diff options
author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-20 01:42:40 +0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-20 01:42:40 +0400 |
commit | 721e2629fa2167c0e5a9f10d704b1fee1621a8cb (patch) | |
tree | a1580ed191e710f891ef1bf25c8c1fc7d6f054a9 /include/net | |
parent | fdb64f93b38a3470fa4db8cd5720b8c731922d1a (diff) | |
parent | f36158c410651fe66f438c17b2ab3ae813f8c060 (diff) | |
download | linux-721e2629fa2167c0e5a9f10d704b1fee1621a8cb.tar.xz |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel
SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netlabel.h | 62 |
1 files changed, 27 insertions, 35 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 9b7d6f2ac9a3..ffbc7f28335a 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -144,10 +144,9 @@ struct netlbl_lsm_secattr { }; /* - * LSM security attribute operations + * LSM security attribute operations (inline) */ - /** * netlbl_secattr_cache_alloc - Allocate and initialize a secattr cache * @flags: the memory allocation flags @@ -283,6 +282,9 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr) } #ifdef CONFIG_NETLABEL +/* + * LSM security attribute operations + */ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap, u32 offset); int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap, @@ -294,6 +296,25 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap, u32 start, u32 end, gfp_t flags); + +/* + * LSM protocol operations + */ +int netlbl_enabled(void); +int netlbl_sock_setattr(struct sock *sk, + const struct netlbl_lsm_secattr *secattr); +int netlbl_sock_getattr(struct sock *sk, + struct netlbl_lsm_secattr *secattr); +int netlbl_skbuff_getattr(const struct sk_buff *skb, + struct netlbl_lsm_secattr *secattr); +void netlbl_skbuff_err(struct sk_buff *skb, int error); + +/* + * LSM label mapping cache operations + */ +void netlbl_cache_invalidate(void); +int netlbl_cache_add(const struct sk_buff *skb, + const struct netlbl_lsm_secattr *secattr); #else static inline int netlbl_secattr_catmap_walk( struct netlbl_lsm_secattr_catmap *catmap, @@ -301,14 +322,12 @@ static inline int netlbl_secattr_catmap_walk( { return -ENOENT; } - static inline int netlbl_secattr_catmap_walk_rng( struct netlbl_lsm_secattr_catmap *catmap, u32 offset) { return -ENOENT; } - static inline int netlbl_secattr_catmap_setbit( struct netlbl_lsm_secattr_catmap *catmap, u32 bit, @@ -316,7 +335,6 @@ static inline int netlbl_secattr_catmap_setbit( { return 0; } - static inline int netlbl_secattr_catmap_setrng( struct netlbl_lsm_secattr_catmap *catmap, u32 start, @@ -325,59 +343,33 @@ static inline int netlbl_secattr_catmap_setrng( { return 0; } -#endif - -/* - * LSM protocol operations - */ - -#ifdef CONFIG_NETLABEL -int netlbl_sock_setattr(struct sock *sk, - const struct netlbl_lsm_secattr *secattr); -int netlbl_sock_getattr(struct sock *sk, - struct netlbl_lsm_secattr *secattr); -int netlbl_skbuff_getattr(const struct sk_buff *skb, - struct netlbl_lsm_secattr *secattr); -void netlbl_skbuff_err(struct sk_buff *skb, int error); -#else +static inline int netlbl_enabled(void) +{ + return 0; +} static inline int netlbl_sock_setattr(struct sock *sk, const struct netlbl_lsm_secattr *secattr) { return -ENOSYS; } - static inline int netlbl_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) { return -ENOSYS; } - static inline int netlbl_skbuff_getattr(const struct sk_buff *skb, struct netlbl_lsm_secattr *secattr) { return -ENOSYS; } - static inline void netlbl_skbuff_err(struct sk_buff *skb, int error) { return; } -#endif /* CONFIG_NETLABEL */ - -/* - * LSM label mapping cache operations - */ - -#ifdef CONFIG_NETLABEL -void netlbl_cache_invalidate(void); -int netlbl_cache_add(const struct sk_buff *skb, - const struct netlbl_lsm_secattr *secattr); -#else static inline void netlbl_cache_invalidate(void) { return; } - static inline int netlbl_cache_add(const struct sk_buff *skb, const struct netlbl_lsm_secattr *secattr) { |