net/netlabel/netlabel_calipso.h

0001 /* SPDX-License-Identifier: GPL-2.0-or-later */
0002 /*
0003  * NetLabel CALIPSO Support
0004  *
0005  * This file defines the CALIPSO functions for the NetLabel system.  The
0006  * NetLabel system manages static and dynamic label mappings for network
0007  * protocols such as CIPSO and RIPSO.
0008  *
0009  * Authors: Paul Moore <paul@paul-moore.com>
0010  *          Huw Davies <huw@codeweavers.com>
0011  */
0012
0013 /* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
0014  * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015
0015  */
0016
0017 #ifndef _NETLABEL_CALIPSO
0018 #define _NETLABEL_CALIPSO
0019
0020 #include <net/netlabel.h>
0021 #include <net/calipso.h>
0022
0023 /* The following NetLabel payloads are supported by the CALIPSO subsystem.
0024  *
0025  * o ADD:
0026  *   Sent by an application to add a new DOI mapping table.
0027  *
0028  *   Required attributes:
0029  *
0030  *     NLBL_CALIPSO_A_DOI
0031  *     NLBL_CALIPSO_A_MTYPE
0032  *
0033  *   If using CALIPSO_MAP_PASS no additional attributes are required.
0034  *
0035  * o REMOVE:
0036  *   Sent by an application to remove a specific DOI mapping table from the
0037  *   CALIPSO system.
0038  *
0039  *   Required attributes:
0040  *
0041  *     NLBL_CALIPSO_A_DOI
0042  *
0043  * o LIST:
0044  *   Sent by an application to list the details of a DOI definition.  On
0045  *   success the kernel should send a response using the following format.
0046  *
0047  *   Required attributes:
0048  *
0049  *     NLBL_CALIPSO_A_DOI
0050  *
0051  *   The valid response message format depends on the type of the DOI mapping,
0052  *   the defined formats are shown below.
0053  *
0054  *   Required attributes:
0055  *
0056  *     NLBL_CALIPSO_A_MTYPE
0057  *
0058  *   If using CALIPSO_MAP_PASS no additional attributes are required.
0059  *
0060  * o LISTALL:
0061  *   This message is sent by an application to list the valid DOIs on the
0062  *   system.  When sent by an application there is no payload and the
0063  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
0064  *   the following messages.
0065  *
0066  *   Required attributes:
0067  *
0068  *    NLBL_CALIPSO_A_DOI
0069  *    NLBL_CALIPSO_A_MTYPE
0070  *
0071  */
0072
0073 /* NetLabel CALIPSO commands */
0074 enum {
0075     NLBL_CALIPSO_C_UNSPEC,
0076     NLBL_CALIPSO_C_ADD,
0077     NLBL_CALIPSO_C_REMOVE,
0078     NLBL_CALIPSO_C_LIST,
0079     NLBL_CALIPSO_C_LISTALL,
0080     __NLBL_CALIPSO_C_MAX,
0081 };
0082
0083 /* NetLabel CALIPSO attributes */
0084 enum {
0085     NLBL_CALIPSO_A_UNSPEC,
0086     NLBL_CALIPSO_A_DOI,
0087     /* (NLA_U32)
0088      * the DOI value */
0089     NLBL_CALIPSO_A_MTYPE,
0090     /* (NLA_U32)
0091      * the mapping table type (defined in the calipso.h header as
0092      * CALIPSO_MAP_*) */
0093     __NLBL_CALIPSO_A_MAX,
0094 };
0095
0096 #define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1)
0097
0098 /* NetLabel protocol functions */
0099 #if IS_ENABLED(CONFIG_IPV6)
0100 int netlbl_calipso_genl_init(void);
0101 #else
0102 static inline int netlbl_calipso_genl_init(void)
0103 {
0104     return 0;
0105 }
0106 #endif
0107
0108 int calipso_doi_add(struct calipso_doi *doi_def,
0109             struct netlbl_audit *audit_info);
0110 void calipso_doi_free(struct calipso_doi *doi_def);
0111 int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info);
0112 struct calipso_doi *calipso_doi_getdef(u32 doi);
0113 void calipso_doi_putdef(struct calipso_doi *doi_def);
0114 int calipso_doi_walk(u32 *skip_cnt,
0115              int (*callback)(struct calipso_doi *doi_def, void *arg),
0116              void *cb_arg);
0117 int calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
0118 int calipso_sock_setattr(struct sock *sk,
0119              const struct calipso_doi *doi_def,
0120              const struct netlbl_lsm_secattr *secattr);
0121 void calipso_sock_delattr(struct sock *sk);
0122 int calipso_req_setattr(struct request_sock *req,
0123             const struct calipso_doi *doi_def,
0124             const struct netlbl_lsm_secattr *secattr);
0125 void calipso_req_delattr(struct request_sock *req);
0126 unsigned char *calipso_optptr(const struct sk_buff *skb);
0127 int calipso_getattr(const unsigned char *calipso,
0128             struct netlbl_lsm_secattr *secattr);
0129 int calipso_skbuff_setattr(struct sk_buff *skb,
0130                const struct calipso_doi *doi_def,
0131                const struct netlbl_lsm_secattr *secattr);
0132 int calipso_skbuff_delattr(struct sk_buff *skb);
0133 void calipso_cache_invalidate(void);
0134 int calipso_cache_add(const unsigned char *calipso_ptr,
0135               const struct netlbl_lsm_secattr *secattr);
0136
0137 #endif