netif.c - OpenGrok cross reference for /linux/security/selinux/netif.c

Lines Matching +full:we +full:- +full:on +full:- +full:ns
1 // SPDX-License-Identifier: GPL-2.0-only
5  * Network interfaces (devices) do not have a security field, so we
11  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
12  *		      Paul Moore <paul@paul-moore.com>
43  * sel_netif_hashfn - Hashing function for the interface table
44  * @ns: the network namespace
52 static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex)
54 	return (((uintptr_t)ns + ifindex) & (SEL_NETIF_HASH_SIZE - 1));
58  * sel_netif_find - Search for an interface record
59  * @ns: the network namespace
67 static inline struct sel_netif *sel_netif_find(const struct net *ns,
70 	u32 idx = sel_netif_hashfn(ns, ifindex);
74 		if (net_eq(netif->nsec.ns, ns) &&
75 		    netif->nsec.ifindex == ifindex)
82  * sel_netif_insert - Insert a new interface into the table
87  * zero on success, negative values on failure.
95 		return -ENOSPC;
97 	idx = sel_netif_hashfn(netif->nsec.ns, netif->nsec.ifindex);
98 	list_add_rcu(&netif->list, &sel_netif_hash[idx]);
105  * sel_netif_destroy - Remove an interface record from the table
114 	list_del_rcu(&netif->list);
115 	sel_netif_total--;
120  * sel_netif_sid_slow - Lookup the SID of a network interface using the policy
121  * @ns: the network namespace
128  * speedup future queries.  Returns zero on success, negative values on
132 static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid)
139 	/* NOTE: we always use init's network namespace since we don't
142 	dev = dev_get_by_index(ns, ifindex);
146 		return -ENOENT;
150 	netif = sel_netif_find(ns, ifindex);
152 		*sid = netif->nsec.sid;
156 	ret = security_netif_sid(dev->name, sid);
165 		new->nsec.ns = ns;
166 		new->nsec.ifindex = ifindex;
167 		new->nsec.sid = *sid;
182  * sel_netif_sid - Lookup the SID of a network interface
183  * @ns: the network namespace
191  * table to speedup future queries.  Returns zero on success, negative values
192  * on failure.
195 int sel_netif_sid(struct net *ns, int ifindex, u32 *sid)
200 	netif = sel_netif_find(ns, ifindex);
202 		*sid = netif->nsec.sid;
208 	return sel_netif_sid_slow(ns, ifindex, sid);
212  * sel_netif_kill - Remove an entry from the network interface table
213  * @ns: the network namespace
221 static void sel_netif_kill(const struct net *ns, int ifindex)
227 	netif = sel_netif_find(ns, ifindex);
235  * sel_netif_flush - Flush the entire network interface table
259 		sel_netif_kill(dev_net(dev), dev->ifindex);