netlabel: Add configuration support for local labeling
authorPaul Moore <paul.moore@hp.com>
Fri, 10 Oct 2008 14:16:34 +0000 (10:16 -0400)
committerPaul Moore <paul.moore@hp.com>
Fri, 10 Oct 2008 14:16:34 +0000 (10:16 -0400)
Add the necessary NetLabel support for the new CIPSO mapping,
CIPSO_V4_MAP_LOCAL, which allows full LSM label/context support.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Reviewed-by: James Morris <jmorris@namei.org>
include/net/netlabel.h
net/netlabel/netlabel_cipso_v4.c
net/netlabel/netlabel_cipso_v4.h
net/netlabel/netlabel_kapi.c

index d56517ac3bae5d188a693809dc75c0012593511a..17c442a4514e10faf20d9c12af3af5f9b75cef76 100644 (file)
@@ -72,7 +72,8 @@ struct cipso_v4_doi;
 /* NetLabel NETLINK protocol version
  *  1: initial version
  *  2: added static labels for unlabeled connections
- *  3: network selectors added to the NetLabel/LSM domain mapping
+ *  3: network selectors added to the NetLabel/LSM domain mapping and the
+ *     CIPSO_V4_MAP_LOCAL CIPSO mapping was added
  */
 #define NETLBL_PROTO_VERSION            3
 
index db83a67cbc7516e8e449ac44d7ae07440d57f29f..fff32b70efa9d9d0e1b71e7ef56dce87ee83736a 100644 (file)
@@ -364,6 +364,43 @@ add_pass_failure:
        return ret_val;
 }
 
+/**
+ * netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition
+ * @info: the Generic NETLINK info block
+ *
+ * Description:
+ * Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD
+ * message and add it to the CIPSO V4 engine.  Return zero on success and
+ * non-zero on error.
+ *
+ */
+static int netlbl_cipsov4_add_local(struct genl_info *info)
+{
+       int ret_val;
+       struct cipso_v4_doi *doi_def = NULL;
+
+       if (!info->attrs[NLBL_CIPSOV4_A_TAGLST])
+               return -EINVAL;
+
+       doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
+       if (doi_def == NULL)
+               return -ENOMEM;
+       doi_def->type = CIPSO_V4_MAP_LOCAL;
+
+       ret_val = netlbl_cipsov4_add_common(info, doi_def);
+       if (ret_val != 0)
+               goto add_local_failure;
+
+       ret_val = cipso_v4_doi_add(doi_def);
+       if (ret_val != 0)
+               goto add_local_failure;
+       return 0;
+
+add_local_failure:
+       cipso_v4_doi_free(doi_def);
+       return ret_val;
+}
+
 /**
  * netlbl_cipsov4_add - Handle an ADD message
  * @skb: the NETLINK buffer
@@ -401,6 +438,10 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
                type_str = "pass";
                ret_val = netlbl_cipsov4_add_pass(info);
                break;
+       case CIPSO_V4_MAP_LOCAL:
+               type_str = "local";
+               ret_val = netlbl_cipsov4_add_local(info);
+               break;
        }
        if (ret_val == 0)
                atomic_inc(&netlabel_mgmt_protocount);
index fb3957f1d69a38476c737bed10e6b51b88c9dae0..c8a4079261f04a88147695554865bab3765ce3bd 100644 (file)
@@ -50,7 +50,8 @@
  *     NLBL_CIPSOV4_A_MLSLVLLST
  *     NLBL_CIPSOV4_A_MLSCATLST
  *
- *   If using CIPSO_V4_MAP_PASS no additional attributes are required.
+ *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
+ *   are required.
  *
  * o REMOVE:
  *   Sent by an application to remove a specific DOI mapping table from the
@@ -81,7 +82,8 @@
  *     NLBL_CIPSOV4_A_MLSLVLLST
  *     NLBL_CIPSOV4_A_MLSCATLST
  *
- *   If using CIPSO_V4_MAP_PASS no additional attributes are required.
+ *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
+ *   are required.
  *
  * o LISTALL:
  *   This message is sent by an application to list the valid DOIs on the
index 8435b15c3f7da495d7969f84e4ffbb446e8cc975..b32eceb3ab0d526ad0c021e4e1feeaebdf3293e6 100644 (file)
@@ -163,6 +163,9 @@ cfg_cipsov4_add_map_return:
                case CIPSO_V4_MAP_PASS:
                        type_str = "pass";
                        break;
+               case CIPSO_V4_MAP_LOCAL:
+                       type_str = "local";
+                       break;
                default:
                        type_str = "(unknown)";
                }