net/netlabel/netlabel_user.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  * NetLabel NETLINK Interface
0004  *
0005  * This file defines the NETLINK interface for the NetLabel system.  The
0006  * NetLabel system manages static and dynamic label mappings for network
0007  * protocols such as CIPSO and RIPSO.
0008  *
0009  * Author: Paul Moore <paul@paul-moore.com>
0010  */
0011
0012 /*
0013  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
0014  */
0015
0016 #include <linux/init.h>
0017 #include <linux/types.h>
0018 #include <linux/list.h>
0019 #include <linux/socket.h>
0020 #include <linux/audit.h>
0021 #include <linux/tty.h>
0022 #include <linux/security.h>
0023 #include <linux/gfp.h>
0024 #include <net/sock.h>
0025 #include <net/netlink.h>
0026 #include <net/genetlink.h>
0027 #include <net/netlabel.h>
0028 #include <asm/bug.h>
0029
0030 #include "netlabel_mgmt.h"
0031 #include "netlabel_unlabeled.h"
0032 #include "netlabel_cipso_v4.h"
0033 #include "netlabel_calipso.h"
0034 #include "netlabel_user.h"
0035
0036 /*
0037  * NetLabel NETLINK Setup Functions
0038  */
0039
0040 /**
0041  * netlbl_netlink_init - Initialize the NETLINK communication channel
0042  *
0043  * Description:
0044  * Call out to the NetLabel components so they can register their families and
0045  * commands with the Generic NETLINK mechanism.  Returns zero on success and
0046  * non-zero on failure.
0047  *
0048  */
0049 int __init netlbl_netlink_init(void)
0050 {
0051     int ret_val;
0052
0053     ret_val = netlbl_mgmt_genl_init();
0054     if (ret_val != 0)
0055         return ret_val;
0056
0057     ret_val = netlbl_cipsov4_genl_init();
0058     if (ret_val != 0)
0059         return ret_val;
0060
0061     ret_val = netlbl_calipso_genl_init();
0062     if (ret_val != 0)
0063         return ret_val;
0064
0065     return netlbl_unlabel_genl_init();
0066 }
0067
0068 /*
0069  * NetLabel Audit Functions
0070  */
0071
0072 /**
0073  * netlbl_audit_start_common - Start an audit message
0074  * @type: audit message type
0075  * @audit_info: NetLabel audit information
0076  *
0077  * Description:
0078  * Start an audit message using the type specified in @type and fill the audit
0079  * message with some fields common to all NetLabel audit messages.  Returns
0080  * a pointer to the audit buffer on success, NULL on failure.
0081  *
0082  */
0083 struct audit_buffer *netlbl_audit_start_common(int type,
0084                            struct netlbl_audit *audit_info)
0085 {
0086     struct audit_buffer *audit_buf;
0087     char *secctx;
0088     u32 secctx_len;
0089
0090     if (audit_enabled == AUDIT_OFF)
0091         return NULL;
0092
0093     audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type);
0094     if (audit_buf == NULL)
0095         return NULL;
0096
0097     audit_log_format(audit_buf, "netlabel: auid=%u ses=%u",
0098              from_kuid(&init_user_ns, audit_info->loginuid),
0099              audit_info->sessionid);
0100
0101     if (audit_info->secid != 0 &&
0102         security_secid_to_secctx(audit_info->secid,
0103                      &secctx,
0104                      &secctx_len) == 0) {
0105         audit_log_format(audit_buf, " subj=%s", secctx);
0106         security_release_secctx(secctx, secctx_len);
0107     }
0108
0109     return audit_buf;
0110 }