Commit d91d4079 authored by Paul Moore's avatar Paul Moore

netlabel: Add configuration support for local labeling

Add the necessary NetLabel support for the new CIPSO mapping,
CIPSO_V4_MAP_LOCAL, which allows full LSM label/context support.
Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
Reviewed-by: default avatarJames Morris <jmorris@namei.org>
parent 15c45f7b
...@@ -72,7 +72,8 @@ struct cipso_v4_doi; ...@@ -72,7 +72,8 @@ struct cipso_v4_doi;
/* NetLabel NETLINK protocol version /* NetLabel NETLINK protocol version
* 1: initial version * 1: initial version
* 2: added static labels for unlabeled connections * 2: added static labels for unlabeled connections
* 3: network selectors added to the NetLabel/LSM domain mapping * 3: network selectors added to the NetLabel/LSM domain mapping and the
* CIPSO_V4_MAP_LOCAL CIPSO mapping was added
*/ */
#define NETLBL_PROTO_VERSION 3 #define NETLBL_PROTO_VERSION 3
......
...@@ -364,6 +364,43 @@ static int netlbl_cipsov4_add_pass(struct genl_info *info) ...@@ -364,6 +364,43 @@ static int netlbl_cipsov4_add_pass(struct genl_info *info)
return ret_val; return ret_val;
} }
/**
* netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition
* @info: the Generic NETLINK info block
*
* Description:
* Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD
* message and add it to the CIPSO V4 engine. Return zero on success and
* non-zero on error.
*
*/
static int netlbl_cipsov4_add_local(struct genl_info *info)
{
int ret_val;
struct cipso_v4_doi *doi_def = NULL;
if (!info->attrs[NLBL_CIPSOV4_A_TAGLST])
return -EINVAL;
doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
if (doi_def == NULL)
return -ENOMEM;
doi_def->type = CIPSO_V4_MAP_LOCAL;
ret_val = netlbl_cipsov4_add_common(info, doi_def);
if (ret_val != 0)
goto add_local_failure;
ret_val = cipso_v4_doi_add(doi_def);
if (ret_val != 0)
goto add_local_failure;
return 0;
add_local_failure:
cipso_v4_doi_free(doi_def);
return ret_val;
}
/** /**
* netlbl_cipsov4_add - Handle an ADD message * netlbl_cipsov4_add - Handle an ADD message
* @skb: the NETLINK buffer * @skb: the NETLINK buffer
...@@ -401,6 +438,10 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) ...@@ -401,6 +438,10 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
type_str = "pass"; type_str = "pass";
ret_val = netlbl_cipsov4_add_pass(info); ret_val = netlbl_cipsov4_add_pass(info);
break; break;
case CIPSO_V4_MAP_LOCAL:
type_str = "local";
ret_val = netlbl_cipsov4_add_local(info);
break;
} }
if (ret_val == 0) if (ret_val == 0)
atomic_inc(&netlabel_mgmt_protocount); atomic_inc(&netlabel_mgmt_protocount);
......
...@@ -50,7 +50,8 @@ ...@@ -50,7 +50,8 @@
* NLBL_CIPSOV4_A_MLSLVLLST * NLBL_CIPSOV4_A_MLSLVLLST
* NLBL_CIPSOV4_A_MLSCATLST * NLBL_CIPSOV4_A_MLSCATLST
* *
* If using CIPSO_V4_MAP_PASS no additional attributes are required. * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
* are required.
* *
* o REMOVE: * o REMOVE:
* Sent by an application to remove a specific DOI mapping table from the * Sent by an application to remove a specific DOI mapping table from the
...@@ -81,7 +82,8 @@ ...@@ -81,7 +82,8 @@
* NLBL_CIPSOV4_A_MLSLVLLST * NLBL_CIPSOV4_A_MLSLVLLST
* NLBL_CIPSOV4_A_MLSCATLST * NLBL_CIPSOV4_A_MLSCATLST
* *
* If using CIPSO_V4_MAP_PASS no additional attributes are required. * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
* are required.
* *
* o LISTALL: * o LISTALL:
* This message is sent by an application to list the valid DOIs on the * This message is sent by an application to list the valid DOIs on the
......
...@@ -163,6 +163,9 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, ...@@ -163,6 +163,9 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
case CIPSO_V4_MAP_PASS: case CIPSO_V4_MAP_PASS:
type_str = "pass"; type_str = "pass";
break; break;
case CIPSO_V4_MAP_LOCAL:
type_str = "local";
break;
default: default:
type_str = "(unknown)"; type_str = "(unknown)";
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment