MGMT              1
0073 #define NETLBL_NLTYPE_MGMT_NAME         "NLBL_MGMT"
0074 #define NETLBL_NLTYPE_RIPSO             2
0075 #define NETLBL_NLTYPE_RIPSO_NAME        "NLBL_RIPSO"
0076 #define NETLBL_NLTYPE_CIPSOV4           3
0077 #define NETLBL_NLTYPE_CIPSOV4_NAME      "NLBL_CIPSOv4"
0078 #define NETLBL_NLTYPE_CIPSOV6           4
0079 #define NETLBL_NLTYPE_CIPSOV6_NAME      "NLBL_CIPSOv6"
0080 #define NETLBL_NLTYPE_UNLABELED         5
0081 #define NETLBL_NLTYPE_UNLABELED_NAME    "NLBL_UNLBL"
0082 #define NETLBL_NLTYPE_ADDRSELECT        6
0083 #define NETLBL_NLTYPE_ADDRSELECT_NAME   "NLBL_ADRSEL"
0084 #define NETLBL_NLTYPE_CALIPSO           7
0085 #define NETLBL_NLTYPE_CALIPSO_NAME      "NLBL_CALIPSO"
0086
0087 /*
0088  * NetLabel - Kernel API for accessing the network packet label mappings.
0089  *
0090  * The following functions are provided for use by other kernel modules,
0091  * specifically kernel LSM modules, to provide a consistent, transparent API
0092  * for dealing with explicit packet labeling protocols such as CIPSO and
0093  * RIPSO.  The functions defined here are implemented in the
0094  * net/netlabel/netlabel_kapi.c file.
0095  *
0096  */
0097
0098 /* NetLabel audit information */
0099 struct netlbl_audit {
0100     u32 secid;
0101     kuid_t loginuid;
0102     unsigned int sessionid;
0103 };
0104
0105 /*
0106  * LSM security attributes
0107  */
0108
0109 /**
0110  * struct netlbl_lsm_cache - NetLabel LSM security attribute cache
0111  * @refcount: atomic reference counter
0112  * @free: LSM supplied function to free the cache data
0113  * @data: LSM supplied cache data
0114  *
0115  * Description:
0116  * This structure is provided for LSMs which wish to make use of the NetLabel
0117  * caching mechanism to store LSM specific data/attributes in the NetLabel
0118  * cache.  If the LSM has to perform a lot of translation from the NetLabel
0119  * security attributes into it's own internal representation then the cache
0120  * mechanism can provide a way to eliminate some or all of that translation
0121  * overhead on a cache hit.
0122  *
0123  */
0124 struct netlbl_lsm_cache {
0125     refcount_t refcount;
0126     void (*free) (const void *data);
0127     void *data;
0128 };
0129
0130 /**
0131  * struct netlbl_lsm_catmap - NetLabel LSM secattr category bitmap
0132  * @startbit: the value of the lowest order bit in the bitmap
0133  * @bitmap: the category bitmap
0134  * @next: pointer to the next bitmap "node" or NULL
0135  *
0136  * Description:
0137  * This structure is used to represent category bitmaps.  Due to the large
0138  * number of categories supported by most labeling protocols it is not
0139  * practical to transfer a full bitmap internally so NetLabel adopts a sparse
0140  * bitmap structure modeled after SELinux's ebitmap structure.
0141  * The catmap bitmap field MUST be a power of two in length and large
0142  * enough to hold at least 240 bits.  Special care (i.e. check the code!)
0143  * should be used when changing these values as the LSM implementation
0144  * probably has functions which rely on the sizes of these types to speed
0145  * processing.
0146  *
0147  */
0148 #define NETLBL_CATMAP_MAPTYPE           u64
0149 #define NETLBL_CATMAP_MAPCNT            4
0150 #define NETLBL_CATMAP_MAPSIZE           (sizeof(NETLBL_CATMAP_MAPTYPE) * 8)
0151 #define NETLBL_CATMAP_SIZE              (NETLBL_CATMAP_MAPSIZE * \
0152                      NETLBL_CATMAP_MAPCNT)
0153 #define NETLBL_CATMAP_BIT               (NETLBL_CATMAP_MAPTYPE)0x01
0154 struct netlbl_lsm_catmap {
0155     u32 startbit;
0156     NETLBL_CATMAP_MAPTYPE bitmap[NETLBL_CATMAP_MAPCNT];
0157     struct netlbl_lsm_catmap *next;
0158 };
0159
0160 /**
0161  * struct netlbl_lsm_secattr - NetLabel LSM security attributes
0162  * @flags: indicate structure attributes, see NETLBL_SECATTR_*
0163  * @type: indicate the NLTYPE of the attributes
0164  * @domain: the NetLabel LSM domain
0165  * @cache: NetLabel LSM specific cache
0166  * @attr.mls: MLS sensitivity label
0167  * @attr.mls.cat: MLS category bitmap
0168  * @attr.mls.lvl: MLS sensitivity level
0169  * @attr.secid: LSM specific secid token
0170  *
0171  * Description:
0172  * This structure is used to pass security attributes between NetLabel and the
0173  * LSM modules.  The flags field is used to specify which fields within the
0174  * struct are valid and valid values can be created by bitwise OR'ing the
0175  * NETLBL_SECATTR_* defines.  The domain field is typically set by the LSM to
0176  * specify domain specific configuration settings and is not usually used by
0177  * NetLabel itself when returning security attributes to the LSM.
0178  *
0179  */
0180 struct netlbl_lsm_secattr {
0181     u32 flags;
0182     /* bitmap values for 'flags' */
0183 #define NETLBL_SECATTR_NONE             0x00000000
0184 #define NETLBL_SECATTR_DOMAIN           0x00000001
0185 #define NETLBL_SECATTR_DOMAIN_CPY       (NETLBL_SECATTR_DOMAIN | \
0186                      NETLBL_SECATTR_FREE_DOMAIN)
0187 #define NETLBL_SECATTR_CACHE            0x00000002
0188 #define NETLBL_SECATTR_MLS_LVL          0x00000004
0189 #define NETLBL_SECATTR_MLS_CAT          0x00000008
0190 #define NETLBL_SECATTR_SECID            0x00000010
0191     /* bitmap meta-values for 'flags' */
0192 #define NETLBL_SECATTR_FREE_DOMAIN      0x01000000
0193 #define NETLBL_SECATTR_CACHEABLE        (NETLBL_SECATTR_MLS_LVL | \
0194                      NETLBL_SECATTR_MLS_CAT | \
0195                      NETLBL_SECATTR_SECID)
0196     u32 type;
0197     char *domain;
0198     struct netlbl_lsm_cache *cache;
0199     struct {
0200         struct {
0201             struct netlbl_lsm_catmap *cat;
0202             u32 lvl;
0203         } mls;
0204         u32 secid;
0205     } attr;
0206 };
0207
0208 /**
0209  * struct netlbl_calipso_ops - NetLabel CALIPSO operations
0210  * @doi_add: add a CALIPSO DOI
0211  * @doi_free: free a CALIPSO DOI
0212  * @doi_getdef: returns a reference to a DOI
0213  * @doi_putdef: releases a reference of a DOI
0214  * @doi_walk: enumerate the DOI list
0215  * @sock_getattr: retrieve the socket's attr
0216  * @sock_setattr: set the socket's attr
0217  * @sock_delattr: remove the socket's attr
0218  * @req_setattr: set the req socket's attr
0219  * @req_delattr: remove the req socket's attr
0220  * @opt_getattr: retrieve attr from memory block
0221  * @skbuff_optptr: find option in packet
0222  * @skbuff_setattr: set the skbuff's attr
0223  * @skbuff_delattr: remove the skbuff's attr
0224  * @cache_invalidate: invalidate cache
0225  * @cache_add: add cache entry
0226  *
0227  * Description:
0228  * This structure is filled out by the CALIPSO engine and passed
0229  * to the NetLabel core via a call to netlbl_calipso_ops_register().
0230  * It enables the CALIPSO engine (and hence IPv6) to be compiled
0231  * as a module.
0232  */
0233 struct netlbl_calipso_ops {
0234     int (*doi_add)(struct calipso_doi *doi_def,
0235                struct netlbl_audit *audit_info);
0236     void (*doi_free)(struct calipso_doi *doi_def);
0237     int (*doi_remove)(u32 doi, struct netlbl_audit *audit_info);
0238     struct calipso_doi *(*doi_getdef)(u32 doi);
0239     void (*doi_putdef)(struct calipso_doi *doi_def);
0240     int (*doi_walk)(u32 *skip_cnt,
0241             int (*callback)(struct calipso_doi *doi_def, void *arg),
0242             void *cb_arg);
0243     int (*sock_getattr)(struct sock *sk,
0244                 struct netlbl_lsm_secattr *secattr);
0245     int (*sock_setattr)(struct sock *sk,
0246                 const struct calipso_doi *doi_def,
0247                 const struct netlbl_lsm_secattr *secattr);
0248     void (*sock_delattr)(struct sock *sk);
0249     int (*req_setattr)(struct request_sock *req,
0250                const struct calipso_doi *doi_def,
0251                const struct netlbl_lsm_secattr *secattr);
0252     void (*req_delattr)(struct request_sock *req);
0253     int (*opt_getattr)(const unsigned char *calipso,
0254                struct netlbl_lsm_secattr *secattr);
0255     unsigned char *(*skbuff_optptr)(const struct sk_buff *skb);
0256     int (*skbuff_setattr)(struct sk_buff *skb,
0257                   const struct calipso_doi *doi_def,
0258                   const struct netlbl_lsm_secattr *secattr);
0259     int (*skbuff_delattr)(struct sk_buff *skb);
0260     void (*cache_invalidate)(void);
0261     int (*cache_add)(const unsigned char *calipso_ptr,
0262              const struct netlbl_lsm_secattr *secattr);
0263 };
0264
0265 /*
0266  * LSM security attribute operations (inline)
0267  */
0268
0269 /**
0270  * netlbl_secattr_cache_alloc - Allocate and initialize a secattr cache
0271  * @flags: the memory allocation flags
0272  *
0273  * Description:
0274  * Allocate and initialize a netlbl_lsm_cache structure.  Returns a pointer
0275  * on success, NULL on failure.
0276  *
0277  */
0278 static inline struct netlbl_lsm_cache *netlbl_secattr_cache_alloc(gfp_t flags)
0279 {
0280     struct netlbl_lsm_cache *cache;
0281
0282     cache = kzalloc(sizeof(*cache), flags);
0283     if (cache)
0284         refcount_set(&cache->refcount, 1);
0285     return cache;
0286 }
0287
0288 /**
0289  * netlbl_secattr_cache_free - Frees a netlbl_lsm_cache struct
0290  * @cache: the struct to free
0291  *
0292  * Description:
0293  * Frees @secattr including all of the internal buffers.
0294  *
0295  */
0296 static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache)
0297 {
0298     if (!refcount_dec_and_test(&cache->refcount))
0299         return;
0300
0301     if (cache->free)
0302         cache->free(cache->data);
0303     kfree(cache);
0304 }
0305
0306 /**
0307  * netlbl_catmap_alloc - Allocate a LSM secattr catmap
0308  * @flags: memory allocation flags
0309  *
0310  * Description:
0311  * Allocate memory for a LSM secattr catmap, returns a pointer on success, NULL
0312  * on failure.
0313  *
0314  */
0315 static inline struct netlbl_lsm_catmap *netlbl_catmap_alloc(gfp_t flags)
0316 {
0317     return kzalloc(sizeof(struct netlbl_lsm_catmap), flags);
0318 }
0319
0320 /**
0321  * netlbl_catmap_free - Free a LSM secattr catmap
0322  * @catmap: the category bitmap
0323  *
0324  * Description:
0325  * Free a LSM secattr catmap.
0326  *
0327  */
0328 static inline void netlbl_catmap_free(struct netlbl_lsm_catmap *catmap)
0329 {
0330     struct netlbl_lsm_catmap *iter;
0331
0332     while (catmap) {
0333         iter = catmap;
0334         catmap = catmap->next;
0335         kfree(iter);
0336     }
0337 }
0338
0339 /**
0340  * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct
0341  * @secattr: the struct to initialize
0342  *
0343  * Description:
0344  * Initialize an already allocated netlbl_lsm_secattr struct.
0345  *
0346  */
0347 static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
0348 {
0349     memset(secattr, 0, sizeof(*secattr));
0350 }
0351
0352 /**
0353  * netlbl_secattr_destroy - Clears a netlbl_lsm_secattr struct
0354  * @secattr: the struct to clear
0355  *
0356  * Description:
0357  * Destroys the @secattr struct, including freeing all of the internal buffers.
0358  * The struct must be reset with a call to netlbl_secattr_init() before reuse.
0359  *
0360  */
0361 static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
0362 {
0363     if (secattr->flags & NETLBL_SECATTR_FREE_DOMAIN)
0364         kfree(secattr->domain);
0365     if (secattr->flags & NETLBL_SECATTR_CACHE)
0366         netlbl_secattr_cache_free(secattr->cache);
0367     if (secattr->flags & NETLBL_SECATTR_MLS_CAT)
0368         netlbl_catmap_free(secattr->attr.mls.cat);
0369 }
0370
0371 /**
0372  * netlbl_secattr_alloc - Allocate and initialize a netlbl_lsm_secattr struct
0373  * @flags: the memory allocation flags
0374  *
0375  * Description:
0376  * Allocate and initialize a netlbl_lsm_secattr struct.  Returns a valid
0377  * pointer on success, or NULL on failure.
0378  *
0379  */
0380 static inline struct netlbl_lsm_secattr *netlbl_secattr_alloc(gfp_t flags)
0381 {
0382     return kzalloc(sizeof(struct netlbl_lsm_secattr), flags);
0383 }
0384
0385 /**
0386  * netlbl_secattr_free - Frees a netlbl_lsm_secattr struct
0387  * @secattr: the struct to free
0388  *
0389  * Description:
0390  * Frees @secattr including all of the internal buffers.
0391  *
0392  */
0393 static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)
0394 {
0395     netlbl_secattr_destroy(secattr);
0396     kfree(secattr);
0397 }
0398
0399 #ifdef CONFIG_NETLABEL
0400 /*
0401  * LSM configuration operations
0402  */
0403 int netlbl_cfg_map_del(const char *domain,
0404                u16 family,
0405                const void *addr,
0406                const void *mask,
0407                struct netlbl_audit *audit_info);
0408 int netlbl_cfg_unlbl_map_add(const char *domain,
0409                  u16 family,
0410                  const void *addr,
0411                  const void *mask,
0412                  struct netlbl_audit *audit_info);
0413 int netlbl_cfg_unlbl_static_add(struct net *net,
0414                 const char *dev_name,
0415                 const void *addr,
0416                 const void *mask,
0417                 u16 family,
0418                 u32 secid,
0419                 struct netlbl_audit *audit_info);
0420 int netlbl_cfg_unlbl_static_del(struct net *net,
0421                 const char *dev_name,
0422                 const void *addr,
0423                 const void *mask,
0424                 u16 family,
0425                 struct netlbl_audit *audit_info);
0426 int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
0427                struct netlbl_audit *audit_info);
0428 void netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info);
0429 int netlbl_cfg_cipsov4_map_add(u32 doi,
0430                    const char *domain,
0431                    const struct in_addr *addr,
0432                    const struct in_addr *mask,
0433                    struct netlbl_audit *audit_info);
0434 int netlbl_cfg_calipso_add(struct calipso_doi *doi_def,
0435                struct netlbl_audit *audit_info);
0436 void netlbl_cfg_calipso_del(u32 doi, struct netlbl_audit *audit_info);
0437 int netlbl_cfg_calipso_map_add(u32 doi,
0438                    const char *domain,
0439                    const struct in6_addr *addr,
0440                    const struct in6_addr *mask,
0441                    struct netlbl_audit *audit_info);
0442 /*
0443  * LSM security attribute operations
0444  */
0445 int netlbl_catmap_walk(struct netlbl_lsm_catmap *catmap, u32 offset);
0446 int netlbl_catmap_walkrng(struct netlbl_lsm_catmap *catmap, u32 offset);
0447 int netlbl_catmap_getlong(struct netlbl_lsm_catmap *catmap,
0448               u32 *offset,
0449               unsigned long *bitmap);
0450 int netlbl_catmap_setbit(struct netlbl_lsm_catmap **catmap,
0451              u32 bit,
0452              gfp_t flags);
0453 int netlbl_catmap_setrng(struct netlbl_lsm_catmap **catmap,
0454              u32 start,
0455              u32 end,
0456              gfp_t flags);
0457 int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap,
0458               u32 offset,
0459               unsigned long bitmap,
0460               gfp_t flags);
0461
0462 /* Bitmap functions
0463  */
0464 int netlbl_bitmap_walk(const unsigned char *bitmap, u32 bitmap_len,
0465                u32 offset, u8 state);
0466 void netlbl_bitmap_setbit(unsigned char *bitmap, u32 bit, u8 state);
0467
0468 /*
0469  * LSM protocol operations (NetLabel LSM/kernel API)
0470  */
0471 int netlbl_enabled(void);
0472 int netlbl_sock_setattr(struct sock *sk,
0473             u16 family,
0474             const struct netlbl_lsm_secattr *secattr);
0475 void netlbl_sock_delattr(struct sock *sk);
0476 int netlbl_sock_getattr(struct sock *sk,
0477             struct netlbl_lsm_secattr *secattr);
0478 int netlbl_conn_setattr(struct sock *sk,
0479             struct sockaddr *addr,
0480             const struct netlbl_lsm_secattr *secattr);
0481 int netlbl_req_setattr(struct request_sock *req,
0482                const struct netlbl_lsm_secattr *secattr);
0483 void netlbl_req_delattr(struct request_sock *req);
0484 int netlbl_skbuff_setattr(struct sk_buff *skb,
0485               u16 family,
0486               const struct netlbl_lsm_secattr *secattr);
0487 int netlbl_skbuff_getattr(const struct sk_buff *skb,
0488               u16 family,
0489               struct netlbl_lsm_secattr *secattr);
0490 void netlbl_skbuff_err(struct sk_buff *skb, u16 family, int error, int gateway);
0491
0492 /*
0493  * LSM label mapping cache operations
0494  */
0495 void netlbl_cache_invalidate(void);
0496 int netlbl_cache_add(const struct sk_buff *skb, u16 family,
0497              const struct netlbl_lsm_secattr *secattr);
0498
0499 /*
0500  * Protocol engine operations
0501  */
0502 struct audit_buffer *netlbl_audit_start(int type,
0503                     struct netlbl_audit *audit_info);
0504 #else
0505 static inline int netlbl_cfg_map_del(const char *domain,
0506                      u16 family,
0507                      const void *addr,
0508                      const void *mask,
0509                      struct netlbl_audit *audit_info)
0510 {
0511     return -ENOSYS;
0512 }
0513 static inline int netlbl_cfg_unlbl_map_add(const char *domain,
0514                        u16 family,
0515                        void *addr,
0516                        void *mask,
0517                        struct netlbl_audit *audit_info)
0518 {
0519     return -ENOSYS;
0520 }
0521 static inline int netlbl_cfg_unlbl_static_add(struct net *net,
0522                           const char *dev_name,
0523                           const void *addr,
0524                           const void *mask,
0525                           u16 family,
0526                           u32 secid,
0527                           struct netlbl_audit *audit_info)
0528 {
0529     return -ENOSYS;
0530 }
0531 static inline int netlbl_cfg_unlbl_static_del(struct net *net,
0532                           const char *dev_name,
0533                           const void *addr,
0534                           const void *mask,
0535                           u16 family,
0536                           struct netlbl_audit *audit_info)
0537 {
0538     return -ENOSYS;
0539 }
0540 static inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
0541                      struct netlbl_audit *audit_info)
0542 {
0543     return -ENOSYS;
0544 }
0545 static inline void netlbl_cfg_cipsov4_del(u32 doi,
0546                       struct netlbl_audit *audit_info)
0547 {
0548     return;
0549 }
0550 static inline int netlbl_cfg_cipsov4_map_add(u32 doi,
0551                          const char *domain,
0552                          const struct in_addr *addr,
0553                          const struct in_addr *mask,
0554                          struct netlbl_audit *audit_info)
0555 {
0556     return -ENOSYS;
0557 }
0558 static inline int netlbl_cfg_calipso_add(struct calipso_doi *doi_def,
0559                      struct netlbl_audit *audit_info)
0560 {
0561     return -ENOSYS;
0562 }
0563 static inline void netlbl_cfg_calipso_del(u32 doi,
0564                       struct netlbl_audit *audit_info)
0565 {
0566     return;
0567 }
0568 static inline int netlbl_cfg_calipso_map_add(u32 doi,
0569                          const char *domain,
0570                          const struct in6_addr *addr,
0571                          const struct in6_addr *mask,
0572                          struct netlbl_audit *audit_info)
0573 {
0574     return -ENOSYS;
0575 }
0576 static inline int netlbl_catmap_walk(struct netlbl_lsm_catmap *catmap,
0577                      u32 offset)
0578 {
0579     return -ENOENT;
0580 }
0581 static inline int netlbl_catmap_walkrng(struct netlbl_lsm_catmap *catmap,
0582                     u32 offset)
0583 {
0584     return -ENOENT;
0585 }
0586 static inline int netlbl_catmap_getlong(struct netlbl_lsm_catmap *catmap,
0587                     u32 *offset,
0588                     unsigned long *bitmap)
0589 {
0590     return 0;
0591 }
0592 static inline int netlbl_catmap_setbit(struct netlbl_lsm_catmap **catmap,
0593                        u32 bit,
0594                        gfp_t flags)
0595 {
0596     return 0;
0597 }
0598 static inline int netlbl_catmap_setrng(struct netlbl_lsm_catmap **catmap,
0599                        u32 start,
0600                        u32 end,
0601                        gfp_t flags)
0602 {
0603     return 0;
0604 }
0605 static inline int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap,
0606                     u32 offset,
0607                     unsigned long bitmap,
0608                     gfp_t flags)
0609 {
0610     return 0;
0611 }
0612 static inline int netlbl_enabled(void)
0613 {
0614     return 0;
0615 }
0616 static inline int netlbl_sock_setattr(struct sock *sk,
0617                       u16 family,
0618                       const struct netlbl_lsm_secattr *secattr)
0619 {
0620     return -ENOSYS;
0621 }
0622 static inline void netlbl_sock_delattr(struct sock *sk)
0623 {
0624 }
0625 static inline int netlbl_sock_getattr(struct sock *sk,
0626                       struct netlbl_lsm_secattr *secattr)
0627 {
0628     return -ENOSYS;
0629 }
0630 static inline int netlbl_conn_setattr(struct sock *sk,
0631                       struct sockaddr *addr,
0632                       const struct netlbl_lsm_secattr *secattr)
0633 {
0634     return -ENOSYS;
0635 }
0636 static inline int netlbl_req_setattr(struct request_sock *req,
0637                      const struct netlbl_lsm_secattr *secattr)
0638 {
0639     return -ENOSYS;
0640 }
0641 static inline void netlbl_req_delattr(struct request_sock *req)
0642 {
0643     return;
0644 }
0645 static inline int netlbl_skbuff_setattr(struct sk_buff *skb,
0646                       u16 family,
0647                       const struct netlbl_lsm_secattr *secattr)
0648 {
0649     return -ENOSYS;
0650 }
0651 static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,
0652                     u16 family,
0653                     struct netlbl_lsm_secattr *secattr)
0654 {
0655     return -ENOSYS;
0656 }
0657 static inline void netlbl_skbuff_err(struct sk_buff *skb,
0658                      int error,
0659                      int gateway)
0660 {
0661     return;
0662 }
0663 static inline void netlbl_cache_invalidate(void)
0664 {
0665     return;
0666 }
0667 static inline int netlbl_cache_add(const struct sk_buff *skb, u16 family,
0668                    const struct netlbl_lsm_secattr *secattr)
0669 {
0670     return 0;
0671 }
0672 static inline struct audit_buffer *netlbl_audit_start(int type,
0673                         struct netlbl_audit *audit_info)
0674 {
0675     return NULL;
0676 }
0677 #endif /* CONFIG_NETLABEL */
0678
0679 const struct netlbl_calipso_ops *
0680 netlbl_calipso_ops_register(const struct netlbl_calipso_ops *ops);
0681
0682 #endif /* _NETLABEL_H */