| netlabel_mgmt.c (b1edeb102397546438ab4624489c6ccd7b410d97) | netlabel_mgmt.c (63c41688743760631188cf0f4ae986a6793ccb0a) |
|---|---|
| 1/* 2 * NetLabel Management Support 3 * 4 * This file defines the management functions for the NetLabel system. The 5 * NetLabel system manages static and dynamic label mappings for network 6 * protocols such as CIPSO and RIPSO. 7 * 8 * Author: Paul Moore <paul.moore@hp.com> 9 * 10 */ 11 12/* | 1/* 2 * NetLabel Management Support 3 * 4 * This file defines the management functions for the NetLabel system. The 5 * NetLabel system manages static and dynamic label mappings for network 6 * protocols such as CIPSO and RIPSO. 7 * 8 * Author: Paul Moore <paul.moore@hp.com> 9 * 10 */ 11 12/* |
| 13 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 | 13 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008 |
| 14 * 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation; either version 2 of the License, or 18 * (at your option) any later version. 19 * 20 * This program is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of --- 5 unchanged lines hidden (view full) --- 27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 28 * 29 */ 30 31#include <linux/types.h> 32#include <linux/socket.h> 33#include <linux/string.h> 34#include <linux/skbuff.h> | 14 * 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation; either version 2 of the License, or 18 * (at your option) any later version. 19 * 20 * This program is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of --- 5 unchanged lines hidden (view full) --- 27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 28 * 29 */ 30 31#include <linux/types.h> 32#include <linux/socket.h> 33#include <linux/string.h> 34#include <linux/skbuff.h> |
| 35#include <linux/in.h> 36#include <linux/in6.h> |
|
| 35#include <net/sock.h> 36#include <net/netlink.h> 37#include <net/genetlink.h> | 37#include <net/sock.h> 38#include <net/netlink.h> 39#include <net/genetlink.h> |
| 40#include <net/ip.h> 41#include <net/ipv6.h> |
|
| 38#include <net/netlabel.h> 39#include <net/cipso_ipv4.h> 40#include <asm/atomic.h> 41 42#include "netlabel_domainhash.h" 43#include "netlabel_user.h" 44#include "netlabel_mgmt.h" 45 --- 20 unchanged lines hidden (view full) --- 66static const struct nla_policy netlbl_mgmt_genl_policy[NLBL_MGMT_A_MAX + 1] = { 67 [NLBL_MGMT_A_DOMAIN] = { .type = NLA_NUL_STRING }, 68 [NLBL_MGMT_A_PROTOCOL] = { .type = NLA_U32 }, 69 [NLBL_MGMT_A_VERSION] = { .type = NLA_U32 }, 70 [NLBL_MGMT_A_CV4DOI] = { .type = NLA_U32 }, 71}; 72 73/* | 42#include <net/netlabel.h> 43#include <net/cipso_ipv4.h> 44#include <asm/atomic.h> 45 46#include "netlabel_domainhash.h" 47#include "netlabel_user.h" 48#include "netlabel_mgmt.h" 49 --- 20 unchanged lines hidden (view full) --- 70static const struct nla_policy netlbl_mgmt_genl_policy[NLBL_MGMT_A_MAX + 1] = { 71 [NLBL_MGMT_A_DOMAIN] = { .type = NLA_NUL_STRING }, 72 [NLBL_MGMT_A_PROTOCOL] = { .type = NLA_U32 }, 73 [NLBL_MGMT_A_VERSION] = { .type = NLA_U32 }, 74 [NLBL_MGMT_A_CV4DOI] = { .type = NLA_U32 }, 75}; 76 77/* |
| 74 * NetLabel Command Handlers | 78 * Helper Functions |
| 75 */ 76 77/** 78 * netlbl_mgmt_add - Handle an ADD message | 79 */ 80 81/** 82 * netlbl_mgmt_add - Handle an ADD message |
| 79 * @skb: the NETLINK buffer | |
| 80 * @info: the Generic NETLINK info block | 83 * @info: the Generic NETLINK info block |
| 84 * @audit_info: NetLabel audit information |
|
| 81 * 82 * Description: | 85 * 86 * Description: |
| 83 * Process a user generated ADD message and add the domains from the message 84 * to the hash table. See netlabel.h for a description of the message format. 85 * Returns zero on success, negative values on failure. | 87 * Helper function for the ADD and ADDDEF messages to add the domain mappings 88 * from the message to the hash table. See netlabel.h for a description of the 89 * message format. Returns zero on success, negative values on failure. |
| 86 * 87 */ | 90 * 91 */ |
| 88static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info) | 92static int netlbl_mgmt_add_common(struct genl_info *info, 93 struct netlbl_audit *audit_info) |
| 89{ 90 int ret_val = -EINVAL; 91 struct netlbl_dom_map *entry = NULL; | 94{ 95 int ret_val = -EINVAL; 96 struct netlbl_dom_map *entry = NULL; |
| 92 size_t tmp_size; | 97 struct netlbl_domaddr_map *addrmap = NULL; 98 struct cipso_v4_doi *cipsov4 = NULL; |
| 93 u32 tmp_val; | 99 u32 tmp_val; |
| 94 struct netlbl_audit audit_info; | |
| 95 | 100 |
| 96 if (!info->attrs[NLBL_MGMT_A_DOMAIN] || 97 !info->attrs[NLBL_MGMT_A_PROTOCOL]) 98 goto add_failure; 99 100 netlbl_netlink_auditinfo(skb, &audit_info); 101 | |
| 102 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 103 if (entry == NULL) { 104 ret_val = -ENOMEM; 105 goto add_failure; 106 } | 101 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 102 if (entry == NULL) { 103 ret_val = -ENOMEM; 104 goto add_failure; 105 } |
| 107 tmp_size = nla_len(info->attrs[NLBL_MGMT_A_DOMAIN]); 108 entry->domain = kmalloc(tmp_size, GFP_KERNEL); 109 if (entry->domain == NULL) { 110 ret_val = -ENOMEM; 111 goto add_failure; 112 } | |
| 113 entry->type = nla_get_u32(info->attrs[NLBL_MGMT_A_PROTOCOL]); | 106 entry->type = nla_get_u32(info->attrs[NLBL_MGMT_A_PROTOCOL]); |
| 114 nla_strlcpy(entry->domain, info->attrs[NLBL_MGMT_A_DOMAIN], tmp_size); | 107 if (info->attrs[NLBL_MGMT_A_DOMAIN]) { 108 size_t tmp_size = nla_len(info->attrs[NLBL_MGMT_A_DOMAIN]); 109 entry->domain = kmalloc(tmp_size, GFP_KERNEL); 110 if (entry->domain == NULL) { 111 ret_val = -ENOMEM; 112 goto add_failure; 113 } 114 nla_strlcpy(entry->domain, 115 info->attrs[NLBL_MGMT_A_DOMAIN], tmp_size); 116 } |
| 115 | 117 |
| 118 /* NOTE: internally we allow/use a entry->type value of 119 * NETLBL_NLTYPE_ADDRSELECT but we don't currently allow users 120 * to pass that as a protocol value because we need to know the 121 * "real" protocol */ 122 |
|
| 116 switch (entry->type) { 117 case NETLBL_NLTYPE_UNLABELED: | 123 switch (entry->type) { 124 case NETLBL_NLTYPE_UNLABELED: |
| 118 ret_val = netlbl_domhsh_add(entry, &audit_info); | |
| 119 break; 120 case NETLBL_NLTYPE_CIPSOV4: 121 if (!info->attrs[NLBL_MGMT_A_CV4DOI]) 122 goto add_failure; 123 124 tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]); | 125 break; 126 case NETLBL_NLTYPE_CIPSOV4: 127 if (!info->attrs[NLBL_MGMT_A_CV4DOI]) 128 goto add_failure; 129 130 tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]); |
| 125 entry->type_def.cipsov4 = cipso_v4_doi_getdef(tmp_val); 126 if (entry->type_def.cipsov4 == NULL) | 131 cipsov4 = cipso_v4_doi_getdef(tmp_val); 132 if (cipsov4 == NULL) |
| 127 goto add_failure; | 133 goto add_failure; |
| 128 ret_val = netlbl_domhsh_add(entry, &audit_info); 129 if (ret_val != 0) 130 cipso_v4_doi_putdef(entry->type_def.cipsov4); | 134 entry->type_def.cipsov4 = cipsov4; |
| 131 break; 132 default: 133 goto add_failure; 134 } | 135 break; 136 default: 137 goto add_failure; 138 } |
| 139 140 if (info->attrs[NLBL_MGMT_A_IPV4ADDR]) { 141 struct in_addr *addr; 142 struct in_addr *mask; 143 struct netlbl_domaddr4_map *map; 144 145 addrmap = kzalloc(sizeof(*addrmap), GFP_KERNEL); 146 if (addrmap == NULL) { 147 ret_val = -ENOMEM; 148 goto add_failure; 149 } 150 INIT_LIST_HEAD(&addrmap->list4); 151 INIT_LIST_HEAD(&addrmap->list6); 152 153 if (nla_len(info->attrs[NLBL_MGMT_A_IPV4ADDR]) != 154 sizeof(struct in_addr)) { 155 ret_val = -EINVAL; 156 goto add_failure; 157 } 158 if (nla_len(info->attrs[NLBL_MGMT_A_IPV4MASK]) != 159 sizeof(struct in_addr)) { 160 ret_val = -EINVAL; 161 goto add_failure; 162 } 163 addr = nla_data(info->attrs[NLBL_MGMT_A_IPV4ADDR]); 164 mask = nla_data(info->attrs[NLBL_MGMT_A_IPV4MASK]); 165 166 map = kzalloc(sizeof(*map), GFP_KERNEL); 167 if (map == NULL) { 168 ret_val = -ENOMEM; 169 goto add_failure; 170 } 171 map->list.addr = addr->s_addr & mask->s_addr; 172 map->list.mask = mask->s_addr; 173 map->list.valid = 1; 174 map->type = entry->type; 175 if (cipsov4) 176 map->type_def.cipsov4 = cipsov4; 177 178 ret_val = netlbl_af4list_add(&map->list, &addrmap->list4); 179 if (ret_val != 0) { 180 kfree(map); 181 goto add_failure; 182 } 183 184 entry->type = NETLBL_NLTYPE_ADDRSELECT; 185 entry->type_def.addrsel = addrmap; 186#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 187 } else if (info->attrs[NLBL_MGMT_A_IPV6ADDR]) { 188 struct in6_addr *addr; 189 struct in6_addr *mask; 190 struct netlbl_domaddr6_map *map; 191 192 addrmap = kzalloc(sizeof(*addrmap), GFP_KERNEL); 193 if (addrmap == NULL) { 194 ret_val = -ENOMEM; 195 goto add_failure; 196 } 197 INIT_LIST_HEAD(&addrmap->list4); 198 INIT_LIST_HEAD(&addrmap->list6); 199 200 if (nla_len(info->attrs[NLBL_MGMT_A_IPV6ADDR]) != 201 sizeof(struct in6_addr)) { 202 ret_val = -EINVAL; 203 goto add_failure; 204 } 205 if (nla_len(info->attrs[NLBL_MGMT_A_IPV6MASK]) != 206 sizeof(struct in6_addr)) { 207 ret_val = -EINVAL; 208 goto add_failure; 209 } 210 addr = nla_data(info->attrs[NLBL_MGMT_A_IPV6ADDR]); 211 mask = nla_data(info->attrs[NLBL_MGMT_A_IPV6MASK]); 212 213 map = kzalloc(sizeof(*map), GFP_KERNEL); 214 if (map == NULL) { 215 ret_val = -ENOMEM; 216 goto add_failure; 217 } 218 ipv6_addr_copy(&map->list.addr, addr); 219 map->list.addr.s6_addr32[0] &= mask->s6_addr32[0]; 220 map->list.addr.s6_addr32[1] &= mask->s6_addr32[1]; 221 map->list.addr.s6_addr32[2] &= mask->s6_addr32[2]; 222 map->list.addr.s6_addr32[3] &= mask->s6_addr32[3]; 223 ipv6_addr_copy(&map->list.mask, mask); 224 map->list.valid = 1; 225 map->type = entry->type; 226 227 ret_val = netlbl_af6list_add(&map->list, &addrmap->list6); 228 if (ret_val != 0) { 229 kfree(map); 230 goto add_failure; 231 } 232 233 entry->type = NETLBL_NLTYPE_ADDRSELECT; 234 entry->type_def.addrsel = addrmap; 235#endif /* IPv6 */ 236 } 237 238 ret_val = netlbl_domhsh_add(entry, audit_info); |
|
| 135 if (ret_val != 0) 136 goto add_failure; 137 138 return 0; 139 140add_failure: | 239 if (ret_val != 0) 240 goto add_failure; 241 242 return 0; 243 244add_failure: |
| 245 if (cipsov4) 246 cipso_v4_doi_putdef(cipsov4); |
|
| 141 if (entry) 142 kfree(entry->domain); | 247 if (entry) 248 kfree(entry->domain); |
| 249 kfree(addrmap); |
|
| 143 kfree(entry); 144 return ret_val; 145} 146 147/** | 250 kfree(entry); 251 return ret_val; 252} 253 254/** |
| 255 * netlbl_mgmt_listentry - List a NetLabel/LSM domain map entry 256 * @skb: the NETLINK buffer 257 * @entry: the map entry 258 * 259 * Description: 260 * This function is a helper function used by the LISTALL and LISTDEF command 261 * handlers. The caller is responsibile for ensuring that the RCU read lock 262 * is held. Returns zero on success, negative values on failure. 263 * 264 */ 265static int netlbl_mgmt_listentry(struct sk_buff *skb, 266 struct netlbl_dom_map *entry) 267{ 268 int ret_val; 269 struct nlattr *nla_a; 270 struct nlattr *nla_b; 271 struct netlbl_af4list *iter4; 272#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 273 struct netlbl_af6list *iter6; 274#endif 275 276 if (entry->domain != NULL) { 277 ret_val = nla_put_string(skb, 278 NLBL_MGMT_A_DOMAIN, entry->domain); 279 if (ret_val != 0) 280 return ret_val; 281 } 282 283 switch (entry->type) { 284 case NETLBL_NLTYPE_ADDRSELECT: 285 nla_a = nla_nest_start(skb, NLBL_MGMT_A_SELECTORLIST); 286 if (nla_a == NULL) 287 return -ENOMEM; 288 289 netlbl_af4list_foreach_rcu(iter4, 290 &entry->type_def.addrsel->list4) { 291 struct netlbl_domaddr4_map *map4; 292 struct in_addr addr_struct; 293 294 nla_b = nla_nest_start(skb, NLBL_MGMT_A_ADDRSELECTOR); 295 if (nla_b == NULL) 296 return -ENOMEM; 297 298 addr_struct.s_addr = iter4->addr; 299 ret_val = nla_put(skb, NLBL_MGMT_A_IPV4ADDR, 300 sizeof(struct in_addr), 301 &addr_struct); 302 if (ret_val != 0) 303 return ret_val; 304 addr_struct.s_addr = iter4->mask; 305 ret_val = nla_put(skb, NLBL_MGMT_A_IPV4MASK, 306 sizeof(struct in_addr), 307 &addr_struct); 308 if (ret_val != 0) 309 return ret_val; 310 map4 = netlbl_domhsh_addr4_entry(iter4); 311 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, 312 map4->type); 313 if (ret_val != 0) 314 return ret_val; 315 switch (map4->type) { 316 case NETLBL_NLTYPE_CIPSOV4: 317 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI, 318 map4->type_def.cipsov4->doi); 319 if (ret_val != 0) 320 return ret_val; 321 break; 322 } 323 324 nla_nest_end(skb, nla_b); 325 } 326#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 327 netlbl_af6list_foreach_rcu(iter6, 328 &entry->type_def.addrsel->list6) { 329 struct netlbl_domaddr6_map *map6; 330 331 nla_b = nla_nest_start(skb, NLBL_MGMT_A_ADDRSELECTOR); 332 if (nla_b == NULL) 333 return -ENOMEM; 334 335 ret_val = nla_put(skb, NLBL_MGMT_A_IPV6ADDR, 336 sizeof(struct in6_addr), 337 &iter6->addr); 338 if (ret_val != 0) 339 return ret_val; 340 ret_val = nla_put(skb, NLBL_MGMT_A_IPV6MASK, 341 sizeof(struct in6_addr), 342 &iter6->mask); 343 if (ret_val != 0) 344 return ret_val; 345 map6 = netlbl_domhsh_addr6_entry(iter6); 346 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, 347 map6->type); 348 if (ret_val != 0) 349 return ret_val; 350 351 nla_nest_end(skb, nla_b); 352 } 353#endif /* IPv6 */ 354 355 nla_nest_end(skb, nla_a); 356 break; 357 case NETLBL_NLTYPE_UNLABELED: 358 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, entry->type); 359 break; 360 case NETLBL_NLTYPE_CIPSOV4: 361 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, entry->type); 362 if (ret_val != 0) 363 return ret_val; 364 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI, 365 entry->type_def.cipsov4->doi); 366 break; 367 } 368 369 return ret_val; 370} 371 372/* 373 * NetLabel Command Handlers 374 */ 375 376/** 377 * netlbl_mgmt_add - Handle an ADD message 378 * @skb: the NETLINK buffer 379 * @info: the Generic NETLINK info block 380 * 381 * Description: 382 * Process a user generated ADD message and add the domains from the message 383 * to the hash table. See netlabel.h for a description of the message format. 384 * Returns zero on success, negative values on failure. 385 * 386 */ 387static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info) 388{ 389 struct netlbl_audit audit_info; 390 391 if ((!info->attrs[NLBL_MGMT_A_DOMAIN]) || 392 (!info->attrs[NLBL_MGMT_A_PROTOCOL]) || 393 (info->attrs[NLBL_MGMT_A_IPV4ADDR] && 394 info->attrs[NLBL_MGMT_A_IPV6ADDR]) || 395 (info->attrs[NLBL_MGMT_A_IPV4MASK] && 396 info->attrs[NLBL_MGMT_A_IPV6MASK]) || 397 ((info->attrs[NLBL_MGMT_A_IPV4ADDR] != NULL) ^ 398 (info->attrs[NLBL_MGMT_A_IPV4MASK] != NULL)) || 399 ((info->attrs[NLBL_MGMT_A_IPV6ADDR] != NULL) ^ 400 (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL))) 401 return -EINVAL; 402 403 netlbl_netlink_auditinfo(skb, &audit_info); 404 405 return netlbl_mgmt_add_common(info, &audit_info); 406} 407 408/** |
|
| 148 * netlbl_mgmt_remove - Handle a REMOVE message 149 * @skb: the NETLINK buffer 150 * @info: the Generic NETLINK info block 151 * 152 * Description: 153 * Process a user generated REMOVE message and remove the specified domain 154 * mappings. Returns zero on success, negative values on failure. 155 * --- 31 unchanged lines hidden (view full) --- 187 void *data; 188 189 data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).pid, 190 cb_arg->seq, &netlbl_mgmt_gnl_family, 191 NLM_F_MULTI, NLBL_MGMT_C_LISTALL); 192 if (data == NULL) 193 goto listall_cb_failure; 194 | 409 * netlbl_mgmt_remove - Handle a REMOVE message 410 * @skb: the NETLINK buffer 411 * @info: the Generic NETLINK info block 412 * 413 * Description: 414 * Process a user generated REMOVE message and remove the specified domain 415 * mappings. Returns zero on success, negative values on failure. 416 * --- 31 unchanged lines hidden (view full) --- 448 void *data; 449 450 data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).pid, 451 cb_arg->seq, &netlbl_mgmt_gnl_family, 452 NLM_F_MULTI, NLBL_MGMT_C_LISTALL); 453 if (data == NULL) 454 goto listall_cb_failure; 455 |
| 195 ret_val = nla_put_string(cb_arg->skb, 196 NLBL_MGMT_A_DOMAIN, 197 entry->domain); | 456 ret_val = netlbl_mgmt_listentry(cb_arg->skb, entry); |
| 198 if (ret_val != 0) 199 goto listall_cb_failure; | 457 if (ret_val != 0) 458 goto listall_cb_failure; |
| 200 ret_val = nla_put_u32(cb_arg->skb, NLBL_MGMT_A_PROTOCOL, entry->type); 201 if (ret_val != 0) 202 goto listall_cb_failure; 203 switch (entry->type) { 204 case NETLBL_NLTYPE_CIPSOV4: 205 ret_val = nla_put_u32(cb_arg->skb, 206 NLBL_MGMT_A_CV4DOI, 207 entry->type_def.cipsov4->doi); 208 if (ret_val != 0) 209 goto listall_cb_failure; 210 break; 211 } | |
| 212 213 cb_arg->seq++; 214 return genlmsg_end(cb_arg->skb, data); 215 216listall_cb_failure: 217 genlmsg_cancel(cb_arg->skb, data); 218 return ret_val; 219} --- 37 unchanged lines hidden (view full) --- 257 * 258 * Description: 259 * Process a user generated ADDDEF message and respond accordingly. Returns 260 * zero on success, negative values on failure. 261 * 262 */ 263static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info) 264{ | 459 460 cb_arg->seq++; 461 return genlmsg_end(cb_arg->skb, data); 462 463listall_cb_failure: 464 genlmsg_cancel(cb_arg->skb, data); 465 return ret_val; 466} --- 37 unchanged lines hidden (view full) --- 504 * 505 * Description: 506 * Process a user generated ADDDEF message and respond accordingly. Returns 507 * zero on success, negative values on failure. 508 * 509 */ 510static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info) 511{ |
| 265 int ret_val = -EINVAL; 266 struct netlbl_dom_map *entry = NULL; 267 u32 tmp_val; | |
| 268 struct netlbl_audit audit_info; 269 | 512 struct netlbl_audit audit_info; 513 |
| 270 if (!info->attrs[NLBL_MGMT_A_PROTOCOL]) 271 goto adddef_failure; | 514 if ((!info->attrs[NLBL_MGMT_A_PROTOCOL]) || 515 (info->attrs[NLBL_MGMT_A_IPV4ADDR] && 516 info->attrs[NLBL_MGMT_A_IPV6ADDR]) || 517 (info->attrs[NLBL_MGMT_A_IPV4MASK] && 518 info->attrs[NLBL_MGMT_A_IPV6MASK]) || 519 ((info->attrs[NLBL_MGMT_A_IPV4ADDR] != NULL) ^ 520 (info->attrs[NLBL_MGMT_A_IPV4MASK] != NULL)) || 521 ((info->attrs[NLBL_MGMT_A_IPV6ADDR] != NULL) ^ 522 (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL))) 523 return -EINVAL; |
| 272 273 netlbl_netlink_auditinfo(skb, &audit_info); 274 | 524 525 netlbl_netlink_auditinfo(skb, &audit_info); 526 |
| 275 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 276 if (entry == NULL) { 277 ret_val = -ENOMEM; 278 goto adddef_failure; 279 } 280 entry->type = nla_get_u32(info->attrs[NLBL_MGMT_A_PROTOCOL]); 281 282 switch (entry->type) { 283 case NETLBL_NLTYPE_UNLABELED: 284 ret_val = netlbl_domhsh_add_default(entry, &audit_info); 285 break; 286 case NETLBL_NLTYPE_CIPSOV4: 287 if (!info->attrs[NLBL_MGMT_A_CV4DOI]) 288 goto adddef_failure; 289 290 tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]); 291 entry->type_def.cipsov4 = cipso_v4_doi_getdef(tmp_val); 292 if (entry->type_def.cipsov4 == NULL) 293 goto adddef_failure; 294 ret_val = netlbl_domhsh_add_default(entry, &audit_info); 295 if (ret_val != 0) 296 cipso_v4_doi_putdef(entry->type_def.cipsov4); 297 break; 298 default: 299 goto adddef_failure; 300 } 301 if (ret_val != 0) 302 goto adddef_failure; 303 304 return 0; 305 306adddef_failure: 307 kfree(entry); 308 return ret_val; | 527 return netlbl_mgmt_add_common(info, &audit_info); |
| 309} 310 311/** 312 * netlbl_mgmt_removedef - Handle a REMOVEDEF message 313 * @skb: the NETLINK buffer 314 * @info: the Generic NETLINK info block 315 * 316 * Description: --- 37 unchanged lines hidden (view full) --- 354 goto listdef_failure; 355 356 rcu_read_lock(); 357 entry = netlbl_domhsh_getentry(NULL); 358 if (entry == NULL) { 359 ret_val = -ENOENT; 360 goto listdef_failure_lock; 361 } | 528} 529 530/** 531 * netlbl_mgmt_removedef - Handle a REMOVEDEF message 532 * @skb: the NETLINK buffer 533 * @info: the Generic NETLINK info block 534 * 535 * Description: --- 37 unchanged lines hidden (view full) --- 573 goto listdef_failure; 574 575 rcu_read_lock(); 576 entry = netlbl_domhsh_getentry(NULL); 577 if (entry == NULL) { 578 ret_val = -ENOENT; 579 goto listdef_failure_lock; 580 } |
| 362 ret_val = nla_put_u32(ans_skb, NLBL_MGMT_A_PROTOCOL, entry->type); 363 if (ret_val != 0) 364 goto listdef_failure_lock; 365 switch (entry->type) { 366 case NETLBL_NLTYPE_CIPSOV4: 367 ret_val = nla_put_u32(ans_skb, 368 NLBL_MGMT_A_CV4DOI, 369 entry->type_def.cipsov4->doi); 370 if (ret_val != 0) 371 goto listdef_failure_lock; 372 break; 373 } | 581 ret_val = netlbl_mgmt_listentry(ans_skb, entry); |
| 374 rcu_read_unlock(); | 582 rcu_read_unlock(); |
| 583 if (ret_val != 0) 584 goto listdef_failure; |
|
| 375 376 genlmsg_end(ans_skb, data); 377 return genlmsg_reply(ans_skb, info); 378 379listdef_failure_lock: 380 rcu_read_unlock(); 381listdef_failure: 382 kfree_skb(ans_skb); --- 205 unchanged lines hidden --- | 585 586 genlmsg_end(ans_skb, data); 587 return genlmsg_reply(ans_skb, info); 588 589listdef_failure_lock: 590 rcu_read_unlock(); 591listdef_failure: 592 kfree_skb(ans_skb); --- 205 unchanged lines hidden --- |